./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2423818667 <...> CK, 4, 0 [pid 5726] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5722] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [ 98.614237][ T5085] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.618905][ T11] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 98.640953][ T5736] loop1: detected capacity change from 0 to 2048 [pid 5086] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5728] <... mmap resumed>) = 0x20000000 [pid 5727] <... mmap resumed>) = 0x20000000 [pid 5726] <... futex resumed>) = 0 [pid 5722] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] <... umount2 resumed>) = 0 [pid 5726] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5722] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5728] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5727] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5728] <... futex resumed>) = 0 [pid 5727] <... futex resumed>) = 0 [pid 5726] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5722] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] <... openat resumed>) = 4 [pid 5728] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5727] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5726] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5722] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] fstat(4, [pid 5085] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5728] <... open resumed>) = 5 [pid 5726] <... futex resumed>) = 0 [pid 5722] <... futex resumed>) = 0 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5726] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5722] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] getdents64(4, [pid 5727] <... open resumed>) = 5 [pid 5728] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5727] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 98.686210][ T11] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 98.714266][ T27] audit: type=1800 audit(1678856050.115:149): pid=5728 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop3" ino=19 res=0 errno=0 [pid 5728] <... futex resumed>) = 1 [pid 5727] <... futex resumed>) = 1 [pid 5726] <... futex resumed>) = 0 [pid 5722] <... futex resumed>) = 0 [pid 5086] getdents64(4, [pid 5085] lstat("./23/bus", [pid 5728] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5727] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5726] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5722] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5728] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5727] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5726] <... futex resumed>) = 0 [pid 5722] <... futex resumed>) = 0 [pid 5086] close(4 [pid 5085] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5728] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 5727] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [ 98.738691][ T11] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 98.739316][ T27] audit: type=1800 audit(1678856050.135:150): pid=5727 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop0" ino=19 res=0 errno=0 [ 98.754768][ T5736] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5726] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5722] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... close resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5728] <... mount resumed>) = 0 [pid 5727] <... mount resumed>) = 0 [pid 5086] rmdir("./24/bus" [pid 5085] openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5728] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5727] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... rmdir resumed>) = 0 [pid 5085] <... openat resumed>) = 4 [pid 5728] <... futex resumed>) = 1 [pid 5727] <... futex resumed>) = 1 [pid 5726] <... futex resumed>) = 0 [pid 5722] <... futex resumed>) = 0 [pid 5086] getdents64(3, [pid 5085] fstat(4, [pid 5728] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5727] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5726] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5722] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5728] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5727] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5726] <... futex resumed>) = 0 [pid 5722] <... futex resumed>) = 0 [pid 5086] close(3 [pid 5085] getdents64(4, [pid 5728] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5727] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5726] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5722] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... close resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5728] <... open resumed>) = 6 [pid 5727] <... open resumed>) = 6 [pid 5086] rmdir("./24" [pid 5085] getdents64(4, [pid 5728] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5727] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... rmdir resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5728] <... futex resumed>) = 1 [pid 5727] <... futex resumed>) = 1 [pid 5726] <... futex resumed>) = 0 [pid 5722] <... futex resumed>) = 0 [pid 5086] mkdir("./25", 0777 [pid 5085] close(4 [pid 5728] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5727] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5726] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5722] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... mkdir resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5728] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5727] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5726] <... futex resumed>) = 0 [pid 5722] <... futex resumed>) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5085] rmdir("./23/bus" [pid 5728] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5727] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5726] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5722] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... openat resumed>) = 3 [pid 5085] <... rmdir resumed>) = 0 [pid 5086] ioctl(3, LOOP_CLR_FD [pid 5085] getdents64(3, [pid 5736] <... mount resumed>) = 0 [ 98.785353][ T11] EXT4-fs (loop2): This should not happen!! Data will be lost [ 98.785353][ T11] [ 98.799179][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 98.817009][ T5736] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/24/bus supports timestamps until 2038 (0x7fffffff) [pid 5736] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5086] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5086] close(3 [pid 5085] close(3 [pid 5086] <... close resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5085] rmdir("./23") = 0 [pid 5085] mkdir("./24", 0777 [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5739 [pid 5085] <... mkdir resumed>) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5085] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5085] close(3) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 5740 [pid 5736] <... openat resumed>) = 3 [pid 5736] chdir("./bus") = 0 [pid 5736] ioctl(4, LOOP_CLR_FD) = 0 [pid 5736] close(4) = 0 [pid 5736] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5736] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5728] <... write resumed>) = 262144 [pid 5727] <... write resumed>) = 262144 [pid 5735] <... futex resumed>) = 0 [pid 5728] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5727] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5728] <... futex resumed>) = 1 [pid 5727] <... futex resumed>) = 1 [pid 5726] <... futex resumed>) = 0 [pid 5722] <... futex resumed>) = 0 [pid 5735] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5736] <... futex resumed>) = 0 [pid 5735] <... futex resumed>) = 1 [pid 5728] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5727] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5726] exit_group(0 [pid 5722] exit_group(0 [pid 5736] chdir("./file0" [pid 5735] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5728] <... futex resumed>) = ? [pid 5727] <... futex resumed>) = ? [pid 5726] <... exit_group resumed>) = ? [pid 5722] <... exit_group resumed>) = ? [pid 5736] <... chdir resumed>) = 0 [pid 5728] +++ exited with 0 +++ [pid 5727] +++ exited with 0 +++ [pid 5726] +++ exited with 0 +++ [pid 5722] +++ exited with 0 +++ [pid 5736] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5735] <... futex resumed>) = 0 [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5726, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5722, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5736] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5735] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] restart_syscall(<... resuming interrupted clone ...> [pid 5081] restart_syscall(<... resuming interrupted clone ...> [pid 5736] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5735] <... futex resumed>) = 0 [pid 5084] <... restart_syscall resumed>) = 0 [pid 5736] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5735] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... restart_syscall resumed>) = 0 [pid 5736] <... openat resumed>) = 4 [pid 5736] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5736] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5735] <... futex resumed>) = 0 [pid 5084] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5735] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5736] <... futex resumed>) = 0 [pid 5735] <... futex resumed>) = 1 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5736] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 5735] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5084] <... openat resumed>) = 3 [pid 5736] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... openat resumed>) = 3 [pid 5084] fstat(3, [pid 5081] fstat(3, [pid 5736] <... futex resumed>) = 1 [pid 5735] <... futex resumed>) = 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 ./strace-static-x86_64: Process 5740 attached ./strace-static-x86_64: Process 5739 attached [pid 5740] set_robust_list(0x555556f1a5e0, 24 [pid 5739] set_robust_list(0x555556f1a5e0, 24 [pid 5736] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5735] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] getdents64(3, [pid 5081] getdents64(3, [pid 5735] <... futex resumed>) = 0 [pid 5740] <... set_robust_list resumed>) = 0 [pid 5739] <... set_robust_list resumed>) = 0 [pid 5736] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5740] chdir("./24" [pid 5739] chdir("./25" [pid 5736] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5740] <... chdir resumed>) = 0 [pid 5739] <... chdir resumed>) = 0 [pid 5736] <... mmap resumed>) = 0x20000000 [pid 5735] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5740] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5739] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5736] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5740] <... prctl resumed>) = 0 [pid 5739] <... prctl resumed>) = 0 [pid 5736] <... futex resumed>) = 1 [pid 5735] <... futex resumed>) = 0 [pid 5084] lstat("./25/binderfs", [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5740] setpgid(0, 0 [pid 5739] setpgid(0, 0 [pid 5736] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5735] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5740] <... setpgid resumed>) = 0 [pid 5739] <... setpgid resumed>) = 0 [pid 5736] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5081] lstat("./24/binderfs", [pid 5740] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5739] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [ 98.831812][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 98.870076][ T5083] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5736] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5735] <... futex resumed>) = 0 [pid 5084] unlink("./25/binderfs" [pid 5740] <... openat resumed>) = 3 [pid 5739] <... openat resumed>) = 3 [pid 5736] <... open resumed>) = 5 [pid 5735] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... unlink resumed>) = 0 [pid 5083] <... umount2 resumed>) = 0 [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5740] write(3, "1000", 4 [pid 5739] write(3, "1000", 4 [pid 5736] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] unlink("./24/binderfs" [pid 5740] <... write resumed>) = 4 [pid 5739] <... write resumed>) = 4 [pid 5736] <... futex resumed>) = 0 [pid 5735] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 98.904381][ T27] audit: type=1800 audit(1678856050.305:151): pid=5736 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop1" ino=19 res=0 errno=0 [ 98.936410][ T75] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5081] <... unlink resumed>) = 0 [pid 5740] close(3 [pid 5739] close(3 [pid 5736] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5735] <... futex resumed>) = 0 [pid 5083] lstat("./24/bus", [pid 5081] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5740] <... close resumed>) = 0 [pid 5739] <... close resumed>) = 0 [pid 5736] <... mount resumed>) = 0 [pid 5735] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5740] symlink("/dev/binderfs", "./binderfs" [pid 5739] symlink("/dev/binderfs", "./binderfs" [pid 5740] <... symlink resumed>) = 0 [pid 5739] <... symlink resumed>) = 0 [pid 5736] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5740] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5740] <... futex resumed>) = 0 [pid 5739] <... futex resumed>) = 0 [pid 5740] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5739] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5740] <... mmap resumed>) = 0x7f5659bc2000 [pid 5739] <... mmap resumed>) = 0x7f5659bc2000 [pid 5740] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5739] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5740] <... mprotect resumed>) = 0 [pid 5739] <... mprotect resumed>) = 0 [pid 5740] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5739] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5736] <... futex resumed>) = 1 [pid 5735] <... futex resumed>) = 0 [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5740] <... clone resumed>, parent_tid=[5741], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5741 [pid 5739] <... clone resumed>, parent_tid=[5742], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5742 [pid 5736] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5735] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5740] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5740] <... futex resumed>) = 0 [pid 5739] <... futex resumed>) = 0 [pid 5740] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5739] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5741 attached [pid 5736] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5735] <... futex resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5742 attached [pid 5741] set_robust_list(0x7f5659be29e0, 24 [pid 5736] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5735] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5742] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 5742] memfd_create("syzkaller", 0) = 3 [pid 5742] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5736] <... open resumed>) = 6 [pid 5083] openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5736] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] <... set_robust_list resumed>) = 0 [pid 5736] <... futex resumed>) = 1 [pid 5735] <... futex resumed>) = 0 [pid 5083] <... openat resumed>) = 4 [pid 5735] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5736] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5083] fstat(4, [pid 5741] memfd_create("syzkaller", 0 [pid 5735] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 98.976059][ T11] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 98.995093][ T75] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 99.008132][ T11] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5742] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5741] <... memfd_create resumed>) = 3 [pid 5736] <... write resumed>) = 262144 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5741] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5083] getdents64(4, [pid 5741] <... mmap resumed>) = 0x7f56517c2000 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5741] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5736] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5083] close(4) = 0 [pid 5736] <... futex resumed>) = 1 [pid 5735] <... futex resumed>) = 0 [pid 5736] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5735] exit_group(0 [pid 5083] rmdir("./24/bus" [pid 5735] <... exit_group resumed>) = ? [pid 5083] <... rmdir resumed>) = 0 [pid 5083] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5083] close(3) = 0 [pid 5736] <... futex resumed>) = ? [pid 5083] rmdir("./24") = 0 [pid 5083] mkdir("./25", 0777) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5083] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5083] close(3) = 0 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 5743 ./strace-static-x86_64: Process 5743 attached [pid 5743] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 5743] chdir("./25" [pid 5736] +++ exited with 0 +++ [pid 5735] +++ exited with 0 +++ [pid 5743] <... chdir resumed>) = 0 [pid 5743] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5743] setpgid(0, 0) = 0 [pid 5743] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5742] <... write resumed>) = 1048576 [pid 5743] <... openat resumed>) = 3 [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5735, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5743] write(3, "1000", 4) = 4 [pid 5743] close(3) = 0 [pid 5082] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5743] symlink("/dev/binderfs", "./binderfs" [pid 5741] <... write resumed>) = 1048576 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5743] <... symlink resumed>) = 0 [ 99.031432][ T11] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 99.043166][ T75] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [ 99.055888][ T75] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 99.068935][ T11] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5082] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5743] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5743] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5742] munmap(0x7f56517c2000, 1048576 [pid 5743] <... mmap resumed>) = 0x7f5659bc2000 [pid 5742] <... munmap resumed>) = 0 [pid 5743] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5742] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5743] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5742] <... openat resumed>) = 4 [pid 5741] munmap(0x7f56517c2000, 1048576 [pid 5743] <... clone resumed>, parent_tid=[5744], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5744 [pid 5742] ioctl(4, LOOP_SET_FD, 3 [pid 5741] <... munmap resumed>) = 0 [pid 5082] <... openat resumed>) = 3 [pid 5743] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] fstat(3, [pid 5743] <... futex resumed>) = 0 [pid 5741] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 5744 attached [pid 5743] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5741] <... openat resumed>) = 4 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5741] ioctl(4, LOOP_SET_FD, 3 [pid 5082] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5744] set_robust_list(0x7f5659be29e0, 24 [pid 5082] unlink("./24/binderfs" [pid 5744] <... set_robust_list resumed>) = 0 [pid 5082] <... unlink resumed>) = 0 [pid 5744] memfd_create("syzkaller", 0 [ 99.104010][ T11] EXT4-fs (loop0): This should not happen!! Data will be lost [ 99.104010][ T11] [ 99.114460][ T75] EXT4-fs (loop3): This should not happen!! Data will be lost [ 99.114460][ T75] [ 99.117384][ T5742] loop5: detected capacity change from 0 to 2048 [ 99.136195][ T5741] loop4: detected capacity change from 0 to 2048 [pid 5082] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5744] <... memfd_create resumed>) = 3 [pid 5742] <... ioctl resumed>) = 0 [pid 5741] <... ioctl resumed>) = 0 [pid 5742] close(3 [pid 5741] close(3 [pid 5742] <... close resumed>) = 0 [pid 5741] <... close resumed>) = 0 [pid 5742] mkdir("./bus", 0777 [pid 5741] mkdir("./bus", 0777 [pid 5742] <... mkdir resumed>) = 0 [pid 5741] <... mkdir resumed>) = 0 [pid 5742] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5741] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5744] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [ 99.151869][ T11] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 99.154349][ T5118] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 99.183978][ T11] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5744] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [ 99.194902][ T75] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 99.205320][ T5081] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.219571][ T5118] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 99.229412][ T75] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 99.235922][ T5742] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5744] munmap(0x7f56517c2000, 1048576 [pid 5742] <... mount resumed>) = 0 [pid 5742] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5742] chdir("./bus") = 0 [pid 5744] <... munmap resumed>) = 0 [pid 5744] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5742] ioctl(4, LOOP_CLR_FD [pid 5744] ioctl(4, LOOP_SET_FD, 3 [pid 5742] <... ioctl resumed>) = 0 [pid 5742] close(4) = 0 [pid 5742] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 99.255158][ T5742] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/25/bus supports timestamps until 2038 (0x7fffffff) [ 99.257097][ T5741] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 99.275146][ T5084] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.290015][ T5744] loop2: detected capacity change from 0 to 2048 [pid 5742] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5744] <... ioctl resumed>) = 0 [pid 5739] <... futex resumed>) = 0 [pid 5739] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] close(3 [pid 5742] <... futex resumed>) = 0 [pid 5739] <... futex resumed>) = 1 [pid 5742] chdir("./file0" [pid 5739] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5742] <... chdir resumed>) = 0 [pid 5742] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5739] <... futex resumed>) = 0 [pid 5742] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5739] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5739] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5742] <... openat resumed>) = 4 [pid 5742] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5739] <... futex resumed>) = 0 [pid 5739] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5739] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5742] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5741] <... mount resumed>) = 0 [pid 5741] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5744] <... close resumed>) = 0 [pid 5741] <... openat resumed>) = 3 [pid 5744] mkdir("./bus", 0777) = 0 [pid 5741] chdir("./bus" [pid 5744] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5741] <... chdir resumed>) = 0 [pid 5741] ioctl(4, LOOP_CLR_FD) = 0 [ 99.294177][ T5118] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [ 99.311277][ T5741] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/24/bus supports timestamps until 2038 (0x7fffffff) [pid 5741] close(4 [pid 5742] <... write resumed>) = 262144 [pid 5739] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5739] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5742] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] <... close resumed>) = 0 [pid 5739] <... futex resumed>) = 0 [pid 5739] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f56518a1000 [pid 5739] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5739] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5749 attached [pid 5742] <... futex resumed>) = 0 [pid 5741] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] <... clone resumed>, parent_tid=[5749], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 5749 [pid 5742] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5741] <... futex resumed>) = 1 [pid 5740] <... futex resumed>) = 0 [pid 5739] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [ 99.345089][ T5118] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 99.357883][ T5118] EXT4-fs (loop1): This should not happen!! Data will be lost [ 99.357883][ T5118] [ 99.369051][ T5118] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [pid 5740] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] <... futex resumed>) = 0 [pid 5081] <... umount2 resumed>) = 0 [pid 5740] <... futex resumed>) = 0 [pid 5739] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5741] chdir("./file0" [pid 5749] set_robust_list(0x7f56518c19e0, 24 [pid 5740] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5749] <... set_robust_list resumed>) = 0 [pid 5741] <... chdir resumed>) = 0 [pid 5081] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5749] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5741] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5749] <... mmap resumed>) = 0x20000000 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5749] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] lstat("./24/bus", [pid 5749] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5739] <... futex resumed>) = 0 [pid 5741] <... futex resumed>) = 1 [pid 5740] <... futex resumed>) = 0 [pid 5739] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5081] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5081] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5081] close(4) = 0 [pid 5081] rmdir("./24/bus") = 0 [pid 5081] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5081] close(3) = 0 [pid 5081] rmdir("./24") = 0 [pid 5081] mkdir("./25", 0777) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5081] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5081] close(3 [pid 5744] <... mount resumed>) = 0 [pid 5742] <... futex resumed>) = 0 [pid 5741] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5740] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] <... futex resumed>) = 1 [pid 5081] <... close resumed>) = 0 [pid 5744] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [ 99.394083][ T5118] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 99.419203][ T5082] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.429382][ T5744] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 99.441622][ T5744] ext4 filesystem being mounted at /root/syzkaller.22hR0w/25/bus supports timestamps until 2038 (0x7fffffff) [pid 5742] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5740] <... futex resumed>) = 0 [pid 5739] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5742] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5742] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... umount2 resumed>) = 0 [pid 5740] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5739] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5739] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5742] <... futex resumed>) = 0 [pid 5739] <... futex resumed>) = 1 [pid 5742] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5752 [pid 5742] <... mount resumed>) = 0 [pid 5742] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] <... openat resumed>) = 4 [pid 5739] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5744] <... openat resumed>) = 3 [pid 5742] <... futex resumed>) = 0 [pid 5739] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5741] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] chdir("./bus" [pid 5742] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5739] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5741] <... futex resumed>) = 1 [pid 5744] <... chdir resumed>) = 0 [pid 5740] <... futex resumed>) = 0 [pid 5744] ioctl(4, LOOP_CLR_FD [pid 5742] <... futex resumed>) = 0 [pid 5741] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5740] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] <... futex resumed>) = 1 [pid 5084] lstat("./25/bus", ./strace-static-x86_64: Process 5752 attached [pid 5744] <... ioctl resumed>) = 0 [pid 5742] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5740] <... futex resumed>) = 0 [pid 5739] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... umount2 resumed>) = 0 [pid 5752] set_robust_list(0x555556f1a5e0, 24 [pid 5744] close(4 [pid 5742] <... open resumed>) = 6 [pid 5741] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5740] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5752] <... set_robust_list resumed>) = 0 [pid 5744] <... close resumed>) = 0 [pid 5742] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] <... write resumed>) = 262144 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5752] chdir("./25" [pid 5744] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5742] <... futex resumed>) = 1 [pid 5739] <... futex resumed>) = 0 [ 99.460902][ T27] audit: type=1800 audit(1678856050.865:152): pid=5742 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop5" ino=19 res=0 errno=0 [pid 5084] openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] lstat("./24/bus", [pid 5752] <... chdir resumed>) = 0 [pid 5744] <... futex resumed>) = 1 [pid 5743] <... futex resumed>) = 0 [pid 5742] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5739] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... openat resumed>) = 4 [pid 5082] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5752] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5744] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5742] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5739] <... futex resumed>) = 0 [pid 5084] fstat(4, [pid 5082] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5752] <... prctl resumed>) = 0 [pid 5744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5743] <... futex resumed>) = 0 [pid 5742] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5741] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5752] setpgid(0, 0 [pid 5744] chdir("./file0" [pid 5743] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5741] <... futex resumed>) = 1 [pid 5740] <... futex resumed>) = 0 [pid 5084] getdents64(4, [pid 5082] openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5752] <... setpgid resumed>) = 0 [pid 5741] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5740] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5082] <... openat resumed>) = 4 [pid 5752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5741] <... mmap resumed>) = 0x20000000 [pid 5740] <... futex resumed>) = 0 [pid 5084] getdents64(4, [pid 5744] <... chdir resumed>) = 0 [pid 5082] fstat(4, [pid 5752] <... openat resumed>) = 3 [pid 5744] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5740] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5752] write(3, "1000", 4 [pid 5744] <... futex resumed>) = 1 [pid 5743] <... futex resumed>) = 0 [pid 5741] <... futex resumed>) = 0 [pid 5740] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] close(4 [pid 5082] getdents64(4, [pid 5752] <... write resumed>) = 4 [pid 5744] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5740] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... close resumed>) = 0 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5752] close(3 [pid 5744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5743] <... futex resumed>) = 0 [pid 5741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5740] <... futex resumed>) = 0 [pid 5084] rmdir("./25/bus" [pid 5082] getdents64(4, [pid 5752] <... close resumed>) = 0 [pid 5744] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5743] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5742] <... write resumed>) = 262144 [pid 5741] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5740] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... rmdir resumed>) = 0 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5752] symlink("/dev/binderfs", "./binderfs" [pid 5744] <... openat resumed>) = 4 [pid 5742] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] <... open resumed>) = 5 [pid 5084] getdents64(3, [pid 5082] close(4 [pid 5752] <... symlink resumed>) = 0 [pid 5744] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] <... close resumed>) = 0 [pid 5752] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] <... futex resumed>) = 1 [pid 5743] <... futex resumed>) = 0 [pid 5741] <... futex resumed>) = 1 [pid 5740] <... futex resumed>) = 0 [pid 5084] close(3 [pid 5082] rmdir("./24/bus" [pid 5752] <... futex resumed>) = 0 [pid 5744] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5742] <... futex resumed>) = 1 [pid 5741] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5740] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] <... futex resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 5082] <... rmdir resumed>) = 0 [pid 5752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5743] <... futex resumed>) = 0 [pid 5742] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5740] <... futex resumed>) = 0 [pid 5739] exit_group(0 [pid 5084] rmdir("./25" [pid 5082] getdents64(3, [pid 5752] <... mmap resumed>) = 0x7f5659bc2000 [pid 5749] <... futex resumed>) = ? [pid 5744] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5743] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5742] <... futex resumed>) = ? [pid 5741] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 5740] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5739] <... exit_group resumed>) = ? [pid 5084] <... rmdir resumed>) = 0 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5752] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5749] +++ exited with 0 +++ [pid 5744] <... write resumed>) = 262144 [pid 5742] +++ exited with 0 +++ [pid 5741] <... mount resumed>) = 0 [pid 5084] mkdir("./26", 0777 [pid 5752] <... mprotect resumed>) = 0 [pid 5744] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] +++ exited with 0 +++ [pid 5082] close(3 [pid 5752] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5744] <... futex resumed>) = 1 [pid 5743] <... futex resumed>) = 0 [pid 5741] <... futex resumed>) = 1 [pid 5740] <... futex resumed>) = 0 [pid 5084] <... mkdir resumed>) = 0 [pid 5082] <... close resumed>) = 0 [pid 5744] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5743] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5740] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] rmdir("./24" [pid 5752] <... clone resumed>, parent_tid=[5753], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5753 [pid 5744] <... mmap resumed>) = 0x20000000 [pid 5743] <... futex resumed>) = 0 [pid 5741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5740] <... futex resumed>) = 0 [pid 5082] <... rmdir resumed>) = 0 [pid 5752] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5743] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5741] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5740] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] mkdir("./25", 0777 [pid 5752] <... futex resumed>) = 0 [pid 5744] <... futex resumed>) = 0 [pid 5743] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5741] <... open resumed>) = 6 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5082] <... mkdir resumed>) = 0 [pid 5752] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 99.543461][ T27] audit: type=1800 audit(1678856050.945:153): pid=5741 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop4" ino=19 res=0 errno=0 [pid 5744] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5743] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... openat resumed>) = 3 [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 5753 attached [pid 5744] <... open resumed>) = 5 [pid 5743] <... futex resumed>) = 0 [pid 5741] <... futex resumed>) = 1 [pid 5740] <... futex resumed>) = 0 [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5739, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5082] <... openat resumed>) = 3 [pid 5753] set_robust_list(0x7f5659be29e0, 24 [pid 5744] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5743] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5741] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5740] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5082] ioctl(3, LOOP_CLR_FD [pid 5753] <... set_robust_list resumed>) = 0 [pid 5744] <... futex resumed>) = 0 [pid 5743] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5740] <... futex resumed>) = 0 [pid 5084] close(3 [pid 5082] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5753] memfd_create("syzkaller", 0 [pid 5744] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5740] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... close resumed>) = 0 [pid 5082] close(3 [pid 5753] <... memfd_create resumed>) = 3 [pid 5744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5743] <... futex resumed>) = 0 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5082] <... close resumed>) = 0 [pid 5753] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5744] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 5743] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5753] <... mmap resumed>) = 0x7f56517c2000 [pid 5744] <... mount resumed>) = 0 [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5754 [pid 5753] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5744] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] <... write resumed>) = 262144 [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5755 [pid 5744] <... futex resumed>) = 1 [pid 5743] <... futex resumed>) = 0 [pid 5741] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] <... futex resumed>) = 1 [pid 5740] <... futex resumed>) = 0 [pid 5744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5743] <... futex resumed>) = 0 [pid 5741] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5740] exit_group(0 [pid 5744] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5743] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5741] <... futex resumed>) = ? [pid 5740] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 5754 attached [pid 5744] <... open resumed>) = 6 [pid 5741] +++ exited with 0 +++ [pid 5740] +++ exited with 0 +++ [pid 5086] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5755 attached [pid 5754] set_robust_list(0x555556f1a5e0, 24 [pid 5744] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5740, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5754] <... set_robust_list resumed>) = 0 [pid 5744] <... futex resumed>) = 1 [pid 5743] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] restart_syscall(<... resuming interrupted clone ...> [pid 5754] chdir("./26" [pid 5744] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5085] <... restart_syscall resumed>) = 0 [pid 5754] <... chdir resumed>) = 0 [pid 5744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5743] <... futex resumed>) = 0 [pid 5754] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5744] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5743] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... openat resumed>) = 3 [pid 5755] set_robust_list(0x555556f1a5e0, 24 [pid 5754] <... prctl resumed>) = 0 [ 99.603201][ T27] audit: type=1800 audit(1678856051.005:154): pid=5744 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop2" ino=19 res=0 errno=0 [pid 5085] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5755] <... set_robust_list resumed>) = 0 [pid 5754] setpgid(0, 0 [pid 5753] <... write resumed>) = 1048576 [pid 5086] fstat(3, [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5754] <... setpgid resumed>) = 0 [pid 5744] <... write resumed>) = 262144 [pid 5085] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5744] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... openat resumed>) = 3 [pid 5755] chdir("./25" [pid 5754] <... openat resumed>) = 3 [pid 5744] <... futex resumed>) = 1 [pid 5743] <... futex resumed>) = 0 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] fstat(3, [pid 5755] <... chdir resumed>) = 0 [pid 5754] write(3, "1000", 4 [pid 5744] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] exit_group(0 [pid 5086] getdents64(3, [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5755] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5754] <... write resumed>) = 4 [pid 5744] <... futex resumed>) = ? [pid 5743] <... exit_group resumed>) = ? [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5085] getdents64(3, [pid 5755] <... prctl resumed>) = 0 [pid 5754] close(3 [pid 5744] +++ exited with 0 +++ [pid 5743] +++ exited with 0 +++ [pid 5086] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5755] setpgid(0, 0 [pid 5754] <... close resumed>) = 0 [pid 5753] munmap(0x7f56517c2000, 1048576 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5743, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5755] <... setpgid resumed>) = 0 [pid 5754] symlink("/dev/binderfs", "./binderfs" [pid 5753] <... munmap resumed>) = 0 [pid 5086] lstat("./25/binderfs", [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] restart_syscall(<... resuming interrupted clone ...> [pid 5755] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5754] <... symlink resumed>) = 0 [pid 5753] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] lstat("./24/binderfs", [pid 5083] <... restart_syscall resumed>) = 0 [pid 5755] <... openat resumed>) = 3 [pid 5086] unlink("./25/binderfs" [pid 5755] write(3, "1000", 4 [pid 5086] <... unlink resumed>) = 0 [pid 5755] <... write resumed>) = 4 [pid 5086] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5755] close(3) = 0 [pid 5755] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5755] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5754] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5753] <... openat resumed>) = 4 [pid 5755] <... mmap resumed>) = 0x7f5659bc2000 [pid 5754] <... futex resumed>) = 0 [pid 5753] ioctl(4, LOOP_SET_FD, 3 [pid 5085] unlink("./24/binderfs" [pid 5755] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5755] <... mprotect resumed>) = 0 [pid 5755] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5756], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5756 [pid 5755] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5755] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5756 attached [pid 5756] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 5756] memfd_create("syzkaller", 0) = 3 [pid 5085] <... unlink resumed>) = 0 [pid 5083] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5754] <... mmap resumed>) = 0x7f5659bc2000 [pid 5085] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5754] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5083] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5754] <... mprotect resumed>) = 0 [pid 5083] <... openat resumed>) = 3 [pid 5083] fstat(3, [pid 5754] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5756] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5083] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5754] <... clone resumed>, parent_tid=[5757], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5757 [pid 5083] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5754] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5754] <... futex resumed>) = 0 [pid 5083] lstat("./25/binderfs", [pid 5754] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 99.697621][ T9] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 99.713127][ T5753] loop0: detected capacity change from 0 to 2048 [ 99.723809][ T5118] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 99.733775][ T9] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5083] unlink("./25/binderfs" [pid 5753] <... ioctl resumed>) = 0 [pid 5083] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 5757 attached [pid 5083] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5757] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 5753] close(3) = 0 [pid 5753] mkdir("./bus", 0777) = 0 [pid 5753] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5757] memfd_create("syzkaller", 0) = 3 [pid 5757] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5756] <... write resumed>) = 1048576 [pid 5756] munmap(0x7f56517c2000, 1048576) = 0 [pid 5756] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 99.756353][ T5118] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 99.760267][ T9] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [ 99.779125][ T75] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5756] ioctl(4, LOOP_SET_FD, 3 [pid 5757] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5756] <... ioctl resumed>) = 0 [pid 5756] close(3) = 0 [pid 5756] mkdir("./bus", 0777) = 0 [ 99.802790][ T5756] loop1: detected capacity change from 0 to 2048 [ 99.818961][ T9] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 99.820163][ T75] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 99.837151][ T5756] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5756] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5757] <... write resumed>) = 1048576 [ 99.846767][ T5118] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [ 99.852801][ T9] EXT4-fs (loop5): This should not happen!! Data will be lost [ 99.852801][ T9] [ 99.875433][ T5756] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/25/bus supports timestamps until 2038 (0x7fffffff) [ 99.877112][ T5118] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5757] munmap(0x7f56517c2000, 1048576) = 0 [pid 5757] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 99.889542][ T5753] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 99.899772][ T5118] EXT4-fs (loop4): This should not happen!! Data will be lost [ 99.899772][ T5118] [ 99.919182][ T5757] loop3: detected capacity change from 0 to 2048 [ 99.923308][ T5118] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 99.928521][ T75] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [pid 5757] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5757] close(3) = 0 [pid 5757] mkdir("./bus", 0777) = 0 [pid 5757] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5756] <... mount resumed>) = 0 [pid 5756] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5756] chdir("./bus") = 0 [pid 5756] ioctl(4, LOOP_CLR_FD) = 0 [pid 5756] close(4) = 0 [pid 5756] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5755] <... futex resumed>) = 0 [pid 5756] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5755] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5756] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5755] <... futex resumed>) = 0 [pid 5756] chdir("./file0" [ 99.942866][ T9] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 99.969481][ T5118] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 99.986331][ T5085] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5755] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5756] <... chdir resumed>) = 0 [pid 5756] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5755] <... futex resumed>) = 0 [pid 5756] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5755] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5756] <... openat resumed>) = 4 [pid 5755] <... futex resumed>) = 0 [pid 5756] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5755] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5756] <... futex resumed>) = 0 [pid 5755] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5756] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5755] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5755] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5756] <... write resumed>) = 262144 [pid 5756] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5755] <... futex resumed>) = 0 [pid 5755] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 99.996328][ T5753] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/25/bus supports timestamps until 2038 (0x7fffffff) [ 100.020292][ T9] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 100.043029][ T75] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5755] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5756] <... futex resumed>) = 1 [pid 5756] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5085] <... umount2 resumed>) = 0 [pid 5755] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5755] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f56518a1000 [pid 5755] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5755] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5764], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 5764 [pid 5755] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5764 attached [ 100.046792][ T5086] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.059167][ T75] EXT4-fs (loop2): This should not happen!! Data will be lost [ 100.059167][ T75] [ 100.067051][ T5757] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5755] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] <... mount resumed>) = 0 [pid 5085] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5756] <... mmap resumed>) = 0x20000000 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5756] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] lstat("./24/bus", [pid 5756] <... futex resumed>) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5764] set_robust_list(0x7f56518c19e0, 24 [pid 5757] <... mount resumed>) = 0 [pid 5756] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5753] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5085] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5764] <... set_robust_list resumed>) = 0 [pid 5757] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5753] <... openat resumed>) = 3 [pid 5086] <... umount2 resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 100.102149][ T5757] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/26/bus supports timestamps until 2038 (0x7fffffff) [ 100.116006][ T75] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 100.132328][ T27] audit: type=1800 audit(1678856051.535:155): pid=5764 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop1" ino=19 res=0 errno=0 [pid 5764] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5757] <... openat resumed>) = 3 [pid 5753] chdir("./bus" [pid 5085] openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5764] <... open resumed>) = 5 [pid 5086] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5086] close(4 [pid 5757] chdir("./bus" [pid 5753] <... chdir resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5086] rmdir("./25/bus" [pid 5757] <... chdir resumed>) = 0 [pid 5086] <... rmdir resumed>) = 0 [pid 5086] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./25") = 0 [pid 5086] mkdir("./26", 0777) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5086] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5086] close(3 [pid 5755] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5755] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... close resumed>) = 0 [pid 5755] <... futex resumed>) = 1 [pid 5753] ioctl(4, LOOP_CLR_FD [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5755] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5757] ioctl(4, LOOP_CLR_FD [pid 5753] <... ioctl resumed>) = 0 [pid 5764] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5757] <... ioctl resumed>) = 0 [pid 5756] <... futex resumed>) = 0 [pid 5753] close(4 [pid 5085] <... openat resumed>) = 4 [pid 5764] <... futex resumed>) = 0 [pid 5757] close(4 [pid 5753] <... close resumed>) = 0 [pid 5085] fstat(4, [pid 5764] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5757] <... close resumed>) = 0 [pid 5756] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5753] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 ./strace-static-x86_64: Process 5765 attached [pid 5757] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5756] <... mount resumed>) = 0 [pid 5753] <... futex resumed>) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5765 [pid 5085] getdents64(4, [pid 5765] set_robust_list(0x555556f1a5e0, 24 [pid 5757] <... futex resumed>) = 1 [pid 5756] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5754] <... futex resumed>) = 0 [pid 5753] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5752] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5765] <... set_robust_list resumed>) = 0 [pid 5757] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5756] <... futex resumed>) = 1 [pid 5755] <... futex resumed>) = 0 [pid 5753] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] getdents64(4, [pid 5765] chdir("./26" [pid 5756] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5755] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] chdir("./file0" [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5765] <... chdir resumed>) = 0 [pid 5756] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5755] <... futex resumed>) = 0 [pid 5754] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] <... chdir resumed>) = 0 [pid 5752] <... futex resumed>) = 0 [pid 5085] close(4 [pid 5765] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5757] <... futex resumed>) = 0 [pid 5756] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5755] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5754] <... futex resumed>) = 1 [pid 5753] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5752] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... close resumed>) = 0 [pid 5765] <... prctl resumed>) = 0 [pid 5757] chdir("./file0" [pid 5756] <... open resumed>) = 6 [pid 5754] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] <... futex resumed>) = 0 [pid 5752] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] rmdir("./24/bus" [pid 5765] setpgid(0, 0 [pid 5757] <... chdir resumed>) = 0 [pid 5756] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5752] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... rmdir resumed>) = 0 [pid 5765] <... setpgid resumed>) = 0 [pid 5757] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5756] <... futex resumed>) = 1 [pid 5755] <... futex resumed>) = 0 [pid 5753] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5752] <... futex resumed>) = 0 [pid 5085] getdents64(3, [pid 5765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5757] <... futex resumed>) = 1 [pid 5756] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5755] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5754] <... futex resumed>) = 0 [pid 5753] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5752] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5765] <... openat resumed>) = 3 [pid 5757] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5756] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5755] <... futex resumed>) = 0 [pid 5754] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] <... openat resumed>) = 4 [pid 5085] close(3 [pid 5765] write(3, "1000", 4 [pid 5757] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5756] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5755] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5754] <... futex resumed>) = 0 [pid 5753] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... close resumed>) = 0 [ 100.153610][ T75] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 100.181758][ T5083] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5765] <... write resumed>) = 4 [pid 5757] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5754] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] <... futex resumed>) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5085] rmdir("./24" [pid 5765] close(3 [pid 5757] <... openat resumed>) = 4 [pid 5756] <... write resumed>) = 262144 [pid 5753] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5752] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... rmdir resumed>) = 0 [pid 5765] <... close resumed>) = 0 [pid 5757] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5756] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5752] <... futex resumed>) = 0 [pid 5085] mkdir("./25", 0777 [pid 5765] symlink("/dev/binderfs", "./binderfs" [pid 5757] <... futex resumed>) = 1 [pid 5756] <... futex resumed>) = 1 [pid 5755] <... futex resumed>) = 0 [pid 5754] <... futex resumed>) = 0 [pid 5753] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5752] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... mkdir resumed>) = 0 [pid 5083] <... umount2 resumed>) = 0 [pid 5765] <... symlink resumed>) = 0 [pid 5757] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5756] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5755] exit_group(0 [pid 5754] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5083] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5765] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5764] <... futex resumed>) = ? [pid 5757] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5756] <... futex resumed>) = ? [pid 5755] <... exit_group resumed>) = ? [pid 5754] <... futex resumed>) = 0 [pid 5753] <... write resumed>) = 262144 [pid 5085] <... openat resumed>) = 3 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5765] <... futex resumed>) = 0 [pid 5764] +++ exited with 0 +++ [pid 5757] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5756] +++ exited with 0 +++ [pid 5754] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] ioctl(3, LOOP_CLR_FD [pid 5083] lstat("./25/bus", [pid 5765] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5755] +++ exited with 0 +++ [pid 5765] <... mmap resumed>) = 0x7f5659bc2000 [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5755, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5765] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5765] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5766], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5766 [pid 5765] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5765] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5082] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5082] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] unlink("./25/binderfs") = 0 [pid 5082] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5753] <... futex resumed>) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5753] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5752] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] close(3 [pid 5083] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5753] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5752] <... futex resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5753] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5752] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5766 attached [pid 5757] <... write resumed>) = 262144 [pid 5753] <... mmap resumed>) = 0x20000000 [pid 5766] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 5083] openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5753] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] memfd_create("syzkaller", 0) = 3 [pid 5766] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5083] <... openat resumed>) = 4 [pid 5753] <... futex resumed>) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5753] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] fstat(4, [pid 5757] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5752] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5752] <... futex resumed>) = 0 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5752] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5767 attached [pid 5753] <... open resumed>) = 5 [pid 5757] <... futex resumed>) = 1 [pid 5754] <... futex resumed>) = 0 [pid 5083] getdents64(4, [pid 5757] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5767 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5757] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5754] <... futex resumed>) = 0 [pid 5083] getdents64(4, [pid 5757] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5754] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] <... futex resumed>) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5767] set_robust_list(0x555556f1a5e0, 24 [pid 5766] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5757] <... mmap resumed>) = 0x20000000 [pid 5752] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5752] <... futex resumed>) = 0 [pid 5083] close(4 [pid 5757] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5752] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... close resumed>) = 0 [pid 5767] <... set_robust_list resumed>) = 0 [pid 5757] <... futex resumed>) = 1 [pid 5754] <... futex resumed>) = 0 [pid 5753] <... mount resumed>) = 0 [pid 5083] rmdir("./25/bus" [pid 5767] chdir("./25" [pid 5757] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] <... chdir resumed>) = 0 [pid 5083] <... rmdir resumed>) = 0 [pid 5767] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5767] setpgid(0, 0) = 0 [ 100.291608][ T9] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 100.307051][ T9] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5767] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5757] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5754] <... futex resumed>) = 0 [pid 5753] <... futex resumed>) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5083] getdents64(3, [pid 5767] write(3, "1000", 4) = 4 [pid 5767] close(3) = 0 [pid 5767] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5767] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5767] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5767] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5767] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5768], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5768 [pid 5767] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5767] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5768 attached [pid 5766] <... write resumed>) = 1048576 [pid 5757] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5754] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5752] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5768] set_robust_list(0x7f5659be29e0, 24 [pid 5757] <... open resumed>) = 5 [pid 5753] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5752] <... futex resumed>) = 0 [pid 5083] close(3 [pid 5768] <... set_robust_list resumed>) = 0 [pid 5766] munmap(0x7f56517c2000, 1048576 [pid 5757] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5752] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... close resumed>) = 0 [pid 5768] memfd_create("syzkaller", 0 [pid 5766] <... munmap resumed>) = 0 [pid 5766] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5766] ioctl(4, LOOP_SET_FD, 3 [pid 5768] <... memfd_create resumed>) = 3 [pid 5757] <... futex resumed>) = 1 [pid 5754] <... futex resumed>) = 0 [pid 5753] <... open resumed>) = 6 [pid 5083] rmdir("./25" [pid 5766] <... ioctl resumed>) = 0 [pid 5766] close(3) = 0 [pid 5766] mkdir("./bus", 0777) = 0 [pid 5766] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5768] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5757] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... rmdir resumed>) = 0 [pid 5768] <... mmap resumed>) = 0x7f56517c2000 [pid 5757] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5754] <... futex resumed>) = 0 [pid 5753] <... futex resumed>) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5754] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] mkdir("./26", 0777 [pid 5757] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 5768] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5752] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... mkdir resumed>) = 0 [pid 5753] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5757] <... mount resumed>) = 0 [pid 5752] <... futex resumed>) = 0 [ 100.357514][ T9] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [ 100.371054][ T9] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 100.373363][ T5766] loop5: detected capacity change from 0 to 2048 [ 100.385282][ T9] EXT4-fs (loop1): This should not happen!! Data will be lost [ 100.385282][ T9] [pid 5768] <... write resumed>) = 1048576 [pid 5757] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5752] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5757] <... futex resumed>) = 1 [pid 5083] <... openat resumed>) = 3 [pid 5768] munmap(0x7f56517c2000, 1048576 [pid 5757] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] <... futex resumed>) = 0 [pid 5753] <... write resumed>) = 262144 [pid 5083] ioctl(3, LOOP_CLR_FD [pid 5768] <... munmap resumed>) = 0 [pid 5754] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5083] close(3) = 0 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 5771 [pid 5757] <... futex resumed>) = 0 [pid 5754] <... futex resumed>) = 1 [pid 5753] <... futex resumed>) = 1 [pid 5757] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5754] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5752] <... futex resumed>) = 0 [pid 5768] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5757] <... open resumed>) = 6 [pid 5757] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5757] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5771 attached [ 100.413519][ T9] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 100.432195][ T9] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 100.449087][ T5766] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5771] set_robust_list(0x555556f1a5e0, 24 [pid 5768] <... openat resumed>) = 4 [pid 5754] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5752] exit_group(0 [pid 5771] <... set_robust_list resumed>) = 0 [pid 5771] chdir("./26") = 0 [pid 5771] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5771] setpgid(0, 0) = 0 [pid 5771] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5768] ioctl(4, LOOP_SET_FD, 3 [pid 5754] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] <... futex resumed>) = ? [pid 5752] <... exit_group resumed>) = ? [pid 5771] write(3, "1000", 4 [pid 5766] <... mount resumed>) = 0 [pid 5771] <... write resumed>) = 4 [pid 5771] close(3) = 0 [pid 5757] <... futex resumed>) = 0 [pid 5754] <... futex resumed>) = 1 [pid 5753] +++ exited with 0 +++ [pid 5771] symlink("/dev/binderfs", "./binderfs" [pid 5757] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5752] +++ exited with 0 +++ [pid 5771] <... symlink resumed>) = 0 [pid 5771] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5752, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5771] <... futex resumed>) = 0 [pid 5766] <... openat resumed>) = 3 [pid 5081] restart_syscall(<... resuming interrupted clone ...> [pid 5771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5768] <... ioctl resumed>) = 0 [pid 5766] chdir("./bus" [pid 5757] <... write resumed>) = 262144 [pid 5081] <... restart_syscall resumed>) = 0 [pid 5771] <... mmap resumed>) = 0x7f5659bc2000 [pid 5766] <... chdir resumed>) = 0 [pid 5771] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5766] ioctl(4, LOOP_CLR_FD [pid 5757] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... mprotect resumed>) = 0 [pid 5768] close(3 [pid 5766] <... ioctl resumed>) = 0 [pid 5754] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5771] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5768] <... close resumed>) = 0 [pid 5766] close(4 [pid 5757] <... futex resumed>) = 0 [pid 5754] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5768] mkdir("./bus", 0777 [pid 5766] <... close resumed>) = 0 [pid 5757] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] exit_group(0 [pid 5081] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5771] <... clone resumed>, parent_tid=[5772], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5772 [pid 5768] <... mkdir resumed>) = 0 [pid 5766] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5757] <... futex resumed>) = ? [pid 5754] <... exit_group resumed>) = ? [pid 5081] <... openat resumed>) = 3 [pid 5771] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5768] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5766] <... futex resumed>) = 1 [pid 5765] <... futex resumed>) = 0 [pid 5757] +++ exited with 0 +++ [pid 5754] +++ exited with 0 +++ [pid 5081] fstat(3, [pid 5771] <... futex resumed>) = 0 [pid 5766] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5765] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5754, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5771] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5766] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5765] <... futex resumed>) = 0 [pid 5084] restart_syscall(<... resuming interrupted clone ...> [pid 5081] getdents64(3, [ 100.467915][ T5766] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/26/bus supports timestamps until 2038 (0x7fffffff) [ 100.473144][ T5082] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.490362][ T5768] loop4: detected capacity change from 0 to 2048 [pid 5766] chdir("./file0" [pid 5765] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... restart_syscall resumed>) = 0 [pid 5082] <... umount2 resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 ./strace-static-x86_64: Process 5772 attached [pid 5766] <... chdir resumed>) = 0 [pid 5082] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5772] set_robust_list(0x7f5659be29e0, 24 [pid 5766] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5772] <... set_robust_list resumed>) = 0 [pid 5766] <... futex resumed>) = 1 [pid 5765] <... futex resumed>) = 0 [pid 5084] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] lstat("./25/binderfs", [pid 5772] memfd_create("syzkaller", 0 [pid 5766] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5765] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./25/bus", [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5772] <... memfd_create resumed>) = 3 [pid 5766] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5765] <... futex resumed>) = 0 [pid 5084] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] unlink("./25/binderfs" [pid 5772] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5766] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5765] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... openat resumed>) = 3 [pid 5082] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... unlink resumed>) = 0 [pid 5084] fstat(3, [pid 5081] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5084] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5766] <... openat resumed>) = 4 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5766] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] lstat("./26/binderfs", [pid 5772] <... mmap resumed>) = 0x7f56517c2000 [pid 5766] <... futex resumed>) = 1 [pid 5765] <... futex resumed>) = 0 [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5766] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5765] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] unlink("./26/binderfs" [pid 5766] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5765] <... futex resumed>) = 0 [pid 5084] <... unlink resumed>) = 0 [pid 5082] openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5766] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5765] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... openat resumed>) = 4 [pid 5082] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5082] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] close(4) = 0 [ 100.565712][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 100.579262][ T5118] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [pid 5082] rmdir("./25/bus") = 0 [pid 5765] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5765] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5772] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5765] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5082] getdents64(3, [pid 5765] <... mmap resumed>) = 0x7f56518a1000 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] close(3 [pid 5765] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 5082] <... close resumed>) = 0 [pid 5765] <... mprotect resumed>) = 0 [pid 5082] rmdir("./25" [pid 5765] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5766] <... write resumed>) = 262144 [pid 5082] <... rmdir resumed>) = 0 [pid 5765] <... clone resumed>, parent_tid=[5775], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 5775 [pid 5082] mkdir("./26", 0777 [pid 5765] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5766] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... mkdir resumed>) = 0 [pid 5766] <... futex resumed>) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5082] ioctl(3, LOOP_CLR_FD [pid 5766] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5082] close(3./strace-static-x86_64: Process 5775 attached [ 100.611650][ T5768] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 100.625423][ T9] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 100.630522][ T5118] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 100.642555][ T9] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [pid 5772] <... write resumed>) = 1048576 [pid 5082] <... close resumed>) = 0 [pid 5775] set_robust_list(0x7f56518c19e0, 24) = 0 [pid 5775] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5775] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5772] munmap(0x7f56517c2000, 1048576 [pid 5775] <... futex resumed>) = 1 [pid 5765] <... futex resumed>) = 0 [pid 5775] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5765] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] <... futex resumed>) = 0 [pid 5765] <... futex resumed>) = 1 [pid 5766] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5765] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5776 attached [pid 5772] <... munmap resumed>) = 0 [pid 5768] <... mount resumed>) = 0 [pid 5766] <... open resumed>) = 5 [pid 5776] set_robust_list(0x555556f1a5e0, 24 [pid 5772] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5768] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5776 [pid 5776] <... set_robust_list resumed>) = 0 [pid 5772] <... openat resumed>) = 4 [pid 5768] <... openat resumed>) = 3 [pid 5776] chdir("./26" [pid 5772] ioctl(4, LOOP_SET_FD, 3 [pid 5768] chdir("./bus" [pid 5776] <... chdir resumed>) = 0 [pid 5772] <... ioctl resumed>) = 0 [pid 5768] <... chdir resumed>) = 0 [pid 5766] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5776] prctl(PR_SET_PDEATHSIG, SIGKILL [ 100.677822][ T5768] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/25/bus supports timestamps until 2038 (0x7fffffff) [ 100.695007][ T5118] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [ 100.705147][ T5772] loop2: detected capacity change from 0 to 2048 [ 100.708283][ T9] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5772] close(3 [pid 5768] ioctl(4, LOOP_CLR_FD [pid 5766] <... futex resumed>) = 1 [pid 5776] <... prctl resumed>) = 0 [pid 5772] <... close resumed>) = 0 [pid 5768] <... ioctl resumed>) = 0 [pid 5766] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5776] setpgid(0, 0 [pid 5772] mkdir("./bus", 0777 [pid 5768] close(4 [pid 5776] <... setpgid resumed>) = 0 [pid 5772] <... mkdir resumed>) = 0 [pid 5768] <... close resumed>) = 0 [pid 5765] <... futex resumed>) = 0 [pid 5776] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5772] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5768] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5776] <... openat resumed>) = 3 [pid 5765] <... futex resumed>) = 1 [pid 5765] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5776] write(3, "1000", 4 [pid 5768] <... futex resumed>) = 1 [pid 5767] <... futex resumed>) = 0 [pid 5766] <... futex resumed>) = 0 [pid 5776] <... write resumed>) = 4 [pid 5768] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5767] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5776] close(3 [pid 5768] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5767] <... futex resumed>) = 0 [pid 5767] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5766] <... mount resumed>) = 0 [pid 5776] <... close resumed>) = 0 [pid 5768] chdir("./file0" [pid 5766] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5776] symlink("/dev/binderfs", "./binderfs" [pid 5768] <... chdir resumed>) = 0 [pid 5776] <... symlink resumed>) = 0 [pid 5768] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] <... futex resumed>) = 1 [pid 5765] <... futex resumed>) = 0 [pid 5776] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5768] <... futex resumed>) = 1 [pid 5767] <... futex resumed>) = 0 [pid 5766] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5765] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5776] <... futex resumed>) = 0 [pid 5768] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5767] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] <... open resumed>) = 6 [pid 5765] <... futex resumed>) = 0 [ 100.726958][ T5118] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 100.748758][ T5118] EXT4-fs (loop3): This should not happen!! Data will be lost [ 100.748758][ T5118] [ 100.762656][ T9] EXT4-fs (loop0): This should not happen!! Data will be lost [ 100.762656][ T9] [pid 5776] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5768] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5767] <... futex resumed>) = 0 [pid 5766] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5768] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5767] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5765] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5768] <... openat resumed>) = 4 [pid 5765] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5776] <... mmap resumed>) = 0x7f5659bc2000 [pid 5768] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] <... futex resumed>) = 0 [pid 5765] <... futex resumed>) = 0 [pid 5768] <... futex resumed>) = 1 [pid 5767] <... futex resumed>) = 0 [pid 5765] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5768] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5767] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5768] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5767] <... futex resumed>) = 0 [pid 5768] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5767] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5768] <... write resumed>) = 262144 [pid 5768] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] <... futex resumed>) = 0 [pid 5767] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 100.775866][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 100.791895][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 100.793112][ T5118] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [pid 5767] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5776] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5766] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5776] <... mprotect resumed>) = 0 [pid 5768] <... futex resumed>) = 1 [pid 5776] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5779], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5779 ./strace-static-x86_64: Process 5779 attached [pid 5776] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5776] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5768] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 5768] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] set_robust_list(0x7f5659be29e0, 24 [pid 5768] <... futex resumed>) = 1 [pid 5765] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5779] <... set_robust_list resumed>) = 0 [pid 5768] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5767] <... futex resumed>) = 0 [pid 5766] <... write resumed>) = 262144 [pid 5779] memfd_create("syzkaller", 0 [pid 5768] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5767] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5768] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5766] <... futex resumed>) = 0 [pid 5768] <... open resumed>) = 5 [pid 5766] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5768] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5768] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5772] <... mount resumed>) = 0 [pid 5772] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5772] chdir("./bus" [pid 5779] <... memfd_create resumed>) = 3 [pid 5779] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5767] <... futex resumed>) = 1 [pid 5768] <... futex resumed>) = 0 [pid 5767] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5765] exit_group(0 [pid 5779] <... mmap resumed>) = 0x7f56517c2000 [pid 5767] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5775] <... futex resumed>) = ? [pid 5768] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5766] <... futex resumed>) = ? [pid 5765] <... exit_group resumed>) = ? [pid 5767] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5768] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5766] +++ exited with 0 +++ [pid 5768] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5768] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5768] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5772] <... chdir resumed>) = 0 [pid 5772] ioctl(4, LOOP_CLR_FD [pid 5779] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5775] +++ exited with 0 +++ [pid 5768] <... futex resumed>) = 0 [pid 5767] <... futex resumed>) = 1 [pid 5768] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5772] <... ioctl resumed>) = 0 [pid 5772] close(4 [pid 5767] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5772] <... close resumed>) = 0 [pid 5772] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 100.820946][ T5118] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 100.821538][ T5772] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 100.848021][ T5772] ext4 filesystem being mounted at /root/syzkaller.22hR0w/26/bus supports timestamps until 2038 (0x7fffffff) [ 100.866801][ T5081] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5772] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5771] <... futex resumed>) = 0 [pid 5767] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5771] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5771] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5767] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] +++ exited with 0 +++ [pid 5767] <... futex resumed>) = 1 [pid 5772] <... futex resumed>) = 0 [pid 5768] <... futex resumed>) = 0 [pid 5767] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5772] chdir("./file0" [pid 5768] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5772] <... chdir resumed>) = 0 [pid 5768] <... open resumed>) = 6 [pid 5772] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5768] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5772] <... futex resumed>) = 1 [pid 5771] <... futex resumed>) = 0 [pid 5768] <... futex resumed>) = 1 [pid 5767] <... futex resumed>) = 0 [pid 5772] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5771] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5768] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5767] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5772] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5771] <... futex resumed>) = 0 [pid 5768] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5767] <... futex resumed>) = 0 [pid 5772] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5771] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5768] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5767] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5765, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5772] <... openat resumed>) = 4 [pid 5772] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5772] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5771] <... futex resumed>) = 0 [pid 5768] <... write resumed>) = 262144 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5771] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5768] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5772] <... futex resumed>) = 0 [pid 5771] <... futex resumed>) = 1 [pid 5768] <... futex resumed>) = 1 [pid 5767] <... futex resumed>) = 0 [pid 5086] <... openat resumed>) = 3 [pid 5772] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5771] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5768] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5767] exit_group(0 [pid 5086] fstat(3, [pid 5772] <... write resumed>) = 262144 [pid 5768] <... futex resumed>) = ? [ 100.900218][ T5084] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5767] <... exit_group resumed>) = ? [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] <... umount2 resumed>) = 0 [pid 5779] <... write resumed>) = 1048576 [pid 5768] +++ exited with 0 +++ [pid 5086] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5086] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5779] munmap(0x7f56517c2000, 1048576 [pid 5767] +++ exited with 0 +++ [pid 5086] lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5767, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5086] unlink("./26/binderfs" [pid 5779] <... munmap resumed>) = 0 [pid 5086] <... unlink resumed>) = 0 [pid 5084] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... umount2 resumed>) = 0 [pid 5779] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5086] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5779] <... openat resumed>) = 4 [pid 5085] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5772] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5772] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] lstat("./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5081] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5081] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5081] close(4) = 0 [pid 5081] rmdir("./25/bus") = 0 [pid 5771] <... futex resumed>) = 0 [pid 5779] ioctl(4, LOOP_SET_FD, 3 [pid 5771] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] lstat("./26/bus", [pid 5081] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5081] close(3) = 0 [pid 5081] rmdir("./25") = 0 [pid 5081] mkdir("./26", 0777) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5772] <... futex resumed>) = 0 [pid 5771] <... futex resumed>) = 1 [pid 5085] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5772] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5081] <... openat resumed>) = 3 [pid 5779] <... ioctl resumed>) = 0 [pid 5772] <... mmap resumed>) = 0x20000000 [pid 5771] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... openat resumed>) = 3 [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5772] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] ioctl(3, LOOP_CLR_FD [pid 5772] <... futex resumed>) = 0 [pid 5772] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5081] close(3) = 0 [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 5780 ./strace-static-x86_64: Process 5780 attached [pid 5780] set_robust_list(0x555556f1a5e0, 24 [pid 5771] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] fstat(3, [pid 5779] close(3 [pid 5771] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5779] <... close resumed>) = 0 [pid 5772] <... futex resumed>) = 0 [pid 5771] <... futex resumed>) = 1 [pid 5085] getdents64(3, [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5780] <... set_robust_list resumed>) = 0 [pid 5779] mkdir("./bus", 0777 [pid 5772] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5771] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [ 100.974227][ T75] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 100.989208][ T5779] loop1: detected capacity change from 0 to 2048 [pid 5084] openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5780] chdir("./26" [pid 5779] <... mkdir resumed>) = 0 [pid 5772] <... open resumed>) = 5 [pid 5085] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] <... openat resumed>) = 4 [pid 5780] <... chdir resumed>) = 0 [pid 5779] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5772] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] fstat(4, [pid 5780] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5772] <... futex resumed>) = 1 [pid 5771] <... futex resumed>) = 0 [pid 5085] lstat("./25/binderfs", [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5780] <... prctl resumed>) = 0 [pid 5772] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5771] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5084] getdents64(4, [pid 5780] setpgid(0, 0 [pid 5772] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5771] <... futex resumed>) = 0 [pid 5085] unlink("./25/binderfs" [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5780] <... setpgid resumed>) = 0 [pid 5772] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 5771] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... unlink resumed>) = 0 [pid 5084] getdents64(4, [pid 5780] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5772] <... mount resumed>) = 0 [pid 5085] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5780] <... openat resumed>) = 3 [pid 5772] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] close(4 [pid 5780] write(3, "1000", 4 [pid 5772] <... futex resumed>) = 1 [pid 5780] <... write resumed>) = 4 [pid 5772] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5780] close(3) = 0 [pid 5780] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5780] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5780] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5780] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5780] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5781], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5781 [pid 5780] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5780] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5771] <... futex resumed>) = 0 [pid 5084] <... close resumed>) = 0 ./strace-static-x86_64: Process 5781 attached [pid 5771] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] rmdir("./26/bus" [pid 5772] <... futex resumed>) = 0 [pid 5771] <... futex resumed>) = 1 [pid 5781] set_robust_list(0x7f5659be29e0, 24 [pid 5772] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5771] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... rmdir resumed>) = 0 [pid 5781] <... set_robust_list resumed>) = 0 [pid 5772] <... open resumed>) = 6 [pid 5084] getdents64(3, [pid 5772] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5781] memfd_create("syzkaller", 0 [pid 5772] <... futex resumed>) = 1 [pid 5771] <... futex resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5781] <... memfd_create resumed>) = 3 [pid 5772] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5771] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] close(3 [pid 5781] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5772] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 101.015675][ T75] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 101.039011][ T5118] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 101.051441][ T75] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [pid 5772] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5781] <... mmap resumed>) = 0x7f56517c2000 [pid 5771] <... futex resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 5771] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] rmdir("./26") = 0 [pid 5772] <... write resumed>) = 262144 [pid 5084] mkdir("./27", 0777 [pid 5772] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5772] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5771] <... futex resumed>) = 0 [pid 5084] <... mkdir resumed>) = 0 [pid 5771] exit_group(0 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5772] <... futex resumed>) = ? [pid 5771] <... exit_group resumed>) = ? [pid 5084] <... openat resumed>) = 3 [pid 5772] +++ exited with 0 +++ [pid 5771] +++ exited with 0 +++ [pid 5084] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5084] close(3 [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5771, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5084] <... close resumed>) = 0 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5083] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5083] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5784 [pid 5083] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5083] lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5083] unlink("./26/binderfs"./strace-static-x86_64: Process 5784 attached ) = 0 [pid 5784] set_robust_list(0x555556f1a5e0, 24 [pid 5781] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5083] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5784] <... set_robust_list resumed>) = 0 [ 101.075176][ T5779] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 101.110973][ T75] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5784] chdir("./27" [ 101.125429][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 101.125620][ T5118] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 101.148484][ T5779] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/26/bus supports timestamps until 2038 (0x7fffffff) [ 101.148634][ T5118] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [pid 5779] <... mount resumed>) = 0 [pid 5779] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5779] chdir("./bus") = 0 [pid 5779] ioctl(4, LOOP_CLR_FD) = 0 [pid 5779] close(4 [pid 5784] <... chdir resumed>) = 0 [pid 5779] <... close resumed>) = 0 [pid 5784] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5779] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... prctl resumed>) = 0 [pid 5779] <... futex resumed>) = 1 [pid 5776] <... futex resumed>) = 0 [pid 5784] setpgid(0, 0 [pid 5779] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5776] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... setpgid resumed>) = 0 [pid 5779] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5776] <... futex resumed>) = 0 [pid 5784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5779] chdir("./file0" [pid 5776] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5784] <... openat resumed>) = 3 [pid 5779] <... chdir resumed>) = 0 [pid 5784] write(3, "1000", 4 [pid 5779] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... write resumed>) = 4 [pid 5779] <... futex resumed>) = 1 [pid 5776] <... futex resumed>) = 0 [pid 5784] close(3 [pid 5779] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5776] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... close resumed>) = 0 [pid 5779] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5776] <... futex resumed>) = 0 [pid 5779] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 101.190190][ T11] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 101.220510][ T11] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 101.224704][ T75] EXT4-fs (loop5): This should not happen!! Data will be lost [pid 5776] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5784] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5779] <... openat resumed>) = 4 [pid 5784] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5784] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5779] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... mprotect resumed>) = 0 [pid 5779] <... futex resumed>) = 1 [pid 5776] <... futex resumed>) = 0 [pid 5784] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5779] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5776] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] <... clone resumed>, parent_tid=[5785], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5785 [pid 5776] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5784] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5781] <... write resumed>) = 1048576 [pid 5784] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5781] munmap(0x7f56517c2000, 1048576./strace-static-x86_64: Process 5785 attached [pid 5785] set_robust_list(0x7f5659be29e0, 24 [pid 5781] <... munmap resumed>) = 0 [ 101.224704][ T75] [pid 5785] <... set_robust_list resumed>) = 0 [pid 5781] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5779] <... write resumed>) = 262144 [pid 5779] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5776] <... futex resumed>) = 0 [pid 5779] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5776] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] <... mmap resumed>) = 0x20000000 [pid 5776] <... futex resumed>) = 0 [pid 5776] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5779] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5776] <... futex resumed>) = 0 [pid 5779] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5776] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] <... open resumed>) = 5 [pid 5776] <... futex resumed>) = 0 [pid 5776] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5779] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5776] <... futex resumed>) = 0 [pid 5779] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5776] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] <... mount resumed>) = 0 [pid 5776] <... futex resumed>) = 0 [pid 5785] memfd_create("syzkaller", 0 [pid 5781] <... openat resumed>) = 4 [pid 5779] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5776] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5779] <... futex resumed>) = 0 [pid 5776] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5785] <... memfd_create resumed>) = 3 [pid 5781] ioctl(4, LOOP_SET_FD, 3 [pid 5779] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5776] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] <... open resumed>) = 6 [pid 5776] <... futex resumed>) = 0 [pid 5779] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5776] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5779] <... futex resumed>) = 0 [pid 5776] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 101.265552][ T11] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 101.270111][ T75] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 101.278886][ T5118] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 101.306908][ T11] EXT4-fs (loop2): This should not happen!! Data will be lost [pid 5779] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5776] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5785] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5776] <... futex resumed>) = 0 [pid 5776] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... mmap resumed>) = 0x7f56517c2000 [pid 5781] <... ioctl resumed>) = 0 [pid 5785] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5781] close(3 [pid 5779] <... write resumed>) = 262144 [pid 5779] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5776] <... futex resumed>) = 0 [pid 5779] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 101.306908][ T11] [ 101.318653][ T5781] loop0: detected capacity change from 0 to 2048 [ 101.320580][ T5118] EXT4-fs (loop4): This should not happen!! Data will be lost [ 101.320580][ T5118] [ 101.330102][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 101.335728][ T75] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5776] exit_group(0 [pid 5779] <... futex resumed>) = ? [pid 5776] <... exit_group resumed>) = ? [pid 5779] +++ exited with 0 +++ [pid 5776] +++ exited with 0 +++ [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5776, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5082] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5082] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5781] <... close resumed>) = 0 [pid 5082] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5781] mkdir("./bus", 0777 [pid 5082] <... openat resumed>) = 3 [pid 5082] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5781] <... mkdir resumed>) = 0 [pid 5082] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5781] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] unlink("./26/binderfs") = 0 [ 101.356363][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 101.387584][ T46] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 101.393316][ T5118] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [pid 5082] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5785] <... write resumed>) = 1048576 [pid 5785] munmap(0x7f56517c2000, 1048576) = 0 [pid 5785] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5785] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5785] close(3) = 0 [pid 5785] mkdir("./bus", 0777) = 0 [ 101.412479][ T5785] loop3: detected capacity change from 0 to 2048 [ 101.426737][ T46] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 101.437617][ T5118] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 101.443555][ T5083] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5785] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5781] <... mount resumed>) = 0 [ 101.453843][ T5781] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 101.462136][ T5086] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.471987][ T5781] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/26/bus supports timestamps until 2038 (0x7fffffff) [ 101.494077][ T46] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:3: mark_inode_dirty error [ 101.496386][ T5085] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5781] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5781] chdir("./bus") = 0 [ 101.508236][ T46] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 101.528082][ T46] EXT4-fs (loop1): This should not happen!! Data will be lost [ 101.528082][ T46] [ 101.539941][ T46] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [pid 5781] ioctl(4, LOOP_CLR_FD) = 0 [pid 5781] close(4 [pid 5086] <... umount2 resumed>) = 0 [pid 5083] <... umount2 resumed>) = 0 [pid 5781] <... close resumed>) = 0 [pid 5086] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5781] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5781] <... futex resumed>) = 1 [pid 5781] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5780] <... futex resumed>) = 0 [pid 5086] lstat("./26/bus", [ 101.554999][ T46] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [pid 5083] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5780] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5780] <... futex resumed>) = 1 [pid 5781] <... futex resumed>) = 0 [pid 5780] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... mount resumed>) = 0 [pid 5785] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5785] chdir("./bus") = 0 [pid 5785] ioctl(4, LOOP_CLR_FD) = 0 [pid 5785] close(4) = 0 [pid 5785] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... futex resumed>) = 0 [pid 5784] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... futex resumed>) = 1 [pid 5785] chdir("./file0") = 0 [pid 5785] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... futex resumed>) = 0 [pid 5784] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... futex resumed>) = 1 [pid 5785] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5781] chdir("./file0" [pid 5785] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5784] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5784] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5781] <... chdir resumed>) = 0 [pid 5086] openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5784] <... futex resumed>) = 0 [pid 5784] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... futex resumed>) = 1 [pid 5785] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5781] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... openat resumed>) = 4 [pid 5781] <... futex resumed>) = 1 [pid 5780] <... futex resumed>) = 0 [pid 5781] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5780] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5781] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5780] <... futex resumed>) = 0 [pid 5781] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5780] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5781] <... openat resumed>) = 4 [pid 5086] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./26/bus") = 0 [pid 5781] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] getdents64(3, [pid 5780] <... futex resumed>) = 0 [pid 5781] <... futex resumed>) = 1 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5780] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5780] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5781] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5086] close(3 [pid 5785] <... write resumed>) = 262144 [pid 5785] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... futex resumed>) = 0 [pid 5784] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... futex resumed>) = 1 [pid 5785] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 5785] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... futex resumed>) = 0 [pid 5784] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... futex resumed>) = 1 [pid 5785] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5086] <... close resumed>) = 0 [pid 5086] rmdir("./26" [pid 5785] <... open resumed>) = 5 [pid 5785] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... futex resumed>) = 0 [pid 5784] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... futex resumed>) = 1 [pid 5785] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 5086] <... rmdir resumed>) = 0 [pid 5785] <... mount resumed>) = 0 [pid 5785] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... futex resumed>) = 0 [pid 5784] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] mkdir("./27", 0777 [pid 5785] <... futex resumed>) = 1 [pid 5785] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5785] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... futex resumed>) = 0 [pid 5784] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... futex resumed>) = 1 [pid 5785] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5086] <... mkdir resumed>) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5086] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5086] close(3) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5083] lstat("./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5083] openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5791 [pid 5083] <... openat resumed>) = 4 [pid 5083] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 ./strace-static-x86_64: Process 5791 attached [ 101.588472][ T5785] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 101.602537][ T5785] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/27/bus supports timestamps until 2038 (0x7fffffff) [ 101.611209][ T5082] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5083] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5791] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 5781] <... write resumed>) = 262144 [pid 5083] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5083] close(4) = 0 [pid 5083] rmdir("./26/bus") = 0 [pid 5791] chdir("./27" [pid 5781] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... umount2 resumed>) = 0 [pid 5781] <... futex resumed>) = 1 [pid 5780] <... futex resumed>) = 0 [pid 5780] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5791] <... chdir resumed>) = 0 [pid 5781] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5791] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5780] <... futex resumed>) = 0 [pid 5791] <... prctl resumed>) = 0 [pid 5781] <... mmap resumed>) = 0x20000000 [pid 5780] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... umount2 resumed>) = 0 [pid 5083] getdents64(3, [pid 5791] setpgid(0, 0 [pid 5781] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5791] <... setpgid resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] close(3 [pid 5085] lstat("./25/bus", [pid 5083] <... close resumed>) = 0 [pid 5791] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5781] <... futex resumed>) = 1 [pid 5780] <... futex resumed>) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] rmdir("./26" [pid 5082] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5791] <... openat resumed>) = 3 [pid 5784] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5781] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5780] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... rmdir resumed>) = 0 [pid 5791] write(3, "1000", 4 [pid 5785] <... write resumed>) = 262144 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] mkdir("./27", 0777 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5791] <... write resumed>) = 4 [pid 5785] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5781] <... open resumed>) = 5 [pid 5780] <... futex resumed>) = 0 [pid 5085] openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] <... mkdir resumed>) = 0 [pid 5082] lstat("./26/bus", [pid 5791] close(3 [pid 5785] <... futex resumed>) = 0 [pid 5784] exit_group(0 [pid 5781] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... openat resumed>) = 4 [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5082] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5791] <... close resumed>) = 0 [pid 5784] <... exit_group resumed>) = ? [pid 5781] <... futex resumed>) = 0 [pid 5780] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] fstat(4, [pid 5083] <... openat resumed>) = 3 [pid 5082] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5791] symlink("/dev/binderfs", "./binderfs" [pid 5785] +++ exited with 0 +++ [pid 5784] +++ exited with 0 +++ [pid 5781] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5780] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] ioctl(3, LOOP_CLR_FD [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5791] <... symlink resumed>) = 0 [pid 5781] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5780] <... futex resumed>) = 0 [pid 5085] getdents64(4, [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5082] openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5784, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5791] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5781] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5780] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5084] restart_syscall(<... resuming interrupted clone ...> [pid 5083] close(3 [pid 5082] <... openat resumed>) = 4 [pid 5791] <... futex resumed>) = 0 [pid 5781] <... mount resumed>) = 0 [pid 5085] getdents64(4, [pid 5084] <... restart_syscall resumed>) = 0 [pid 5791] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5781] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5083] <... close resumed>) = 0 [pid 5082] fstat(4, [pid 5791] <... mmap resumed>) = 0x7f5659bc2000 [pid 5781] <... futex resumed>) = 1 [pid 5780] <... futex resumed>) = 0 [pid 5085] close(4 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5791] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5781] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5780] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... close resumed>) = 0 [pid 5084] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] getdents64(4, ./strace-static-x86_64: Process 5792 attached [pid 5791] <... mprotect resumed>) = 0 [pid 5781] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5780] <... futex resumed>) = 0 [pid 5085] rmdir("./25/bus" [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5792 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5791] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5781] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5780] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5792] set_robust_list(0x555556f1a5e0, 24 [pid 5781] <... open resumed>) = 6 [pid 5085] <... rmdir resumed>) = 0 [pid 5084] <... openat resumed>) = 3 [pid 5082] getdents64(4, [pid 5792] <... set_robust_list resumed>) = 0 [pid 5791] <... clone resumed>, parent_tid=[5793], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5793 [pid 5781] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] getdents64(3, [pid 5084] fstat(3, [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5792] chdir("./27" [pid 5791] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5781] <... futex resumed>) = 1 [pid 5780] <... futex resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] close(4./strace-static-x86_64: Process 5793 attached [pid 5792] <... chdir resumed>) = 0 [pid 5791] <... futex resumed>) = 0 [pid 5781] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5780] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] close(3 [pid 5084] getdents64(3, [pid 5082] <... close resumed>) = 0 [pid 5793] set_robust_list(0x7f5659be29e0, 24 [pid 5792] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5791] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5781] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5780] <... futex resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] rmdir("./26/bus" [pid 5793] <... set_robust_list resumed>) = 0 [pid 5792] <... prctl resumed>) = 0 [pid 5781] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5780] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] rmdir("./25" [pid 5084] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5793] memfd_create("syzkaller", 0 [pid 5792] setpgid(0, 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... rmdir resumed>) = 0 [pid 5793] <... memfd_create resumed>) = 3 [pid 5792] <... setpgid resumed>) = 0 [pid 5781] <... write resumed>) = 262144 [pid 5085] <... rmdir resumed>) = 0 [pid 5084] lstat("./27/binderfs", [pid 5082] getdents64(3, [pid 5793] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5781] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] mkdir("./26", 0777 [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5793] <... mmap resumed>) = 0x7f56517c2000 [pid 5792] <... openat resumed>) = 3 [pid 5781] <... futex resumed>) = 1 [pid 5780] <... futex resumed>) = 0 [pid 5084] unlink("./27/binderfs" [pid 5793] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5792] write(3, "1000", 4 [pid 5781] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5780] exit_group(0 [pid 5085] <... mkdir resumed>) = 0 [pid 5082] close(3 [pid 5792] <... write resumed>) = 4 [pid 5781] <... futex resumed>) = ? [pid 5780] <... exit_group resumed>) = ? [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5084] <... unlink resumed>) = 0 [pid 5082] <... close resumed>) = 0 [pid 5792] close(3 [pid 5781] +++ exited with 0 +++ [pid 5085] <... openat resumed>) = 3 [pid 5082] rmdir("./26" [pid 5792] <... close resumed>) = 0 [pid 5780] +++ exited with 0 +++ [pid 5085] ioctl(3, LOOP_CLR_FD [pid 5084] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... rmdir resumed>) = 0 [pid 5792] symlink("/dev/binderfs", "./binderfs" [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5082] mkdir("./27", 0777 [pid 5792] <... symlink resumed>) = 0 [pid 5085] close(3 [pid 5082] <... mkdir resumed>) = 0 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5780, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5792] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... close resumed>) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5792] <... futex resumed>) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5082] <... openat resumed>) = 3 [pid 5792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5082] ioctl(3, LOOP_CLR_FD [pid 5792] <... mmap resumed>) = 0x7f5659bc2000 [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5794 [pid 5082] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5792] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5082] close(3 [pid 5792] <... mprotect resumed>) = 0 [pid 5082] <... close resumed>) = 0 [pid 5792] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5794 attached [pid 5793] <... write resumed>) = 1048576 [pid 5792] <... clone resumed>, parent_tid=[5795], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5795 [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5796 [pid 5792] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] set_robust_list(0x555556f1a5e0, 24 [pid 5793] munmap(0x7f56517c2000, 1048576 [pid 5792] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5796 attached [pid 5792] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5794] <... set_robust_list resumed>) = 0 [pid 5793] <... munmap resumed>) = 0 [pid 5796] set_robust_list(0x555556f1a5e0, 24./strace-static-x86_64: Process 5795 attached ) = 0 [pid 5794] chdir("./26" [pid 5793] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5796] chdir("./27" [pid 5795] set_robust_list(0x7f5659be29e0, 24 [pid 5794] <... chdir resumed>) = 0 [pid 5793] <... openat resumed>) = 4 [pid 5796] <... chdir resumed>) = 0 [pid 5795] <... set_robust_list resumed>) = 0 [pid 5794] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5796] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5795] memfd_create("syzkaller", 0 [pid 5794] <... prctl resumed>) = 0 [pid 5793] ioctl(4, LOOP_SET_FD, 3 [pid 5081] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5796] <... prctl resumed>) = 0 [pid 5795] <... memfd_create resumed>) = 3 [pid 5794] setpgid(0, 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5796] setpgid(0, 0 [ 101.822195][ T46] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 101.838163][ T46] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 101.852737][ T46] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:3: mark_inode_dirty error [pid 5795] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5794] <... setpgid resumed>) = 0 [pid 5081] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5796] <... setpgid resumed>) = 0 [pid 5794] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5796] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5794] <... openat resumed>) = 3 [pid 5081] <... openat resumed>) = 3 [pid 5796] <... openat resumed>) = 3 [pid 5795] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5794] write(3, "1000", 4 [pid 5081] fstat(3, [pid 5796] write(3, "1000", 4 [pid 5794] <... write resumed>) = 4 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 101.876305][ T46] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 101.883301][ T5793] loop5: detected capacity change from 0 to 2048 [ 101.891542][ T46] EXT4-fs (loop3): This should not happen!! Data will be lost [ 101.891542][ T46] [pid 5796] <... write resumed>) = 4 [pid 5795] <... write resumed>) = 1048576 [pid 5794] close(3 [pid 5793] <... ioctl resumed>) = 0 [pid 5081] getdents64(3, [pid 5796] close(3 [pid 5795] munmap(0x7f56517c2000, 1048576 [pid 5794] <... close resumed>) = 0 [pid 5793] close(3 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5795] <... munmap resumed>) = 0 [pid 5796] <... close resumed>) = 0 [pid 5793] <... close resumed>) = 0 [pid 5794] symlink("/dev/binderfs", "./binderfs" [pid 5796] symlink("/dev/binderfs", "./binderfs" [pid 5793] mkdir("./bus", 0777 [pid 5081] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5794] <... symlink resumed>) = 0 [pid 5795] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5794] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5794] <... futex resumed>) = 0 [pid 5081] lstat("./26/binderfs", [pid 5795] <... openat resumed>) = 4 [pid 5794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5796] <... symlink resumed>) = 0 [pid 5793] <... mkdir resumed>) = 0 [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5795] ioctl(4, LOOP_SET_FD, 3 [pid 5794] <... mmap resumed>) = 0x7f5659bc2000 [pid 5796] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5796] <... futex resumed>) = 0 [pid 5081] unlink("./26/binderfs") = 0 [pid 5796] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5794] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5081] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5795] <... ioctl resumed>) = 0 [pid 5796] <... mmap resumed>) = 0x7f5659bc2000 [pid 5794] <... mprotect resumed>) = 0 [ 101.915825][ T46] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 101.941580][ T46] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 101.958009][ T5795] loop2: detected capacity change from 0 to 2048 [ 101.964070][ T5084] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5796] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5795] close(3 [pid 5794] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5796] <... mprotect resumed>) = 0 [pid 5795] <... close resumed>) = 0 [pid 5796] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5795] mkdir("./bus", 0777 [pid 5794] <... clone resumed>, parent_tid=[5797], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5797 ./strace-static-x86_64: Process 5797 attached [pid 5795] <... mkdir resumed>) = 0 [pid 5794] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5797] set_robust_list(0x7f5659be29e0, 24 [pid 5794] <... futex resumed>) = 0 [pid 5796] <... clone resumed>, parent_tid=[5799], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5799 [pid 5795] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5794] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5796] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5797] <... set_robust_list resumed>) = 0 [pid 5796] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5797] memfd_create("syzkaller", 0) = 3 ./strace-static-x86_64: Process 5799 attached [pid 5797] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5799] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 5797] <... mmap resumed>) = 0x7f56517c2000 [pid 5799] memfd_create("syzkaller", 0) = 3 [pid 5797] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5084] <... umount2 resumed>) = 0 [ 101.976176][ T11] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 102.013386][ T5793] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5799] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5084] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5799] <... mmap resumed>) = 0x7f56517c2000 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5799] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5084] lstat("./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 102.026965][ T11] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 102.031332][ T5793] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/27/bus supports timestamps until 2038 (0x7fffffff) [ 102.060504][ T5795] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5084] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5799] <... write resumed>) = 1048576 [pid 5793] <... mount resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5799] munmap(0x7f56517c2000, 1048576 [pid 5793] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5799] <... munmap resumed>) = 0 [pid 5793] <... openat resumed>) = 3 [pid 5799] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5793] chdir("./bus" [pid 5799] <... openat resumed>) = 4 [pid 5793] <... chdir resumed>) = 0 [pid 5799] ioctl(4, LOOP_SET_FD, 3 [pid 5793] ioctl(4, LOOP_CLR_FD [pid 5799] <... ioctl resumed>) = 0 [pid 5793] <... ioctl resumed>) = 0 [pid 5797] <... write resumed>) = 1048576 [pid 5084] openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5793] close(4) = 0 [pid 5793] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5793] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5799] close(3) = 0 [pid 5799] mkdir("./bus", 0777) = 0 [pid 5799] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5797] munmap(0x7f56517c2000, 1048576 [pid 5084] <... openat resumed>) = 4 [pid 5791] <... futex resumed>) = 0 [pid 5791] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... futex resumed>) = 0 [pid 5791] <... futex resumed>) = 1 [pid 5793] chdir("./file0" [pid 5791] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5797] <... munmap resumed>) = 0 [pid 5793] <... chdir resumed>) = 0 [pid 5084] fstat(4, [pid 5797] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5793] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5797] <... openat resumed>) = 4 [pid 5793] <... futex resumed>) = 1 [pid 5791] <... futex resumed>) = 0 [pid 5084] getdents64(4, [pid 5797] ioctl(4, LOOP_SET_FD, 3 [ 102.070908][ T5799] loop1: detected capacity change from 0 to 2048 [ 102.079071][ T11] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 102.090702][ T5795] ext4 filesystem being mounted at /root/syzkaller.22hR0w/27/bus supports timestamps until 2038 (0x7fffffff) [ 102.110695][ T11] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5793] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5791] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5795] <... mount resumed>) = 0 [pid 5793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5791] <... futex resumed>) = 0 [pid 5797] <... ioctl resumed>) = 0 [pid 5795] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5793] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5791] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] getdents64(4, [pid 5797] close(3 [pid 5795] <... openat resumed>) = 3 [pid 5795] chdir("./bus") = 0 [pid 5795] ioctl(4, LOOP_CLR_FD [pid 5797] <... close resumed>) = 0 [pid 5795] <... ioctl resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5797] mkdir("./bus", 0777 [pid 5795] close(4 [pid 5793] <... openat resumed>) = 4 [pid 5084] close(4 [pid 5795] <... close resumed>) = 0 [pid 5795] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5795] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5792] <... futex resumed>) = 0 [pid 5795] chdir("./file0" [pid 5792] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5797] <... mkdir resumed>) = 0 [pid 5797] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5793] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... close resumed>) = 0 [pid 5795] <... chdir resumed>) = 0 [pid 5793] <... futex resumed>) = 1 [pid 5791] <... futex resumed>) = 0 [pid 5795] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5791] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] rmdir("./27/bus" [pid 5793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5791] <... futex resumed>) = 0 [ 102.129424][ T5797] loop4: detected capacity change from 0 to 2048 [ 102.137893][ T11] EXT4-fs (loop0): This should not happen!! Data will be lost [ 102.137893][ T11] [ 102.152076][ T11] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5793] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5791] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] <... futex resumed>) = 1 [pid 5793] <... write resumed>) = 262144 [pid 5792] <... futex resumed>) = 0 [pid 5084] <... rmdir resumed>) = 0 [pid 5795] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] getdents64(3, [pid 5795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5792] <... futex resumed>) = 0 [pid 5799] <... mount resumed>) = 0 [pid 5793] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5799] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5793] <... futex resumed>) = 1 [pid 5791] <... futex resumed>) = 0 [pid 5799] <... openat resumed>) = 3 [pid 5793] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5791] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] chdir("./bus" [pid 5793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5791] <... futex resumed>) = 0 [pid 5799] <... chdir resumed>) = 0 [pid 5795] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5793] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5792] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5791] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] close(3 [pid 5799] ioctl(4, LOOP_CLR_FD [pid 5795] <... openat resumed>) = 4 [pid 5793] <... mmap resumed>) = 0x20000000 [pid 5084] <... close resumed>) = 0 [pid 5795] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] rmdir("./27" [pid 5795] <... futex resumed>) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5084] <... rmdir resumed>) = 0 [pid 5799] <... ioctl resumed>) = 0 [pid 5795] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5793] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] mkdir("./28", 0777 [pid 5795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5793] <... futex resumed>) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5791] <... futex resumed>) = 0 [pid 5084] <... mkdir resumed>) = 0 [pid 5799] close(4 [ 102.173996][ T5799] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 102.190536][ T5799] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/27/bus supports timestamps until 2038 (0x7fffffff) [ 102.190715][ T11] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5795] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5793] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5791] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5799] <... close resumed>) = 0 [pid 5793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5791] <... futex resumed>) = 0 [pid 5799] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5791] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5799] <... futex resumed>) = 1 [pid 5796] <... futex resumed>) = 0 [pid 5793] <... open resumed>) = 5 [pid 5084] <... openat resumed>) = 3 [pid 5799] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5796] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5799] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5796] <... futex resumed>) = 0 [pid 5793] <... futex resumed>) = 1 [pid 5791] <... futex resumed>) = 0 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5799] chdir("./file0" [pid 5796] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5791] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] close(3 [pid 5799] <... chdir resumed>) = 0 [pid 5793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5791] <... futex resumed>) = 0 [ 102.236819][ T5081] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.256595][ T5797] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5795] <... write resumed>) = 262144 [pid 5084] <... close resumed>) = 0 [pid 5799] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5791] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5799] <... futex resumed>) = 1 [pid 5796] <... futex resumed>) = 0 [pid 5795] <... futex resumed>) = 1 [pid 5793] <... mount resumed>) = 0 [pid 5792] <... futex resumed>) = 0 [pid 5799] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5796] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5793] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5796] <... futex resumed>) = 0 [pid 5795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5793] <... futex resumed>) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5791] <... futex resumed>) = 0 [pid 5797] <... mount resumed>) = 0 [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5807 [pid 5081] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 5807 attached [pid 5799] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5797] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5796] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5793] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5791] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5807] set_robust_list(0x555556f1a5e0, 24 [pid 5797] <... openat resumed>) = 3 [pid 5795] <... mmap resumed>) = 0x20000000 [pid 5793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5791] <... futex resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5807] <... set_robust_list resumed>) = 0 [pid 5799] <... openat resumed>) = 4 [pid 5797] chdir("./bus" [pid 5795] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5791] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5081] lstat("./26/bus", [pid 5807] chdir("./28" [pid 5799] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5797] <... chdir resumed>) = 0 [pid 5795] <... futex resumed>) = 1 [pid 5793] <... open resumed>) = 6 [pid 5792] <... futex resumed>) = 0 [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5807] <... chdir resumed>) = 0 [pid 5799] <... futex resumed>) = 1 [pid 5797] ioctl(4, LOOP_CLR_FD [pid 5796] <... futex resumed>) = 0 [pid 5795] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5793] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [ 102.291615][ T5797] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/26/bus supports timestamps until 2038 (0x7fffffff) [pid 5081] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5807] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5799] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5797] <... ioctl resumed>) = 0 [pid 5796] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5793] <... futex resumed>) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5791] <... futex resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5807] <... prctl resumed>) = 0 [pid 5799] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5797] close(4 [pid 5796] <... futex resumed>) = 0 [pid 5795] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5793] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5791] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5807] setpgid(0, 0 [pid 5799] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5797] <... close resumed>) = 0 [pid 5795] <... open resumed>) = 5 [pid 5081] <... openat resumed>) = 4 [pid 5807] <... setpgid resumed>) = 0 [pid 5797] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] fstat(4, [pid 5807] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5797] <... futex resumed>) = 1 [pid 5795] <... futex resumed>) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5792] <... futex resumed>) = 0 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5807] <... openat resumed>) = 3 [pid 5797] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5795] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] getdents64(4, [pid 5807] write(3, "1000", 4 [pid 5797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5794] <... futex resumed>) = 0 [pid 5792] <... futex resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5807] <... write resumed>) = 4 [pid 5797] chdir("./file0" [pid 5796] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 5794] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5792] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5791] <... futex resumed>) = 0 [pid 5081] getdents64(4, [pid 5807] close(3 [pid 5797] <... chdir resumed>) = 0 [pid 5795] <... mount resumed>) = 0 [pid 5793] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5791] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5807] <... close resumed>) = 0 [pid 5797] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] close(4 [pid 5807] symlink("/dev/binderfs", "./binderfs" [pid 5797] <... futex resumed>) = 1 [pid 5795] <... futex resumed>) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5792] <... futex resumed>) = 0 [pid 5081] <... close resumed>) = 0 [pid 5807] <... symlink resumed>) = 0 [pid 5797] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5795] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] rmdir("./26/bus" [pid 5807] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5794] <... futex resumed>) = 0 [pid 5792] <... futex resumed>) = 0 [pid 5081] <... rmdir resumed>) = 0 [pid 5807] <... futex resumed>) = 0 [pid 5797] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5795] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5794] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5792] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] getdents64(3, [pid 5807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5795] <... open resumed>) = 6 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5807] <... mmap resumed>) = 0x7f5659bc2000 [pid 5795] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] close(3 [pid 5807] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5797] <... openat resumed>) = 4 [pid 5795] <... futex resumed>) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5081] <... close resumed>) = 0 [pid 5807] <... mprotect resumed>) = 0 [pid 5797] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] rmdir("./26" [pid 5807] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5797] <... futex resumed>) = 1 [pid 5795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5794] <... futex resumed>) = 0 [pid 5792] <... futex resumed>) = 0 [pid 5081] <... rmdir resumed>) = 0 [pid 5797] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5795] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5794] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] mkdir("./27", 0777./strace-static-x86_64: Process 5808 attached [pid 5807] <... clone resumed>, parent_tid=[5808], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5808 [pid 5797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5795] <... write resumed>) = 262144 [pid 5794] <... futex resumed>) = 0 [pid 5793] <... write resumed>) = 262144 [pid 5808] set_robust_list(0x7f5659be29e0, 24 [pid 5807] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] <... write resumed>) = 262144 [pid 5797] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5795] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... mkdir resumed>) = 0 [pid 5808] <... set_robust_list resumed>) = 0 [pid 5807] <... futex resumed>) = 0 [pid 5795] <... futex resumed>) = 1 [pid 5793] <... futex resumed>) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5791] <... futex resumed>) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5808] memfd_create("syzkaller", 0 [pid 5807] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5799] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... openat resumed>) = 3 [pid 5808] <... memfd_create resumed>) = 3 [pid 5799] <... futex resumed>) = 1 [pid 5796] <... futex resumed>) = 0 [pid 5793] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] exit_group(0 [pid 5791] exit_group(0 [pid 5081] ioctl(3, LOOP_CLR_FD [pid 5808] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5799] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5796] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] <... futex resumed>) = ? [pid 5793] <... futex resumed>) = ? [pid 5792] <... exit_group resumed>) = ? [pid 5791] <... exit_group resumed>) = ? [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5808] <... mmap resumed>) = 0x7f56517c2000 [pid 5799] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5796] <... futex resumed>) = 0 [pid 5795] +++ exited with 0 +++ [pid 5793] +++ exited with 0 +++ [pid 5081] close(3 [pid 5799] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5797] <... write resumed>) = 262144 [pid 5796] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5792] +++ exited with 0 +++ [pid 5791] +++ exited with 0 +++ [pid 5081] <... close resumed>) = 0 [pid 5808] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5799] <... mmap resumed>) = 0x20000000 [pid 5797] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5799] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5797] <... futex resumed>) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5791, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5792, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5799] <... futex resumed>) = 1 [pid 5797] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5796] <... futex resumed>) = 0 [pid 5794] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] restart_syscall(<... resuming interrupted clone ...> [pid 5083] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5799] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5796] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... futex resumed>) = 0 [pid 5086] <... restart_syscall resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5809 [pid 5799] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5797] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5796] <... futex resumed>) = 0 [pid 5794] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5809 attached [pid 5799] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5797] <... mmap resumed>) = 0x20000000 [pid 5796] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... openat resumed>) = 3 [pid 5809] set_robust_list(0x555556f1a5e0, 24 [pid 5799] <... open resumed>) = 5 [pid 5797] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] fstat(3, [pid 5809] <... set_robust_list resumed>) = 0 [pid 5799] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5797] <... futex resumed>) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5809] chdir("./27" [pid 5799] <... futex resumed>) = 1 [pid 5797] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5796] <... futex resumed>) = 0 [pid 5794] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] getdents64(3, [pid 5809] <... chdir resumed>) = 0 [pid 5799] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5796] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... futex resumed>) = 0 [pid 5086] <... openat resumed>) = 3 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5809] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5799] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5797] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5796] <... futex resumed>) = 0 [pid 5794] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] fstat(3, [pid 5083] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5809] <... prctl resumed>) = 0 [pid 5808] <... write resumed>) = 1048576 [pid 5799] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5797] <... open resumed>) = 5 [pid 5796] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5809] setpgid(0, 0 [pid 5808] munmap(0x7f56517c2000, 1048576 [pid 5799] <... mount resumed>) = 0 [pid 5797] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] getdents64(3, [pid 5083] lstat("./27/binderfs", [pid 5809] <... setpgid resumed>) = 0 [pid 5808] <... munmap resumed>) = 0 [pid 5799] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5797] <... futex resumed>) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5808] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5799] <... futex resumed>) = 1 [pid 5797] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5796] <... futex resumed>) = 0 [pid 5794] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] unlink("./27/binderfs" [pid 5809] <... openat resumed>) = 3 [pid 5808] <... openat resumed>) = 4 [pid 5799] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5796] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] <... unlink resumed>) = 0 [pid 5809] write(3, "1000", 4 [pid 5808] ioctl(4, LOOP_SET_FD, 3 [pid 5799] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5797] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 5796] <... futex resumed>) = 0 [pid 5794] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] lstat("./27/binderfs", [pid 5083] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5809] <... write resumed>) = 4 [pid 5808] <... ioctl resumed>) = 0 [pid 5799] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5797] <... mount resumed>) = 0 [pid 5796] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5809] close(3 [pid 5799] <... open resumed>) = 6 [pid 5799] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5799] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5808] close(3) = 0 [pid 5808] mkdir("./bus", 0777) = 0 [pid 5808] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5797] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5797] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5794] <... futex resumed>) = 0 [pid 5797] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5794] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5797] <... open resumed>) = 6 [pid 5797] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5797] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5794] <... futex resumed>) = 0 [pid 5797] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5794] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5809] <... close resumed>) = 0 [pid 5796] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] unlink("./27/binderfs" [pid 5809] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5797] <... write resumed>) = 262144 [pid 5796] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... unlink resumed>) = 0 [pid 5809] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5809] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5809] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5810], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5810 [pid 5809] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5809] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5799] <... futex resumed>) = 0 [ 102.481979][ T5808] loop3: detected capacity change from 0 to 2048 [ 102.491443][ T5118] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 102.505676][ T5118] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 102.519820][ T5118] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [pid 5797] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5796] <... futex resumed>) = 1 [pid 5086] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5810 attached [pid 5799] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5797] <... futex resumed>) = 1 [pid 5796] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5810] set_robust_list(0x7f5659be29e0, 24 [pid 5797] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] <... set_robust_list resumed>) = 0 [pid 5810] memfd_create("syzkaller", 0) = 3 [pid 5810] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5810] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5794] <... futex resumed>) = 0 [pid 5794] exit_group(0 [pid 5797] <... futex resumed>) = ? [pid 5794] <... exit_group resumed>) = ? [pid 5799] <... write resumed>) = 262144 [pid 5797] +++ exited with 0 +++ [pid 5794] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5794, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5085] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5085] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, [pid 5799] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5799] <... futex resumed>) = 1 [pid 5796] <... futex resumed>) = 0 [pid 5085] getdents64(3, [pid 5799] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5796] exit_group(0 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5796] <... exit_group resumed>) = ? [ 102.533361][ T5118] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 102.550414][ T11] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 102.560208][ T5118] EXT4-fs (loop2): This should not happen!! Data will be lost [ 102.560208][ T5118] [pid 5085] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5799] <... futex resumed>) = ? [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./26/binderfs" [pid 5799] +++ exited with 0 +++ [pid 5796] +++ exited with 0 +++ [pid 5085] <... unlink resumed>) = 0 [pid 5085] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5796, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5082] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5082] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] unlink("./27/binderfs") = 0 [ 102.579042][ T5118] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 102.597812][ T5808] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 102.610849][ T5808] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/28/bus supports timestamps until 2038 (0x7fffffff) [pid 5082] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5810] <... write resumed>) = 1048576 [pid 5808] <... mount resumed>) = 0 [pid 5810] munmap(0x7f56517c2000, 1048576 [pid 5808] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5810] <... munmap resumed>) = 0 [pid 5808] <... openat resumed>) = 3 [pid 5810] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5808] chdir("./bus" [pid 5810] <... openat resumed>) = 4 [pid 5808] <... chdir resumed>) = 0 [pid 5810] ioctl(4, LOOP_SET_FD, 3 [pid 5808] ioctl(4, LOOP_CLR_FD) = 0 [pid 5808] close(4) = 0 [ 102.615109][ T46] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 102.637058][ T948] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 102.644533][ T5810] loop0: detected capacity change from 0 to 2048 [ 102.650885][ T5118] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 102.656378][ T11] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5808] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5807] <... futex resumed>) = 0 [pid 5808] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5807] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5808] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5807] <... futex resumed>) = 0 [pid 5810] <... ioctl resumed>) = 0 [pid 5808] chdir("./file0" [pid 5807] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5810] close(3 [pid 5808] <... chdir resumed>) = 0 [pid 5810] <... close resumed>) = 0 [pid 5808] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] mkdir("./bus", 0777 [pid 5808] <... futex resumed>) = 1 [pid 5807] <... futex resumed>) = 0 [ 102.690101][ T46] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 102.711788][ T948] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 102.721932][ T11] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [pid 5810] <... mkdir resumed>) = 0 [pid 5808] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5807] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5807] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5810] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5808] <... openat resumed>) = 4 [pid 5808] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5807] <... futex resumed>) = 0 [pid 5807] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5807] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 102.727855][ T5083] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.735407][ T46] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:3: mark_inode_dirty error [ 102.744006][ T948] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [pid 5808] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 5083] <... umount2 resumed>) = 0 [pid 5807] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5807] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f56518a1000 [pid 5807] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5807] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5813], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 5813 [pid 5807] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5807] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5813 attached [pid 5813] set_robust_list(0x7f56518c19e0, 24) = 0 [pid 5813] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 5813] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5807] <... futex resumed>) = 0 [pid 5807] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5807] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5813] <... futex resumed>) = 1 [pid 5813] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5808] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5808] <... futex resumed>) = 0 [pid 5083] lstat("./27/bus", [pid 5813] <... open resumed>) = 5 [pid 5808] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5813] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5807] <... futex resumed>) = 0 [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5807] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5807] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5808] <... futex resumed>) = 0 [pid 5808] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 5083] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5813] <... futex resumed>) = 1 [pid 5813] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5808] <... mount resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 102.786046][ T46] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 102.799216][ T11] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 102.804822][ T948] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 102.815847][ T46] EXT4-fs (loop4): This should not happen!! Data will be lost [ 102.815847][ T46] [pid 5808] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5808] <... futex resumed>) = 1 [pid 5807] <... futex resumed>) = 0 [pid 5807] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5808] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5807] <... futex resumed>) = 0 [pid 5083] <... openat resumed>) = 4 [pid 5807] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5808] <... open resumed>) = 6 [pid 5083] fstat(4, [pid 5808] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5808] <... futex resumed>) = 1 [pid 5807] <... futex resumed>) = 0 [pid 5083] getdents64(4, [pid 5808] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5807] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5808] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5807] <... futex resumed>) = 0 [ 102.841960][ T948] EXT4-fs (loop1): This should not happen!! Data will be lost [ 102.841960][ T948] [ 102.843139][ T11] EXT4-fs (loop5): This should not happen!! Data will be lost [ 102.843139][ T11] [ 102.854239][ T948] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 102.865297][ T46] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [pid 5083] getdents64(4, [pid 5808] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5807] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5083] close(4) = 0 [pid 5083] rmdir("./27/bus") = 0 [pid 5083] getdents64(3, [pid 5808] <... write resumed>) = 262144 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5083] close(3) = 0 [pid 5083] rmdir("./27") = 0 [pid 5083] mkdir("./28", 0777) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5083] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5083] close(3) = 0 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 5816 [ 102.876729][ T11] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 102.907266][ T5810] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 102.919341][ T46] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [pid 5808] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5807] <... futex resumed>) = 0 [pid 5808] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5807] exit_group(0 [pid 5813] <... futex resumed>) = ? [pid 5808] <... futex resumed>) = ? [pid 5807] <... exit_group resumed>) = ? [pid 5813] +++ exited with 0 +++ [pid 5808] +++ exited with 0 +++ [pid 5807] +++ exited with 0 +++ [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5807, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5084] restart_syscall(<... resuming interrupted clone ...>) = 0 ./strace-static-x86_64: Process 5816 attached [pid 5816] set_robust_list(0x555556f1a5e0, 24 [pid 5810] <... mount resumed>) = 0 [pid 5084] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5816] <... set_robust_list resumed>) = 0 [pid 5810] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5816] chdir("./28" [pid 5810] <... openat resumed>) = 3 [pid 5816] <... chdir resumed>) = 0 [pid 5810] chdir("./bus" [pid 5816] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5810] <... chdir resumed>) = 0 [pid 5816] <... prctl resumed>) = 0 [pid 5810] ioctl(4, LOOP_CLR_FD [pid 5816] setpgid(0, 0 [pid 5810] <... ioctl resumed>) = 0 [pid 5816] <... setpgid resumed>) = 0 [ 102.937993][ T948] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 102.951573][ T5810] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/27/bus supports timestamps until 2038 (0x7fffffff) [ 102.955292][ T5085] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5810] close(4 [pid 5816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5810] <... close resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5816] <... openat resumed>) = 3 [pid 5810] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5816] write(3, "1000", 4 [pid 5810] <... futex resumed>) = 1 [pid 5809] <... futex resumed>) = 0 [pid 5816] <... write resumed>) = 4 [pid 5810] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5809] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5816] close(3 [pid 5810] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5809] <... futex resumed>) = 0 [pid 5816] <... close resumed>) = 0 [pid 5810] chdir("./file0" [pid 5809] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5816] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5084] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5816] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5810] <... chdir resumed>) = 0 [pid 5816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5084] <... openat resumed>) = 3 [pid 5816] <... mmap resumed>) = 0x7f5659bc2000 [pid 5810] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5816] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5810] <... futex resumed>) = 1 [pid 5809] <... futex resumed>) = 0 [pid 5816] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5084] fstat(3, [pid 5816] <... clone resumed>, parent_tid=[5817], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5817 [pid 5816] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5816] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5809] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5809] <... futex resumed>) = 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5809] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5084] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] lstat("./28/binderfs", [pid 5810] <... openat resumed>) = 4 [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5810] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] unlink("./28/binderfs") = 0 [pid 5810] <... futex resumed>) = 1 [pid 5809] <... futex resumed>) = 0 [pid 5084] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5809] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5809] <... futex resumed>) = 0 [ 102.980493][ T11] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 102.982953][ T5082] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.010966][ T5086] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5809] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5817 attached [pid 5817] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 5817] memfd_create("syzkaller", 0) = 3 [pid 5817] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5086] <... umount2 resumed>) = 0 [pid 5817] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5809] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5809] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f56518a1000 [pid 5809] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5809] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5818], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 5818 [pid 5809] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 103.048218][ T9] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 5809] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... umount2 resumed>) = 0 [pid 5082] <... umount2 resumed>) = 0 [pid 5810] <... write resumed>) = 262144 ./strace-static-x86_64: Process 5818 attached [pid 5086] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5818] set_robust_list(0x7f56518c19e0, 24 [pid 5817] <... write resumed>) = 1048576 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5818] <... set_robust_list resumed>) = 0 [pid 5086] lstat("./27/bus", [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] lstat("./26/bus", [pid 5818] <... mmap resumed>) = 0x20000000 [pid 5810] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] lstat("./27/bus", [pid 5818] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5818] <... futex resumed>) = 1 [pid 5810] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5809] <... futex resumed>) = 0 [pid 5086] openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5818] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5809] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5809] <... futex resumed>) = 1 [pid 5082] openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5809] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... openat resumed>) = 4 [pid 5082] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5082] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] close(4) = 0 [pid 5082] rmdir("./27/bus" [pid 5086] <... openat resumed>) = 4 [pid 5082] <... rmdir resumed>) = 0 [pid 5817] munmap(0x7f56517c2000, 1048576 [pid 5810] <... futex resumed>) = 0 [pid 5086] fstat(4, [pid 5085] openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] getdents64(3, [pid 5817] <... munmap resumed>) = 0 [pid 5810] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5085] <... openat resumed>) = 4 [pid 5082] close(3 [pid 5810] <... open resumed>) = 5 [pid 5082] <... close resumed>) = 0 [pid 5082] rmdir("./27") = 0 [pid 5082] mkdir("./28", 0777) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5082] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5082] close(3) = 0 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 5819 ./strace-static-x86_64: Process 5819 attached [pid 5819] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 5819] chdir("./28") = 0 [ 103.140719][ T9] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 103.155280][ T27] kauditd_printk_skb: 13 callbacks suppressed [ 103.155298][ T27] audit: type=1800 audit(1678856054.555:169): pid=5810 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop0" ino=19 res=0 errno=0 [pid 5819] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5817] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5810] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] getdents64(4, [pid 5085] fstat(4, [pid 5819] setpgid(0, 0) = 0 [pid 5809] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5817] <... openat resumed>) = 4 [pid 5810] <... futex resumed>) = 0 [pid 5809] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... openat resumed>) = 3 [pid 5817] ioctl(4, LOOP_SET_FD, 3 [pid 5810] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5819] write(3, "1000", 4 [pid 5809] <... futex resumed>) = 0 [pid 5819] <... write resumed>) = 4 [pid 5809] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] close(3) = 0 [pid 5819] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5819] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5819] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5817] <... ioctl resumed>) = 0 [pid 5810] <... mount resumed>) = 0 [pid 5086] getdents64(4, [pid 5085] getdents64(4, [pid 5819] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5819] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5820], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5820 [pid 5819] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5819] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5820 attached [pid 5820] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 5820] memfd_create("syzkaller", 0 [pid 5817] close(3 [pid 5810] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5817] <... close resumed>) = 0 [pid 5810] <... futex resumed>) = 1 [pid 5809] <... futex resumed>) = 0 [pid 5086] close(4 [pid 5085] getdents64(4, [pid 5820] <... memfd_create resumed>) = 3 [pid 5817] mkdir("./bus", 0777 [pid 5810] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5809] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... close resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5820] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5809] <... futex resumed>) = 0 [pid 5820] <... mmap resumed>) = 0x7f56517c2000 [ 103.183887][ T9] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [ 103.197311][ T9] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 103.199189][ T5817] loop2: detected capacity change from 0 to 2048 [ 103.218185][ T9] EXT4-fs (loop3): This should not happen!! Data will be lost [ 103.218185][ T9] [pid 5809] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5817] <... mkdir resumed>) = 0 [pid 5810] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] rmdir("./27/bus" [pid 5085] close(4 [pid 5086] <... rmdir resumed>) = 0 [pid 5810] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5086] getdents64(3, [pid 5085] <... close resumed>) = 0 [pid 5817] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5810] <... open resumed>) = 6 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5085] rmdir("./26/bus" [pid 5810] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] close(3 [pid 5085] <... rmdir resumed>) = 0 [pid 5810] <... futex resumed>) = 1 [pid 5809] <... futex resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5810] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] rmdir("./27" [pid 5085] getdents64(3, [pid 5809] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... rmdir resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5086] mkdir("./28", 0777 [pid 5085] close(3 [pid 5810] <... futex resumed>) = 0 [pid 5809] <... futex resumed>) = 1 [pid 5085] <... close resumed>) = 0 [pid 5809] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5810] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5086] <... mkdir resumed>) = 0 [pid 5085] rmdir("./26" [pid 5820] <... write resumed>) = 1048576 [pid 5820] munmap(0x7f56517c2000, 1048576) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5820] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5085] <... rmdir resumed>) = 0 [pid 5086] <... openat resumed>) = 3 [pid 5085] mkdir("./27", 0777 [pid 5086] ioctl(3, LOOP_CLR_FD [pid 5085] <... mkdir resumed>) = 0 [pid 5086] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5810] <... write resumed>) = 262144 [pid 5086] close(3 [pid 5085] <... openat resumed>) = 3 [pid 5810] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... close resumed>) = 0 [pid 5085] ioctl(3, LOOP_CLR_FD [pid 5810] <... futex resumed>) = 1 [pid 5809] <... futex resumed>) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5810] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5809] exit_group(0 [pid 5085] close(3 [pid 5818] <... futex resumed>) = ? [pid 5810] <... futex resumed>) = ? [pid 5809] <... exit_group resumed>) = ? [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5822 [pid 5085] <... close resumed>) = 0 [pid 5818] +++ exited with 0 +++ [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 5823 [pid 5810] +++ exited with 0 +++ [pid 5809] +++ exited with 0 +++ [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5809, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- ./strace-static-x86_64: Process 5823 attached [pid 5084] <... umount2 resumed>) = 0 [ 103.231462][ T9] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 103.250536][ T9] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 103.271151][ T5084] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.281432][ T5820] loop1: detected capacity change from 0 to 2048 [pid 5820] close(3 [pid 5081] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5820] <... close resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] mkdir("./bus", 0777 [pid 5081] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... mkdir resumed>) = 0 [pid 5081] <... openat resumed>) = 3 [pid 5820] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5081] fstat(3, [pid 5823] set_robust_list(0x555556f1a5e0, 24 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 ./strace-static-x86_64: Process 5822 attached [pid 5081] getdents64(3, [pid 5822] set_robust_list(0x555556f1a5e0, 24 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5822] <... set_robust_list resumed>) = 0 [pid 5081] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5822] chdir("./28" [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... chdir resumed>) = 0 [pid 5081] lstat("./27/binderfs", [pid 5822] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5822] <... prctl resumed>) = 0 [pid 5081] unlink("./27/binderfs" [pid 5822] setpgid(0, 0 [pid 5081] <... unlink resumed>) = 0 [pid 5822] <... setpgid resumed>) = 0 [pid 5081] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5822] write(3, "1000", 4) = 4 [pid 5822] close(3) = 0 [pid 5822] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5822] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5822] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5822] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5825], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5825 [pid 5822] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5825 attached [pid 5825] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 5825] memfd_create("syzkaller", 0) = 3 [pid 5825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5823] <... set_robust_list resumed>) = 0 [ 103.329236][ T5817] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 103.343146][ T46] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 103.358505][ T5817] ext4 filesystem being mounted at /root/syzkaller.22hR0w/28/bus supports timestamps until 2038 (0x7fffffff) [pid 5084] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5823] chdir("./27" [pid 5825] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5823] <... chdir resumed>) = 0 [pid 5817] <... mount resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5823] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5084] lstat("./28/bus", [pid 5823] <... prctl resumed>) = 0 [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5823] setpgid(0, 0 [pid 5084] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5823] <... setpgid resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5084] openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5823] <... openat resumed>) = 3 [pid 5823] write(3, "1000", 4 [pid 5084] <... openat resumed>) = 4 [pid 5823] <... write resumed>) = 4 [pid 5817] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5084] fstat(4, [pid 5823] close(3 [pid 5817] <... openat resumed>) = 3 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5823] <... close resumed>) = 0 [pid 5817] chdir("./bus" [ 103.370357][ T46] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 103.381491][ T46] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:3: mark_inode_dirty error [ 103.417810][ T5820] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5084] getdents64(4, [pid 5823] symlink("/dev/binderfs", "./binderfs" [pid 5817] <... chdir resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5825] <... write resumed>) = 1048576 [pid 5825] munmap(0x7f56517c2000, 1048576 [pid 5823] <... symlink resumed>) = 0 [pid 5817] ioctl(4, LOOP_CLR_FD [pid 5084] getdents64(4, [pid 5820] <... mount resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5825] <... munmap resumed>) = 0 [pid 5823] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... ioctl resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5825] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5823] <... futex resumed>) = 0 [pid 5817] close(4 [pid 5084] close(4 [pid 5825] <... openat resumed>) = 4 [pid 5823] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5817] <... close resumed>) = 0 [pid 5084] <... close resumed>) = 0 [ 103.421176][ T46] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 103.434678][ T5820] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/28/bus supports timestamps until 2038 (0x7fffffff) [ 103.448555][ T46] EXT4-fs (loop0): This should not happen!! Data will be lost [ 103.448555][ T46] [ 103.466617][ T46] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [pid 5825] ioctl(4, LOOP_SET_FD, 3 [pid 5823] <... mmap resumed>) = 0x7f5659bc2000 [pid 5817] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] rmdir("./28/bus" [pid 5825] <... ioctl resumed>) = 0 [pid 5823] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5820] chdir("./bus" [pid 5817] <... futex resumed>) = 1 [pid 5816] <... futex resumed>) = 0 [pid 5084] <... rmdir resumed>) = 0 [pid 5820] <... chdir resumed>) = 0 [pid 5820] ioctl(4, LOOP_CLR_FD) = 0 [pid 5820] close(4) = 0 [pid 5820] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5819] <... futex resumed>) = 0 [pid 5820] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5819] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5819] <... futex resumed>) = 0 [pid 5820] chdir("./file0" [pid 5819] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5825] close(3) = 0 [pid 5825] mkdir("./bus", 0777) = 0 [pid 5825] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5816] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... chdir resumed>) = 0 [pid 5816] <... futex resumed>) = 0 [pid 5820] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5816] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] <... futex resumed>) = 1 [pid 5823] <... mprotect resumed>) = 0 [pid 5820] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5819] <... futex resumed>) = 0 [pid 5817] chdir("./file0" [pid 5819] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... chdir resumed>) = 0 [pid 5820] <... futex resumed>) = 0 [pid 5819] <... futex resumed>) = 1 [pid 5823] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5820] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5819] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5817] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] getdents64(3, [pid 5817] <... futex resumed>) = 1 [pid 5816] <... futex resumed>) = 0 [pid 5816] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5817] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5816] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5828 attached [pid 5823] <... clone resumed>, parent_tid=[5828], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5828 [pid 5820] <... openat resumed>) = 4 [pid 5817] <... openat resumed>) = 4 [ 103.473961][ T5825] loop5: detected capacity change from 0 to 2048 [ 103.489922][ T46] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5823] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] close(3 [pid 5823] <... futex resumed>) = 0 [pid 5820] <... futex resumed>) = 1 [pid 5817] <... futex resumed>) = 1 [pid 5816] <... futex resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 5823] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5820] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5817] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5816] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] rmdir("./28" [pid 5817] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5816] <... futex resumed>) = 0 [pid 5084] <... rmdir resumed>) = 0 [pid 5817] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5816] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] mkdir("./29", 0777 [pid 5828] set_robust_list(0x7f5659be29e0, 24 [pid 5819] <... futex resumed>) = 0 [pid 5084] <... mkdir resumed>) = 0 [pid 5828] <... set_robust_list resumed>) = 0 [pid 5819] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... write resumed>) = 262144 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] memfd_create("syzkaller", 0 [pid 5825] <... mount resumed>) = 0 [pid 5820] <... futex resumed>) = 0 [pid 5819] <... futex resumed>) = 1 [pid 5817] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] <... memfd_create resumed>) = 3 [pid 5825] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5819] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... openat resumed>) = 3 [pid 5828] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5820] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5817] <... futex resumed>) = 1 [pid 5816] <... futex resumed>) = 0 [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5828] <... mmap resumed>) = 0x7f56517c2000 [pid 5825] <... openat resumed>) = 3 [pid 5825] chdir("./bus" [pid 5817] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5825] <... chdir resumed>) = 0 [pid 5825] ioctl(4, LOOP_CLR_FD) = 0 [pid 5825] close(4) = 0 [pid 5825] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5828] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5822] <... futex resumed>) = 0 [pid 5820] <... write resumed>) = 262144 [pid 5816] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5828] <... write resumed>) = 1048576 [pid 5822] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... futex resumed>) = 0 [pid 5816] <... futex resumed>) = 1 [pid 5084] close(3 [pid 5081] <... umount2 resumed>) = 0 [pid 5825] <... futex resumed>) = 0 [pid 5822] <... futex resumed>) = 1 [pid 5820] <... futex resumed>) = 1 [pid 5819] <... futex resumed>) = 0 [pid 5817] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5816] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... close resumed>) = 0 [pid 5081] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5825] chdir("./file0" [pid 5822] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5819] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... mmap resumed>) = 0x20000000 [ 103.528274][ T5081] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.540303][ T5825] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 103.552263][ T5825] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/28/bus supports timestamps until 2038 (0x7fffffff) [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5825] <... chdir resumed>) = 0 [pid 5820] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5819] <... futex resumed>) = 0 [pid 5817] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5817] <... futex resumed>) = 1 [pid 5825] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... mmap resumed>) = 0x20000000 [pid 5819] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5817] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5816] <... futex resumed>) = 0 [pid 5081] lstat("./27/bus", [pid 5825] <... futex resumed>) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5820] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5816] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5831 [pid 5825] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... futex resumed>) = 0 [pid 5819] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... futex resumed>) = 0 [pid 5816] <... futex resumed>) = 1 [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5825] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5822] <... futex resumed>) = 0 [pid 5820] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5819] <... futex resumed>) = 0 [pid 5817] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5816] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5825] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5822] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] <... open resumed>) = 5 [pid 5817] <... open resumed>) = 5 [pid 5820] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... futex resumed>) = 0 [pid 5817] <... futex resumed>) = 0 [pid 5820] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5817] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5828] munmap(0x7f56517c2000, 1048576) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5828] ioctl(4, LOOP_SET_FD, 3 [pid 5819] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5816] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... ioctl resumed>) = 0 [pid 5828] close(3) = 0 [pid 5828] mkdir("./bus", 0777) = 0 [pid 5828] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue"./strace-static-x86_64: Process 5831 attached [pid 5819] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5819] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5816] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... futex resumed>) = 1 [pid 5816] <... futex resumed>) = 1 [pid 5081] openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... futex resumed>) = 0 [pid 5817] <... futex resumed>) = 0 [pid 5820] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5817] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 5819] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5816] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... openat resumed>) = 4 [pid 5081] fstat(4, [pid 5825] <... openat resumed>) = 4 [pid 5820] <... mount resumed>) = 0 [pid 5817] <... mount resumed>) = 0 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5825] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] getdents64(4, [pid 5825] <... futex resumed>) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5820] <... futex resumed>) = 1 [pid 5819] <... futex resumed>) = 0 [pid 5817] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5825] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5822] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5819] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... futex resumed>) = 1 [pid 5816] <... futex resumed>) = 0 [pid 5081] getdents64(4, [pid 5822] <... futex resumed>) = 0 [pid 5820] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5819] <... futex resumed>) = 0 [pid 5817] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5816] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5819] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5817] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5816] <... futex resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5831] set_robust_list(0x555556f1a5e0, 24 [pid 5820] <... open resumed>) = 6 [pid 5817] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5816] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] close(4 [pid 5831] <... set_robust_list resumed>) = 0 [pid 5820] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... open resumed>) = 6 [pid 5081] <... close resumed>) = 0 [pid 5831] chdir("./29" [pid 5820] <... futex resumed>) = 1 [pid 5819] <... futex resumed>) = 0 [pid 5817] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... chdir resumed>) = 0 [pid 5820] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5819] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... futex resumed>) = 1 [pid 5816] <... futex resumed>) = 0 [pid 5081] rmdir("./27/bus" [pid 5831] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5819] <... futex resumed>) = 0 [pid 5817] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5816] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... prctl resumed>) = 0 [pid 5820] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5817] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5831] setpgid(0, 0 [pid 5819] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5817] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5816] <... futex resumed>) = 0 [pid 5081] <... rmdir resumed>) = 0 [pid 5831] <... setpgid resumed>) = 0 [pid 5820] <... write resumed>) = 262144 [pid 5816] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] getdents64(3, [pid 5831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5820] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... write resumed>) = 262144 [pid 5831] <... openat resumed>) = 3 [pid 5820] <... futex resumed>) = 1 [pid 5819] <... futex resumed>) = 0 [ 103.615475][ T27] audit: type=1800 audit(1678856055.015:170): pid=5820 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop1" ino=19 res=0 errno=0 [ 103.636375][ T5828] loop4: detected capacity change from 0 to 2048 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5831] write(3, "1000", 4 [pid 5820] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5819] exit_group(0 [pid 5817] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] close(3 [pid 5820] <... futex resumed>) = ? [pid 5819] <... exit_group resumed>) = ? [pid 5831] <... write resumed>) = 4 [pid 5820] +++ exited with 0 +++ [pid 5817] <... futex resumed>) = 1 [pid 5816] <... futex resumed>) = 0 [pid 5831] close(3 [pid 5817] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] <... close resumed>) = 0 [pid 5831] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5831] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5819] +++ exited with 0 +++ [pid 5816] exit_group(0 [pid 5831] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5831] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5834], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5834 [pid 5831] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5816] <... exit_group resumed>) = ? [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5819, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5081] <... close resumed>) = 0 [pid 5822] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5834 attached [pid 5825] <... write resumed>) = 262144 [pid 5822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5817] <... futex resumed>) = ? [pid 5081] rmdir("./27" [pid 5834] set_robust_list(0x7f5659be29e0, 24 [pid 5822] <... mmap resumed>) = 0x7f56518a1000 [pid 5082] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... rmdir resumed>) = 0 [pid 5834] <... set_robust_list resumed>) = 0 [ 103.681493][ T27] audit: type=1800 audit(1678856055.015:171): pid=5817 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop2" ino=19 res=0 errno=0 [ 103.711966][ T5828] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5822] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 5817] +++ exited with 0 +++ [pid 5816] +++ exited with 0 +++ [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] mkdir("./28", 0777 [pid 5834] memfd_create("syzkaller", 0 [pid 5822] <... mprotect resumed>) = 0 [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5816, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5082] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5825] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] <... mkdir resumed>) = 0 [pid 5834] <... memfd_create resumed>) = 3 [pid 5082] <... openat resumed>) = 3 [pid 5834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] <... mount resumed>) = 0 [pid 5822] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5082] fstat(3, [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5834] <... mmap resumed>) = 0x7f56517c2000 [pid 5825] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5822] <... clone resumed>, parent_tid=[5835], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 5835 [pid 5082] getdents64(3, [pid 5081] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5835 attached [pid 5835] set_robust_list(0x7f56518c19e0, 24) = 0 [pid 5835] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [ 103.730433][ T5828] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/27/bus supports timestamps until 2038 (0x7fffffff) [pid 5834] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5828] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5822] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] ioctl(3, LOOP_CLR_FD [pid 5828] <... openat resumed>) = 3 [pid 5822] <... futex resumed>) = 1 [pid 5083] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5828] chdir("./bus" [pid 5822] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... chdir resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./28/binderfs", [pid 5081] close(3 [pid 5828] ioctl(4, LOOP_CLR_FD [pid 5083] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5834] <... write resumed>) = 1048576 [pid 5828] <... ioctl resumed>) = 0 [pid 5083] <... openat resumed>) = 3 [pid 5081] <... close resumed>) = 0 [pid 5834] munmap(0x7f56517c2000, 1048576 [pid 5828] close(4 [pid 5083] fstat(3, [pid 5082] unlink("./28/binderfs" [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5834] <... munmap resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... unlink resumed>) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] getdents64(3, [pid 5082] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5836 [pid 5834] <... openat resumed>) = 4 [pid 5828] <... futex resumed>) = 1 [pid 5823] <... futex resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5834] ioctl(4, LOOP_SET_FD, 3 [pid 5828] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5823] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5835] <... futex resumed>) = 0 [pid 5835] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 5835] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... futex resumed>) = 0 [pid 5822] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = 0 [pid 5822] <... futex resumed>) = 1 [pid 5825] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5822] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... futex resumed>) = 1 [pid 5828] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5825] <... open resumed>) = 5 [pid 5823] <... futex resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5835] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5825] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5825] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5822] <... futex resumed>) = 0 [pid 5825] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5822] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5825] <... mount resumed>) = 0 [pid 5825] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5825] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5822] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5836 attached [pid 5825] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5822] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5836] set_robust_list(0x555556f1a5e0, 24 [pid 5825] <... open resumed>) = 6 [pid 5836] <... set_robust_list resumed>) = 0 [pid 5825] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] chdir("./28" [pid 5825] <... futex resumed>) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5836] <... chdir resumed>) = 0 [pid 5825] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 103.777352][ T9] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 103.778790][ T5834] loop3: detected capacity change from 0 to 2048 [ 103.797597][ T27] audit: type=1800 audit(1678856055.195:172): pid=5825 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop5" ino=19 res=0 errno=0 [pid 5823] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] <... ioctl resumed>) = 0 [pid 5828] chdir("./file0" [pid 5825] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5822] <... futex resumed>) = 0 [pid 5083] lstat("./28/binderfs", [pid 5836] <... prctl resumed>) = 0 [pid 5834] close(3 [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5834] <... close resumed>) = 0 [pid 5083] unlink("./28/binderfs" [pid 5836] setpgid(0, 0 [pid 5834] mkdir("./bus", 0777 [pid 5828] <... chdir resumed>) = 0 [pid 5825] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5822] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... unlink resumed>) = 0 [pid 5836] <... setpgid resumed>) = 0 [pid 5834] <... mkdir resumed>) = 0 [pid 5828] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5834] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] <... futex resumed>) = 1 [pid 5823] <... futex resumed>) = 0 [pid 5836] <... openat resumed>) = 3 [pid 5828] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5823] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] write(3, "1000", 4 [pid 5823] <... futex resumed>) = 0 [pid 5836] <... write resumed>) = 4 [pid 5823] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5836] close(3 [pid 5828] <... openat resumed>) = 4 [pid 5836] <... close resumed>) = 0 [pid 5828] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] symlink("/dev/binderfs", "./binderfs" [pid 5828] <... futex resumed>) = 1 [pid 5823] <... futex resumed>) = 0 [pid 5836] <... symlink resumed>) = 0 [pid 5828] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 103.820960][ T9] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5823] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5836] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5836] <... futex resumed>) = 0 [pid 5828] <... write resumed>) = 262144 [pid 5825] <... write resumed>) = 262144 [pid 5822] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] <... mount resumed>) = 0 [ 103.855946][ T948] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 103.870382][ T9] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [ 103.885445][ T5834] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/29/bus supports timestamps until 2038 (0x7fffffff) [pid 5836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5828] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... mmap resumed>) = 0x7f5659bc2000 [pid 5828] <... futex resumed>) = 1 [pid 5825] <... futex resumed>) = 0 [pid 5823] <... futex resumed>) = 0 [pid 5822] exit_group(0) = ? [pid 5834] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5834] chdir("./bus") = 0 [pid 5834] ioctl(4, LOOP_CLR_FD [pid 5836] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5835] <... futex resumed>) = ? [pid 5828] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5823] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... ioctl resumed>) = 0 [pid 5834] close(4) = 0 [pid 5834] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] <... mprotect resumed>) = 0 [pid 5835] +++ exited with 0 +++ [pid 5831] <... futex resumed>) = 0 [pid 5828] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5825] +++ exited with 0 +++ [pid 5823] <... futex resumed>) = 0 [pid 5822] +++ exited with 0 +++ [pid 5836] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5831] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5823] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5822, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5834] <... futex resumed>) = 0 [pid 5831] <... futex resumed>) = 1 [pid 5836] <... clone resumed>, parent_tid=[5839], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5839 [pid 5834] chdir("./file0" [pid 5831] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5828] <... mmap resumed>) = 0x20000000 [pid 5836] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] <... chdir resumed>) = 0 [pid 5828] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5834] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] <... futex resumed>) = 1 [pid 5823] <... futex resumed>) = 0 [pid 5834] <... futex resumed>) = 1 [pid 5831] <... futex resumed>) = 0 [pid 5828] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5823] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5823] <... futex resumed>) = 0 [pid 5834] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5831] <... futex resumed>) = 0 [pid 5828] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5834] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5831] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 103.887421][ T948] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 103.907945][ T9] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 103.921183][ T948] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [ 103.931273][ T9] EXT4-fs (loop1): This should not happen!! Data will be lost [ 103.931273][ T9] [pid 5823] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5839 attached [pid 5834] <... openat resumed>) = 4 [pid 5828] <... open resumed>) = 5 [pid 5086] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5086] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5839] set_robust_list(0x7f5659be29e0, 24 [pid 5834] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 103.952529][ T27] audit: type=1800 audit(1678856055.355:173): pid=5828 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop4" ino=19 res=0 errno=0 [ 103.970048][ T948] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 103.985756][ T9] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 103.988418][ T948] EXT4-fs (loop2): This should not happen!! Data will be lost [pid 5086] lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./28/binderfs" [pid 5839] <... set_robust_list resumed>) = 0 [pid 5834] <... futex resumed>) = 1 [pid 5831] <... futex resumed>) = 0 [pid 5828] <... futex resumed>) = 1 [pid 5823] <... futex resumed>) = 0 [pid 5086] <... unlink resumed>) = 0 [pid 5086] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5839] memfd_create("syzkaller", 0 [pid 5834] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5823] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] <... memfd_create resumed>) = 3 [pid 5834] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5831] <... futex resumed>) = 0 [pid 5828] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5823] <... futex resumed>) = 0 [pid 5839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5834] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5831] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5828] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 5823] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] <... mmap resumed>) = 0x7f56517c2000 [pid 5828] <... mount resumed>) = 0 [ 103.988418][ T948] [ 104.012635][ T948] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 104.027232][ T948] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 104.031943][ T9] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 5828] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5823] <... futex resumed>) = 0 [pid 5828] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5823] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] <... open resumed>) = 6 [pid 5823] <... futex resumed>) = 0 [pid 5828] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5828] <... futex resumed>) = 0 [pid 5823] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5828] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5823] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5828] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5823] <... futex resumed>) = 0 [pid 5828] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5823] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5828] <... write resumed>) = 262144 [pid 5828] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] <... futex resumed>) = 0 [pid 5823] exit_group(0) = ? [pid 5828] <... futex resumed>) = ? [pid 5083] <... umount2 resumed>) = 0 [pid 5831] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5828] +++ exited with 0 +++ [pid 5823] +++ exited with 0 +++ [pid 5831] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5823, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5831] <... futex resumed>) = 0 [pid 5834] <... write resumed>) = 262144 [pid 5831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f56518a1000 [pid 5085] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5831] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... mprotect resumed>) = 0 [pid 5085] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5834] <... futex resumed>) = 0 [pid 5831] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5085] <... openat resumed>) = 3 [pid 5083] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5834] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] fstat(3, [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... clone resumed>, parent_tid=[5840], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 5840 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] lstat("./28/bus", [pid 5831] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] getdents64(3, [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5831] <... futex resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5831] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./27/binderfs", [pid 5083] openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5840 attached [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 104.054796][ T46] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [pid 5083] <... openat resumed>) = 4 [pid 5840] set_robust_list(0x7f56518c19e0, 24 [pid 5085] unlink("./27/binderfs" [pid 5083] fstat(4, [pid 5840] <... set_robust_list resumed>) = 0 [pid 5085] <... unlink resumed>) = 0 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5840] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5085] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] getdents64(4, [pid 5840] <... mmap resumed>) = 0x20000000 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5840] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] getdents64(4, [pid 5840] <... futex resumed>) = 1 [pid 5831] <... futex resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5840] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] close(4 [pid 5834] <... futex resumed>) = 0 [pid 5831] <... futex resumed>) = 1 [pid 5083] <... close resumed>) = 0 [pid 5834] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5831] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] rmdir("./28/bus" [pid 5839] <... write resumed>) = 1048576 [pid 5834] <... open resumed>) = 5 [pid 5839] munmap(0x7f56517c2000, 1048576 [pid 5083] <... rmdir resumed>) = 0 [pid 5839] <... munmap resumed>) = 0 [pid 5083] getdents64(3, [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5839] <... openat resumed>) = 4 [pid 5083] close(3 [pid 5839] ioctl(4, LOOP_SET_FD, 3 [pid 5083] <... close resumed>) = 0 [ 104.116457][ T27] audit: type=1800 audit(1678856055.515:174): pid=5834 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop3" ino=19 res=0 errno=0 [ 104.138128][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 104.147519][ T5839] loop0: detected capacity change from 0 to 2048 [pid 5839] <... ioctl resumed>) = 0 [pid 5834] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] rmdir("./28" [pid 5839] close(3 [pid 5834] <... futex resumed>) = 1 [pid 5831] <... futex resumed>) = 0 [pid 5083] <... rmdir resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5083] mkdir("./29", 0777 [pid 5839] mkdir("./bus", 0777 [pid 5083] <... mkdir resumed>) = 0 [pid 5839] <... mkdir resumed>) = 0 [pid 5834] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 5831] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5834] <... mount resumed>) = 0 [pid 5831] <... futex resumed>) = 0 [pid 5083] <... openat resumed>) = 3 [pid 5834] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... futex resumed>) = 0 [pid 5831] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 104.159099][ T46] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 104.160957][ T11] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 104.192493][ T11] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [pid 5083] close(3 [pid 5834] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5831] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... close resumed>) = 0 [pid 5082] <... umount2 resumed>) = 0 [pid 5831] <... futex resumed>) = 0 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5842 [pid 5834] <... open resumed>) = 6 [pid 5834] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5834] <... futex resumed>) = 1 [pid 5831] <... futex resumed>) = 0 [pid 5834] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5831] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... futex resumed>) = 0 [ 104.210852][ T46] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:3: mark_inode_dirty error [ 104.223126][ T11] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 104.236879][ T46] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 104.252172][ T5839] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/28/bus supports timestamps until 2038 (0x7fffffff) [pid 5831] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] lstat("./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5082] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5082] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] close(4) = 0 [pid 5082] rmdir("./28/bus") = 0 [pid 5082] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] close(3) = 0 [pid 5082] rmdir("./28") = 0 [pid 5082] mkdir("./29", 0777) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 ./strace-static-x86_64: Process 5842 attached [pid 5842] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 5842] chdir("./29") = 0 [pid 5842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5842] setpgid(0, 0) = 0 [pid 5842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5082] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5842] <... openat resumed>) = 3 [pid 5082] close(3 [pid 5842] write(3, "1000", 4) = 4 [pid 5842] close(3) = 0 [pid 5831] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5082] <... close resumed>) = 0 [pid 5842] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5842] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5842] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5842] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5842] <... clone resumed>, parent_tid=[5844], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5844 [pid 5842] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5845 [ 104.259375][ T11] EXT4-fs (loop4): This should not happen!! Data will be lost [ 104.259375][ T11] [ 104.298853][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5842] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5834] <... write resumed>) = 262144 ./strace-static-x86_64: Process 5845 attached [pid 5834] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] set_robust_list(0x555556f1a5e0, 24./strace-static-x86_64: Process 5844 attached ) = 0 [pid 5839] <... mount resumed>) = 0 [pid 5834] <... futex resumed>) = 0 [pid 5831] exit_group(0) = ? [pid 5845] chdir("./29") = 0 [pid 5845] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5845] setpgid(0, 0) = 0 [pid 5845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5845] write(3, "1000", 4) = 4 [pid 5845] close(3) = 0 [pid 5845] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5845] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5845] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5845] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5844] set_robust_list(0x7f5659be29e0, 24 [pid 5839] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5840] <... futex resumed>) = ? [pid 5844] <... set_robust_list resumed>) = 0 [pid 5839] <... openat resumed>) = 3 [pid 5834] +++ exited with 0 +++ [pid 5844] memfd_create("syzkaller", 0 [pid 5845] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5846], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5846 [pid 5845] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5845] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5846 attached [pid 5846] set_robust_list(0x7f5659be29e0, 24) = 0 [ 104.320426][ T46] EXT4-fs (loop5): This should not happen!! Data will be lost [ 104.320426][ T46] [ 104.333993][ T46] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 104.337541][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5844] <... memfd_create resumed>) = 3 [pid 5840] +++ exited with 0 +++ [pid 5839] chdir("./bus" [pid 5831] +++ exited with 0 +++ [pid 5844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] <... chdir resumed>) = 0 [pid 5844] <... mmap resumed>) = 0x7f56517c2000 [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5831, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 5839] ioctl(4, LOOP_CLR_FD [pid 5846] memfd_create("syzkaller", 0) = 3 [pid 5846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5084] restart_syscall(<... resuming interrupted clone ...> [pid 5839] <... ioctl resumed>) = 0 [pid 5084] <... restart_syscall resumed>) = 0 [pid 5839] close(4 [pid 5084] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5839] <... close resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] <... futex resumed>) = 1 [pid 5836] <... futex resumed>) = 0 [pid 5839] chdir("./file0" [pid 5836] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... openat resumed>) = 3 [pid 5836] <... futex resumed>) = 0 [pid 5839] <... chdir resumed>) = 0 [pid 5836] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] fstat(3, [pid 5836] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5839] <... futex resumed>) = 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5836] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5084] getdents64(3, [pid 5836] <... futex resumed>) = 0 [pid 5836] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5084] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5839] <... openat resumed>) = 4 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] lstat("./29/binderfs", [pid 5839] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5836] <... futex resumed>) = 0 [pid 5084] unlink("./29/binderfs" [pid 5839] <... futex resumed>) = 1 [pid 5836] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5839] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5836] <... futex resumed>) = 0 [pid 5084] <... unlink resumed>) = 0 [pid 5844] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5836] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 104.370019][ T46] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [pid 5084] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5846] <... write resumed>) = 1048576 [pid 5846] munmap(0x7f56517c2000, 1048576) = 0 [pid 5846] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5846] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5846] close(3) = 0 [pid 5846] mkdir("./bus", 0777) = 0 [pid 5846] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5836] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5836] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f56518a1000 [pid 5836] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5085] <... umount2 resumed>) = 0 [pid 5836] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5085] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5839] <... write resumed>) = 262144 [pid 5836] <... clone resumed>, parent_tid=[5848], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 5848 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5848 attached [pid 5839] <... futex resumed>) = 0 [pid 5836] <... futex resumed>) = 0 [ 104.422904][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 104.433057][ T5846] loop1: detected capacity change from 0 to 2048 [pid 5085] lstat("./27/bus", [pid 5839] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] <... write resumed>) = 1048576 [pid 5844] munmap(0x7f56517c2000, 1048576) = 0 [pid 5848] set_robust_list(0x7f56518c19e0, 24 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5844] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5844] ioctl(4, LOOP_SET_FD, 3 [pid 5848] <... set_robust_list resumed>) = 0 [pid 5844] <... ioctl resumed>) = 0 [pid 5085] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5848] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... mmap resumed>) = 0x20000000 [pid 5085] openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... openat resumed>) = 4 [pid 5848] <... futex resumed>) = 1 [pid 5836] <... futex resumed>) = 0 [pid 5085] fstat(4, [pid 5848] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5839] <... futex resumed>) = 0 [pid 5836] <... futex resumed>) = 1 [pid 5085] getdents64(4, [ 104.480359][ T11] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 104.498387][ T5844] loop2: detected capacity change from 0 to 2048 [ 104.510445][ T5846] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/29/bus supports timestamps until 2038 (0x7fffffff) [pid 5839] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5836] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5846] <... mount resumed>) = 0 [pid 5839] <... open resumed>) = 5 [pid 5085] getdents64(4, [pid 5846] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5839] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5846] <... openat resumed>) = 3 [pid 5839] <... futex resumed>) = 1 [pid 5836] <... futex resumed>) = 0 [pid 5085] close(4 [pid 5846] chdir("./bus" [pid 5839] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... close resumed>) = 0 [pid 5846] <... chdir resumed>) = 0 [pid 5839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5836] <... futex resumed>) = 0 [pid 5085] rmdir("./27/bus" [pid 5846] ioctl(4, LOOP_CLR_FD [pid 5086] <... umount2 resumed>) = 0 [pid 5844] close(3) = 0 [ 104.525031][ T27] audit: type=1800 audit(1678856055.925:175): pid=5839 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop0" ino=19 res=0 errno=0 [ 104.525299][ T11] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [pid 5844] mkdir("./bus", 0777) = 0 [pid 5839] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5836] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5846] <... ioctl resumed>) = 0 [pid 5844] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5085] <... rmdir resumed>) = 0 [pid 5086] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5839] <... mount resumed>) = 0 [pid 5846] close(4 [pid 5839] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] getdents64(3, [pid 5846] <... close resumed>) = 0 [pid 5086] lstat("./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [ 104.570149][ T11] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 104.584542][ T11] EXT4-fs (loop3): This should not happen!! Data will be lost [ 104.584542][ T11] [ 104.597099][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5086] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5839] <... futex resumed>) = 1 [pid 5086] close(4 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5846] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... futex resumed>) = 0 [pid 5846] <... futex resumed>) = 1 [pid 5845] <... futex resumed>) = 0 [pid 5839] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... close resumed>) = 0 [pid 5085] close(3 [pid 5845] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] rmdir("./28/bus" [pid 5846] chdir("./file0" [pid 5845] <... futex resumed>) = 0 [pid 5839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5836] <... futex resumed>) = 0 [pid 5086] <... rmdir resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5846] <... chdir resumed>) = 0 [pid 5845] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5836] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] getdents64(3, [pid 5085] rmdir("./27" [pid 5846] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5839] <... open resumed>) = 6 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [ 104.619579][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5846] <... futex resumed>) = 0 [pid 5845] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] close(3 [pid 5085] <... rmdir resumed>) = 0 [pid 5084] <... umount2 resumed>) = 0 [pid 5846] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5839] <... futex resumed>) = 1 [pid 5836] <... futex resumed>) = 0 [pid 5085] mkdir("./28", 0777 [pid 5084] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5839] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... mkdir resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5836] <... futex resumed>) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5084] lstat("./29/bus", [pid 5839] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5836] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... openat resumed>) = 3 [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5845] <... futex resumed>) = 0 [pid 5844] <... mount resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5085] ioctl(3, LOOP_CLR_FD [pid 5084] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5846] <... openat resumed>) = 4 [pid 5845] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5086] rmdir("./28" [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5846] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... openat resumed>) = 3 [pid 5839] <... write resumed>) = 262144 [pid 5086] <... rmdir resumed>) = 0 [pid 5085] close(3 [pid 5084] openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5846] <... futex resumed>) = 1 [pid 5845] <... futex resumed>) = 0 [pid 5844] chdir("./bus" [pid 5839] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] mkdir("./29", 0777 [pid 5085] <... close resumed>) = 0 [pid 5084] <... openat resumed>) = 4 [pid 5846] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5845] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... chdir resumed>) = 0 [pid 5839] <... futex resumed>) = 1 [pid 5836] <... futex resumed>) = 0 [pid 5086] <... mkdir resumed>) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5084] fstat(4, [pid 5846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5845] <... futex resumed>) = 0 [pid 5844] ioctl(4, LOOP_CLR_FD [pid 5839] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] exit_group(0 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5848] <... futex resumed>) = ? [pid 5846] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5845] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] <... ioctl resumed>) = 0 [pid 5839] <... futex resumed>) = ? [pid 5836] <... exit_group resumed>) = ? [pid 5086] <... openat resumed>) = 3 [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5852 [pid 5084] getdents64(4, [pid 5848] +++ exited with 0 +++ [pid 5844] close(4 [pid 5839] +++ exited with 0 +++ [pid 5836] +++ exited with 0 +++ [pid 5086] ioctl(3, LOOP_CLR_FD [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5844] <... close resumed>) = 0 [pid 5086] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5084] getdents64(4, [pid 5844] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] close(3 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5836, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- ./strace-static-x86_64: Process 5852 attached [pid 5846] <... write resumed>) = 262144 [pid 5844] <... futex resumed>) = 1 [pid 5842] <... futex resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5084] close(4 [pid 5081] restart_syscall(<... resuming interrupted clone ...> [pid 5852] set_robust_list(0x555556f1a5e0, 24 [pid 5844] chdir("./file0" [pid 5842] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5084] <... close resumed>) = 0 [pid 5081] <... restart_syscall resumed>) = 0 [pid 5852] <... set_robust_list resumed>) = 0 [pid 5844] <... chdir resumed>) = 0 [pid 5842] <... futex resumed>) = 0 [pid 5844] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] rmdir("./29/bus" [pid 5852] chdir("./28" [pid 5844] <... futex resumed>) = 0 [pid 5842] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 104.658677][ T5844] ext4 filesystem being mounted at /root/syzkaller.22hR0w/29/bus supports timestamps until 2038 (0x7fffffff) [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5853 [pid 5852] <... chdir resumed>) = 0 [pid 5844] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5842] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 5853 attached [pid 5852] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5842] <... futex resumed>) = 0 [pid 5084] getdents64(3, [pid 5081] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5853] set_robust_list(0x555556f1a5e0, 24 [pid 5852] <... prctl resumed>) = 0 [pid 5846] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5842] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5853] <... set_robust_list resumed>) = 0 [pid 5852] setpgid(0, 0 [pid 5846] <... futex resumed>) = 1 [pid 5845] <... futex resumed>) = 0 [pid 5844] <... openat resumed>) = 4 [pid 5084] close(3 [pid 5081] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5853] chdir("./29" [pid 5852] <... setpgid resumed>) = 0 [pid 5846] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5845] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... close resumed>) = 0 [pid 5081] <... openat resumed>) = 3 [pid 5853] <... chdir resumed>) = 0 [pid 5852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5845] <... futex resumed>) = 0 [pid 5844] <... futex resumed>) = 1 [pid 5842] <... futex resumed>) = 0 [pid 5084] rmdir("./29" [pid 5081] fstat(3, [pid 5853] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5852] <... openat resumed>) = 3 [pid 5846] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5845] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5842] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... prctl resumed>) = 0 [pid 5852] write(3, "1000", 4 [pid 5846] <... mmap resumed>) = 0x20000000 [pid 5844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5842] <... futex resumed>) = 0 [pid 5084] <... rmdir resumed>) = 0 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5853] setpgid(0, 0 [pid 5852] <... write resumed>) = 4 [pid 5846] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5842] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] mkdir("./30", 0777 [pid 5081] getdents64(3, [pid 5853] <... setpgid resumed>) = 0 [pid 5852] close(3 [pid 5846] <... futex resumed>) = 1 [pid 5845] <... futex resumed>) = 0 [pid 5084] <... mkdir resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5852] <... close resumed>) = 0 [pid 5846] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5845] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5081] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5853] <... openat resumed>) = 3 [pid 5852] symlink("/dev/binderfs", "./binderfs" [pid 5846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5845] <... futex resumed>) = 0 [pid 5084] <... openat resumed>) = 3 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5853] write(3, "1000", 4 [pid 5852] <... symlink resumed>) = 0 [pid 5846] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5845] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5081] lstat("./28/binderfs", [pid 5853] <... write resumed>) = 4 [pid 5852] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... open resumed>) = 5 [pid 5844] <... write resumed>) = 262144 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5852] <... futex resumed>) = 0 [pid 5084] close(3 [pid 5081] unlink("./28/binderfs" [pid 5852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5084] <... close resumed>) = 0 [pid 5853] close(3 [pid 5081] <... unlink resumed>) = 0 [pid 5846] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... mmap resumed>) = 0x7f5659bc2000 [pid 5844] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5081] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5854 attached [pid 5853] <... close resumed>) = 0 [pid 5852] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5846] <... futex resumed>) = 1 [pid 5845] <... futex resumed>) = 0 [pid 5844] <... futex resumed>) = 1 [pid 5842] <... futex resumed>) = 0 [pid 5854] set_robust_list(0x555556f1a5e0, 24 [pid 5853] symlink("/dev/binderfs", "./binderfs" [pid 5852] <... mprotect resumed>) = 0 [pid 5846] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5854 [pid 5854] <... set_robust_list resumed>) = 0 [pid 5853] <... symlink resumed>) = 0 [pid 5852] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5854] chdir("./30" [pid 5853] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... chdir resumed>) = 0 [pid 5853] <... futex resumed>) = 0 [pid 5852] <... clone resumed>, parent_tid=[5855], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5855 [pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5853] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5852] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... prctl resumed>) = 0 [pid 5853] <... mmap resumed>) = 0x7f5659bc2000 [pid 5852] <... futex resumed>) = 0 [pid 5845] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] setpgid(0, 0 [pid 5853] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5852] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5846] <... futex resumed>) = 0 [pid 5845] <... futex resumed>) = 1 [pid 5844] <... futex resumed>) = 0 [pid 5842] <... futex resumed>) = 1 ./strace-static-x86_64: Process 5855 attached [pid 5854] <... setpgid resumed>) = 0 [pid 5853] <... mprotect resumed>) = 0 [pid 5846] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5845] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5842] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5853] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5846] <... mount resumed>) = 0 [pid 5855] set_robust_list(0x7f5659be29e0, 24 [pid 5854] <... openat resumed>) = 3 [pid 5844] <... mmap resumed>) = 0x20000000 [pid 5854] write(3, "1000", 4 [pid 5853] <... clone resumed>, parent_tid=[5856], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5856 [pid 5854] <... write resumed>) = 4 [pid 5853] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] close(3 [pid 5853] <... futex resumed>) = 0 [pid 5854] <... close resumed>) = 0 [pid 5853] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5854] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5846] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... set_robust_list resumed>) = 0 [pid 5854] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... futex resumed>) = 1 [pid 5845] <... futex resumed>) = 0 [pid 5844] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] memfd_create("syzkaller", 0 [pid 5854] <... futex resumed>) = 0 [pid 5846] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5845] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... futex resumed>) = 1 [pid 5842] <... futex resumed>) = 0 [ 104.764361][ T27] audit: type=1800 audit(1678856056.165:176): pid=5846 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop1" ino=19 res=0 errno=0 [ 104.794066][ T948] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 5854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5854] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5854] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5857], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5857 [pid 5854] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5845] <... futex resumed>) = 0 [pid 5844] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5842] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5856 attached [pid 5855] <... memfd_create resumed>) = 3 [pid 5846] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5845] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5842] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5857 attached [pid 5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5846] <... open resumed>) = 6 [pid 5856] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 5856] memfd_create("syzkaller", 0) = 3 [pid 5856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5857] set_robust_list(0x7f5659be29e0, 24 [pid 5855] <... mmap resumed>) = 0x7f56517c2000 [pid 5846] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5842] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] <... set_robust_list resumed>) = 0 [pid 5856] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5855] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5846] <... futex resumed>) = 1 [pid 5845] <... futex resumed>) = 0 [pid 5844] <... open resumed>) = 5 [pid 5857] memfd_create("syzkaller", 0 [pid 5845] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 104.831119][ T948] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 104.843294][ T948] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [ 104.857224][ T948] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5845] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] <... write resumed>) = 1048576 [pid 5856] munmap(0x7f56517c2000, 1048576) = 0 [pid 5856] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5856] ioctl(4, LOOP_SET_FD, 3 [pid 5857] <... memfd_create resumed>) = 3 [pid 5846] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5844] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5844] <... futex resumed>) = 1 [pid 5842] <... futex resumed>) = 0 [pid 5856] <... ioctl resumed>) = 0 [pid 5856] close(3) = 0 [pid 5856] mkdir("./bus", 0777 [pid 5857] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5844] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 5842] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5844] <... mount resumed>) = 0 [pid 5842] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5845] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5844] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5846] <... write resumed>) = 262144 [pid 5844] <... futex resumed>) = 0 [pid 5842] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5842] <... futex resumed>) = 0 [pid 5856] <... mkdir resumed>) = 0 [pid 5855] <... write resumed>) = 1048576 [pid 5846] <... futex resumed>) = 0 [pid 5845] exit_group(0 [pid 5844] <... open resumed>) = 6 [pid 5842] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5855] munmap(0x7f56517c2000, 1048576 [pid 5845] <... exit_group resumed>) = ? [pid 5844] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5855] <... munmap resumed>) = 0 [pid 5844] <... futex resumed>) = 0 [pid 5842] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] +++ exited with 0 +++ [pid 5845] +++ exited with 0 +++ [pid 5855] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5844] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5842] <... futex resumed>) = 0 [pid 5855] <... openat resumed>) = 4 [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5845, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5082] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 104.879273][ T27] audit: type=1800 audit(1678856056.275:177): pid=5844 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop2" ino=19 res=0 errno=0 [ 104.895018][ T5856] loop5: detected capacity change from 0 to 2048 [ 104.910155][ T948] EXT4-fs (loop0): This should not happen!! Data will be lost [ 104.910155][ T948] [pid 5082] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5855] ioctl(4, LOOP_SET_FD, 3 [pid 5844] <... write resumed>) = 262144 [pid 5842] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5082] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5844] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] lstat("./29/binderfs", [pid 5844] <... futex resumed>) = 1 [pid 5842] <... futex resumed>) = 0 [pid 5082] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 104.963312][ T948] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 104.977688][ T5855] loop4: detected capacity change from 0 to 2048 [ 104.991547][ T5856] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/29/bus supports timestamps until 2038 (0x7fffffff) [pid 5844] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5842] exit_group(0 [pid 5082] unlink("./29/binderfs" [pid 5857] <... write resumed>) = 1048576 [pid 5855] <... ioctl resumed>) = 0 [pid 5844] <... futex resumed>) = ? [pid 5842] <... exit_group resumed>) = ? [pid 5857] munmap(0x7f56517c2000, 1048576 [pid 5855] close(3 [pid 5844] +++ exited with 0 +++ [pid 5842] +++ exited with 0 +++ [pid 5082] <... unlink resumed>) = 0 [pid 5857] <... munmap resumed>) = 0 [pid 5855] <... close resumed>) = 0 [pid 5857] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5855] mkdir("./bus", 0777 [pid 5857] <... openat resumed>) = 4 [pid 5855] <... mkdir resumed>) = 0 [pid 5857] ioctl(4, LOOP_SET_FD, 3 [pid 5855] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5842, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5082] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5857] <... ioctl resumed>) = 0 [pid 5857] close(3) = 0 [pid 5857] mkdir("./bus", 0777) = 0 [pid 5857] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5083] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5856] <... mount resumed>) = 0 [pid 5856] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5856] chdir("./bus" [pid 5083] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5856] <... chdir resumed>) = 0 [pid 5083] <... openat resumed>) = 3 [pid 5856] ioctl(4, LOOP_CLR_FD [pid 5083] fstat(3, [pid 5856] <... ioctl resumed>) = 0 [pid 5856] close(4) = 0 [pid 5856] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5856] <... futex resumed>) = 1 [pid 5853] <... futex resumed>) = 0 [pid 5083] getdents64(3, [pid 5853] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5853] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5856] chdir("./file0" [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] lstat("./29/binderfs", [pid 5856] <... chdir resumed>) = 0 [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5856] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] unlink("./29/binderfs" [pid 5856] <... futex resumed>) = 1 [pid 5853] <... futex resumed>) = 0 [pid 5856] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5853] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... unlink resumed>) = 0 [ 105.004974][ T948] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 105.016245][ T5857] loop3: detected capacity change from 0 to 2048 [ 105.039349][ T11] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 105.053684][ T11] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5853] <... futex resumed>) = 0 [pid 5853] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] <... openat resumed>) = 4 [pid 5083] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5856] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = 0 [pid 5856] <... futex resumed>) = 1 [pid 5853] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5853] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 105.066917][ T11] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 105.080754][ T11] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 105.095963][ T9] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 105.096604][ T11] EXT4-fs (loop1): This should not happen!! Data will be lost [pid 5856] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 5853] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5853] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5853] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f56518a1000 [pid 5853] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5853] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5864], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 5864 [pid 5853] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5853] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5864 attached [pid 5856] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... mount resumed>) = 0 [pid 5856] <... futex resumed>) = 0 [pid 5856] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5855] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [ 105.096604][ T11] [ 105.112147][ T5855] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/28/bus supports timestamps until 2038 (0x7fffffff) [ 105.120655][ T11] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 105.138822][ T5857] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/30/bus supports timestamps until 2038 (0x7fffffff) [pid 5864] set_robust_list(0x7f56518c19e0, 24) = 0 [pid 5857] <... mount resumed>) = 0 [pid 5855] <... openat resumed>) = 3 [pid 5081] <... umount2 resumed>) = 0 [pid 5857] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5853] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5081] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5857] <... openat resumed>) = 3 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5857] chdir("./bus" [pid 5081] lstat("./28/bus", [pid 5857] <... chdir resumed>) = 0 [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5857] ioctl(4, LOOP_CLR_FD [pid 5081] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5857] <... ioctl resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5857] close(4 [pid 5853] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5857] <... close resumed>) = 0 [pid 5081] <... openat resumed>) = 4 [pid 5857] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] fstat(4, [pid 5857] <... futex resumed>) = 1 [pid 5856] <... futex resumed>) = 0 [pid 5854] <... futex resumed>) = 0 [pid 5853] <... futex resumed>) = 1 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5864] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5857] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5856] open("", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5855] chdir("./bus" [pid 5854] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] getdents64(4, [pid 5864] <... mmap resumed>) = 0x20000000 [pid 5857] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5856] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5855] <... chdir resumed>) = 0 [pid 5854] <... futex resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [ 105.155794][ T11] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 105.168788][ T9] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 105.186829][ T9] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [pid 5857] chdir("./file0" [pid 5081] getdents64(4, [pid 5864] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] <... chdir resumed>) = 0 [pid 5856] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] ioctl(4, LOOP_CLR_FD [pid 5854] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5864] <... futex resumed>) = 0 [pid 5857] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... futex resumed>) = 1 [pid 5855] <... ioctl resumed>) = 0 [pid 5854] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5853] <... futex resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5864] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5857] <... futex resumed>) = 0 [pid 5856] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5855] close(4 [pid 5854] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] close(4 [pid 5857] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5856] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5855] <... close resumed>) = 0 [pid 5854] <... futex resumed>) = 0 [pid 5853] <... futex resumed>) = 0 [pid 5081] <... close resumed>) = 0 [pid 5857] <... openat resumed>) = 4 [pid 5856] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5855] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 5855] <... futex resumed>) = 1 [pid 5854] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5852] <... futex resumed>) = 0 [pid 5082] <... umount2 resumed>) = 0 [pid 5857] <... futex resumed>) = 0 [pid 5856] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [ 105.212730][ T9] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5857] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5856] <... futex resumed>) = 1 [pid 5855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] <... futex resumed>) = 0 [pid 5853] <... futex resumed>) = 0 [pid 5852] <... futex resumed>) = 0 [pid 5856] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5855] chdir("./file0" [pid 5854] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] rmdir("./28/bus" [pid 5856] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5855] <... chdir resumed>) = 0 [pid 5853] <... futex resumed>) = 0 [pid 5082] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5856] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5855] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5855] <... futex resumed>) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5856] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] lstat("./29/bus", [pid 5856] <... futex resumed>) = 1 [pid 5855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5853] <... futex resumed>) = 0 [pid 5852] <... futex resumed>) = 0 [pid 5082] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5857] <... write resumed>) = 262144 [pid 5081] <... rmdir resumed>) = 0 [pid 5857] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] getdents64(3, [pid 5857] <... futex resumed>) = 1 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5857] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] close(3) = 0 [pid 5081] rmdir("./28") = 0 [pid 5081] mkdir("./29", 0777 [pid 5856] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5855] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5854] <... futex resumed>) = 0 [pid 5853] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... mkdir resumed>) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5081] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5081] close(3 [pid 5856] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = 0 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] <... close resumed>) = 0 [pid 5857] <... futex resumed>) = 0 [pid 5856] write(-1, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5854] <... futex resumed>) = 1 [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5857] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5856] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5855] <... openat resumed>) = 4 [pid 5854] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5857] <... mmap resumed>) = 0x20000000 [pid 5856] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] <... openat resumed>) = 4 [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5865 [pid 5857] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... futex resumed>) = 0 [pid 5855] <... futex resumed>) = 1 [pid 5853] exit_group(0 [pid 5852] <... futex resumed>) = 0 [pid 5082] fstat(4, ./strace-static-x86_64: Process 5865 attached [pid 5864] <... futex resumed>) = ? [pid 5857] <... futex resumed>) = 1 [pid 5855] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] <... futex resumed>) = 0 [pid 5853] <... exit_group resumed>) = ? [pid 5852] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 105.267047][ T9] EXT4-fs (loop2): This should not happen!! Data will be lost [ 105.267047][ T9] [ 105.289950][ T9] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 105.304281][ T9] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 5865] set_robust_list(0x555556f1a5e0, 24 [pid 5864] +++ exited with 0 +++ [pid 5857] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5856] +++ exited with 0 +++ [pid 5855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] <... set_robust_list resumed>) = 0 [pid 5857] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5855] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5854] <... futex resumed>) = 0 [pid 5853] +++ exited with 0 +++ [pid 5852] <... futex resumed>) = 0 [pid 5083] <... umount2 resumed>) = 0 [pid 5082] getdents64(4, [pid 5865] chdir("./29" [pid 5857] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5854] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5865] <... chdir resumed>) = 0 [pid 5857] <... open resumed>) = 5 [pid 5083] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5865] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5857] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5865] <... prctl resumed>) = 0 [pid 5857] <... futex resumed>) = 1 [pid 5854] <... futex resumed>) = 0 [pid 5083] lstat("./29/bus", [pid 5865] setpgid(0, 0 [pid 5857] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5865] <... setpgid resumed>) = 0 [pid 5857] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] <... futex resumed>) = 0 [pid 5083] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5857] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 5854] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5865] <... openat resumed>) = 3 [pid 5857] <... mount resumed>) = 0 [pid 5083] openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5865] write(3, "1000", 4 [pid 5857] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... openat resumed>) = 4 [pid 5865] <... write resumed>) = 4 [pid 5857] <... futex resumed>) = 1 [pid 5854] <... futex resumed>) = 0 [pid 5083] fstat(4, [pid 5865] close(3 [pid 5857] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5865] <... close resumed>) = 0 [pid 5857] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] <... futex resumed>) = 0 [pid 5083] getdents64(4, [pid 5865] symlink("/dev/binderfs", "./binderfs" [pid 5857] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5854] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5865] <... symlink resumed>) = 0 [pid 5857] <... open resumed>) = 6 [pid 5852] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5853, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5083] getdents64(4, [pid 5082] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5865] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] getdents64(4, [pid 5865] <... futex resumed>) = 0 [pid 5857] <... futex resumed>) = 1 [pid 5854] <... futex resumed>) = 0 [pid 5083] close(4 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5865] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5857] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... close resumed>) = 0 [pid 5082] close(4 [pid 5865] <... mmap resumed>) = 0x7f5659bc2000 [pid 5857] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] <... futex resumed>) = 0 [pid 5083] rmdir("./29/bus" [pid 5082] <... close resumed>) = 0 [pid 5865] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5857] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5854] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... rmdir resumed>) = 0 [pid 5082] rmdir("./29/bus" [pid 5865] <... mprotect resumed>) = 0 [pid 5855] <... write resumed>) = 262144 [pid 5086] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] getdents64(3, [pid 5082] <... rmdir resumed>) = 0 [pid 5865] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5855] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] getdents64(3, [pid 5855] <... futex resumed>) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5086] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] close(3 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5865] <... clone resumed>, parent_tid=[5866], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5866 [pid 5855] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... openat resumed>) = 3 [pid 5083] <... close resumed>) = 0 [pid 5082] close(3 [pid 5865] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5852] <... futex resumed>) = 0 [pid 5086] fstat(3, [pid 5083] rmdir("./29" [pid 5082] <... close resumed>) = 0 [pid 5865] <... futex resumed>) = 0 [pid 5855] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5852] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] rmdir("./29" [pid 5865] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5855] <... mmap resumed>) = 0x20000000 [pid 5086] getdents64(3, [pid 5083] <... rmdir resumed>) = 0 [pid 5082] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 5866 attached [pid 5855] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] mkdir("./30", 0777 [pid 5082] mkdir("./30", 0777 [pid 5866] set_robust_list(0x7f5659be29e0, 24 [pid 5855] <... futex resumed>) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5086] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... mkdir resumed>) = 0 [pid 5082] <... mkdir resumed>) = 0 [pid 5866] <... set_robust_list resumed>) = 0 [pid 5857] <... write resumed>) = 262144 [pid 5855] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5866] memfd_create("syzkaller", 0 [pid 5855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5852] <... futex resumed>) = 0 [pid 5086] lstat("./29/binderfs", [pid 5083] <... openat resumed>) = 3 [pid 5857] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... openat resumed>) = 3 [pid 5866] <... memfd_create resumed>) = 3 [pid 5855] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5852] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5854] <... futex resumed>) = 0 [pid 5857] <... futex resumed>) = 1 [pid 5083] ioctl(3, LOOP_CLR_FD [pid 5082] ioctl(3, LOOP_CLR_FD [pid 5866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5857] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5855] <... open resumed>) = 5 [pid 5854] exit_group(0 [pid 5086] unlink("./29/binderfs" [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5082] <... ioctl resumed>) = -1 ENXIO (No such device or address) [ 105.354179][ T27] audit: type=1800 audit(1678856056.755:178): pid=5857 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop3" ino=19 res=0 errno=0 [pid 5866] <... mmap resumed>) = 0x7f56517c2000 [pid 5857] <... futex resumed>) = ? [pid 5855] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... exit_group resumed>) = ? [pid 5086] <... unlink resumed>) = 0 [pid 5083] close(3 [pid 5082] close(3 [pid 5857] +++ exited with 0 +++ [pid 5855] <... futex resumed>) = 1 [pid 5854] +++ exited with 0 +++ [pid 5852] <... futex resumed>) = 0 [pid 5083] <... close resumed>) = 0 [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5854, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5084] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5867 [pid 5084] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5855] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 5852] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] fstat(3, [pid 5082] <... close resumed>) = 0 ./strace-static-x86_64: Process 5867 attached [pid 5866] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5855] <... mount resumed>) = 0 [pid 5852] <... futex resumed>) = 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5867] set_robust_list(0x555556f1a5e0, 24 [pid 5084] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5084] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] lstat("./30/binderfs", [pid 5855] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... set_robust_list resumed>) = 0 [pid 5855] <... futex resumed>) = 0 [pid 5852] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5867] chdir("./30" [pid 5084] unlink("./30/binderfs") = 0 [pid 5084] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5855] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5852] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... chdir resumed>) = 0 [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5868 [pid 5855] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5867] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5852] <... futex resumed>) = 0 [pid 5867] <... prctl resumed>) = 0 [pid 5855] <... open resumed>) = 6 [pid 5852] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 5868 attached [pid 5867] setpgid(0, 0 [pid 5866] <... write resumed>) = 1048576 [pid 5855] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5868] set_robust_list(0x555556f1a5e0, 24 [pid 5867] <... setpgid resumed>) = 0 [pid 5866] munmap(0x7f56517c2000, 1048576 [pid 5855] <... futex resumed>) = 0 [pid 5852] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5866] <... munmap resumed>) = 0 [pid 5855] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5852] <... futex resumed>) = 0 [pid 5868] <... set_robust_list resumed>) = 0 [pid 5867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5852] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] lstat("./29/bus", [pid 5868] chdir("./30" [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5867] <... openat resumed>) = 3 [pid 5086] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5868] <... chdir resumed>) = 0 [pid 5867] write(3, "1000", 4 [pid 5866] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5867] <... write resumed>) = 4 [pid 5866] <... openat resumed>) = 4 [pid 5086] openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... prctl resumed>) = 0 [pid 5867] close(3 [pid 5866] ioctl(4, LOOP_SET_FD, 3 [pid 5855] <... write resumed>) = 262144 [pid 5086] <... openat resumed>) = 4 [ 105.469524][ T9] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 105.486740][ T9] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 105.496850][ T9] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [pid 5855] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] setpgid(0, 0 [pid 5867] <... close resumed>) = 0 [pid 5855] <... futex resumed>) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5855] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] exit_group(0 [pid 5855] <... futex resumed>) = ? [pid 5852] <... exit_group resumed>) = ? [pid 5868] <... setpgid resumed>) = 0 [pid 5867] symlink("/dev/binderfs", "./binderfs" [pid 5866] <... ioctl resumed>) = 0 [pid 5855] +++ exited with 0 +++ [pid 5852] +++ exited with 0 +++ [pid 5086] fstat(4, [pid 5868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5867] <... symlink resumed>) = 0 [pid 5866] close(3 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5852, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5868] <... openat resumed>) = 3 [pid 5867] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] <... close resumed>) = 0 [pid 5086] getdents64(4, [pid 5868] write(3, "1000", 4 [pid 5867] <... futex resumed>) = 0 [pid 5866] mkdir("./bus", 0777 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5868] <... write resumed>) = 4 [pid 5867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5866] <... mkdir resumed>) = 0 [pid 5086] getdents64(4, [pid 5085] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5868] close(3 [pid 5867] <... mmap resumed>) = 0x7f5659bc2000 [pid 5866] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5086] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... close resumed>) = 0 [pid 5867] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5086] close(4 [pid 5085] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] symlink("/dev/binderfs", "./binderfs" [pid 5867] <... mprotect resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5085] <... openat resumed>) = 3 [pid 5868] <... symlink resumed>) = 0 [pid 5867] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5086] rmdir("./29/bus" [pid 5085] fstat(3, [pid 5868] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... rmdir resumed>) = 0 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5868] <... futex resumed>) = 0 [pid 5867] <... clone resumed>, parent_tid=[5869], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5869 [pid 5086] getdents64(3, [pid 5085] getdents64(3, [pid 5868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5867] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5868] <... mmap resumed>) = 0x7f5659bc2000 [pid 5867] <... futex resumed>) = 0 [pid 5086] close(3 [pid 5085] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5868] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5867] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5086] <... close resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... mprotect resumed>) = 0 [pid 5086] rmdir("./29" [pid 5085] lstat("./28/binderfs", [pid 5868] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5086] <... rmdir resumed>) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] mkdir("./30", 0777 [pid 5085] unlink("./28/binderfs" [pid 5868] <... clone resumed>, parent_tid=[5871], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5871 [pid 5086] <... mkdir resumed>) = 0 [pid 5085] <... unlink resumed>) = 0 [pid 5868] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [ 105.532279][ T5866] loop0: detected capacity change from 0 to 2048 [ 105.539835][ T9] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 105.568590][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5085] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5871 attached ./strace-static-x86_64: Process 5869 attached [pid 5868] <... futex resumed>) = 0 [pid 5086] <... openat resumed>) = 3 [pid 5868] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5086] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5086] close(3) = 0 [ 105.583827][ T9] EXT4-fs (loop3): This should not happen!! Data will be lost [ 105.583827][ T9] [ 105.584016][ T5866] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/29/bus supports timestamps until 2038 (0x7fffffff) [ 105.595027][ T9] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 105.620966][ T11] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5873 attached , child_tidptr=0x555556f1a5d0) = 5873 [pid 5871] set_robust_list(0x7f5659be29e0, 24 [pid 5869] set_robust_list(0x7f5659be29e0, 24 [pid 5866] <... mount resumed>) = 0 [pid 5873] set_robust_list(0x555556f1a5e0, 24 [pid 5866] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5873] <... set_robust_list resumed>) = 0 [pid 5871] <... set_robust_list resumed>) = 0 [pid 5869] <... set_robust_list resumed>) = 0 [pid 5866] <... openat resumed>) = 3 [pid 5873] chdir("./30" [pid 5866] chdir("./bus" [pid 5873] <... chdir resumed>) = 0 [pid 5871] memfd_create("syzkaller", 0 [pid 5866] <... chdir resumed>) = 0 [pid 5873] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5869] memfd_create("syzkaller", 0 [pid 5866] ioctl(4, LOOP_CLR_FD [pid 5873] <... prctl resumed>) = 0 [pid 5866] <... ioctl resumed>) = 0 [pid 5873] setpgid(0, 0 [pid 5866] close(4 [pid 5873] <... setpgid resumed>) = 0 [pid 5871] <... memfd_create resumed>) = 3 [pid 5869] <... memfd_create resumed>) = 3 [pid 5866] <... close resumed>) = 0 [pid 5873] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5866] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... openat resumed>) = 3 [pid 5866] <... futex resumed>) = 1 [pid 5865] <... futex resumed>) = 0 [pid 5873] write(3, "1000", 4 [pid 5866] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5865] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... write resumed>) = 4 [pid 5866] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5865] <... futex resumed>) = 0 [pid 5873] close(3 [pid 5866] chdir("./file0" [pid 5865] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... close resumed>) = 0 [pid 5871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5866] <... chdir resumed>) = 0 [pid 5871] <... mmap resumed>) = 0x7f56517c2000 [pid 5869] <... mmap resumed>) = 0x7f56517c2000 [ 105.620999][ T9] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 105.646776][ T11] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 105.665283][ T11] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5873] symlink("/dev/binderfs", "./binderfs" [pid 5871] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5866] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... symlink resumed>) = 0 [pid 5866] <... futex resumed>) = 1 [pid 5865] <... futex resumed>) = 0 [pid 5873] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5866] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5865] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... futex resumed>) = 0 [pid 5866] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5865] <... futex resumed>) = 0 [pid 5873] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5866] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5865] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... mmap resumed>) = 0x7f5659bc2000 [pid 5873] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5873] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5866] <... openat resumed>) = 4 [pid 5873] <... clone resumed>, parent_tid=[5874], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5874 [pid 5873] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5874 attached [pid 5866] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] set_robust_list(0x7f5659be29e0, 24 [pid 5866] <... futex resumed>) = 1 [pid 5865] <... futex resumed>) = 0 [pid 5866] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5865] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... set_robust_list resumed>) = 0 [pid 5874] memfd_create("syzkaller", 0) = 3 [pid 5874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5865] <... futex resumed>) = 0 [pid 5865] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 105.679745][ T11] EXT4-fs (loop4): This should not happen!! Data will be lost [ 105.679745][ T11] [ 105.691551][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5874] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5874] munmap(0x7f56517c2000, 1048576) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5874] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5874] close(3) = 0 [pid 5874] mkdir("./bus", 0777) = 0 [pid 5874] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5865] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5865] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5865] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f56518a1000 [pid 5865] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5865] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5875], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 5875 [pid 5865] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5865] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5875 attached [pid 5871] <... write resumed>) = 1048576 [pid 5866] <... write resumed>) = 262144 [pid 5084] <... umount2 resumed>) = 0 [pid 5875] set_robust_list(0x7f56518c19e0, 24 [pid 5871] munmap(0x7f56517c2000, 1048576 [pid 5866] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5875] <... set_robust_list resumed>) = 0 [pid 5875] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5866] <... futex resumed>) = 0 [pid 5875] <... mmap resumed>) = 0x20000000 [pid 5871] <... munmap resumed>) = 0 [pid 5869] <... write resumed>) = 1048576 [pid 5866] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5875] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5875] <... futex resumed>) = 1 [pid 5865] <... futex resumed>) = 0 [pid 5871] <... openat resumed>) = 4 [pid 5869] munmap(0x7f56517c2000, 1048576 [pid 5865] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5875] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5865] <... futex resumed>) = 1 [pid 5866] <... futex resumed>) = 0 [pid 5865] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] ioctl(4, LOOP_SET_FD, 3 [pid 5869] <... munmap resumed>) = 0 [ 105.764235][ T5874] loop5: detected capacity change from 0 to 2048 [ 105.784317][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5866] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5869] ioctl(4, LOOP_SET_FD, 3 [pid 5871] <... ioctl resumed>) = 0 [pid 5866] <... open resumed>) = 5 [pid 5084] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5871] close(3 [pid 5866] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... ioctl resumed>) = 0 [pid 5869] close(3) = 0 [pid 5869] mkdir("./bus", 0777 [pid 5871] <... close resumed>) = 0 [pid 5866] <... futex resumed>) = 1 [pid 5084] lstat("./30/bus", [pid 5865] <... futex resumed>) = 0 [pid 5871] mkdir("./bus", 0777 [pid 5866] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5871] <... mkdir resumed>) = 0 [pid 5866] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5865] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5869] <... mkdir resumed>) = 0 [pid 5869] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5871] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5865] <... futex resumed>) = 0 [pid 5866] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5865] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5866] <... mount resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5866] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5874] <... mount resumed>) = 0 [pid 5874] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5084] <... openat resumed>) = 4 [pid 5866] <... futex resumed>) = 1 [pid 5865] <... futex resumed>) = 0 [pid 5084] fstat(4, [pid 5865] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5865] <... futex resumed>) = 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5874] <... openat resumed>) = 3 [pid 5874] chdir("./bus" [pid 5865] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] getdents64(4, [pid 5866] <... open resumed>) = 6 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5874] <... chdir resumed>) = 0 [pid 5866] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... umount2 resumed>) = 0 [pid 5084] getdents64(4, [pid 5874] ioctl(4, LOOP_CLR_FD [pid 5866] <... futex resumed>) = 1 [pid 5865] <... futex resumed>) = 0 [pid 5085] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5865] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] close(4 [pid 5865] <... futex resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 5865] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] rmdir("./30/bus") = 0 [pid 5874] <... ioctl resumed>) = 0 [pid 5866] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5084] getdents64(3, [pid 5874] close(4 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5084] close(3) = 0 [pid 5084] rmdir("./30") = 0 [pid 5084] mkdir("./31", 0777) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5874] <... close resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] <... write resumed>) = 262144 [pid 5085] lstat("./28/bus", [pid 5084] <... openat resumed>) = 3 [pid 5874] <... futex resumed>) = 1 [pid 5873] <... futex resumed>) = 0 [ 105.812417][ T5871] loop1: detected capacity change from 0 to 2048 [ 105.813574][ T5869] loop2: detected capacity change from 0 to 2048 [ 105.833176][ T5874] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/30/bus supports timestamps until 2038 (0x7fffffff) [pid 5866] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5874] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] <... futex resumed>) = 1 [pid 5085] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5874] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5873] <... futex resumed>) = 0 [pid 5866] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] chdir("./file0" [pid 5873] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5874] <... chdir resumed>) = 0 [pid 5865] <... futex resumed>) = 0 [pid 5085] <... openat resumed>) = 4 [pid 5085] fstat(4, [pid 5874] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] exit_group(0 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./28/bus") = 0 [pid 5085] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./28" [pid 5875] <... futex resumed>) = ? [pid 5874] <... futex resumed>) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5866] <... futex resumed>) = ? [pid 5865] <... exit_group resumed>) = ? [pid 5085] <... rmdir resumed>) = 0 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5875] +++ exited with 0 +++ [pid 5874] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] +++ exited with 0 +++ [pid 5085] mkdir("./29", 0777 [pid 5874] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5873] <... futex resumed>) = 0 [pid 5871] <... mount resumed>) = 0 [pid 5869] <... mount resumed>) = 0 [pid 5865] +++ exited with 0 +++ [pid 5084] close(3 [pid 5874] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5871] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5869] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5873] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... mkdir resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5865, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5874] <... openat resumed>) = 4 [pid 5871] <... openat resumed>) = 3 [pid 5869] <... openat resumed>) = 3 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5874] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] chdir("./bus" [pid 5869] chdir("./bus" [pid 5085] <... openat resumed>) = 3 [pid 5874] <... futex resumed>) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5871] <... chdir resumed>) = 0 [pid 5869] <... chdir resumed>) = 0 [pid 5085] ioctl(3, LOOP_CLR_FD [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5882 [pid 5081] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5874] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] ioctl(4, LOOP_CLR_FD [pid 5869] ioctl(4, LOOP_CLR_FD [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5873] <... futex resumed>) = 0 [pid 5871] <... ioctl resumed>) = 0 [pid 5869] <... ioctl resumed>) = 0 [pid 5085] close(3 [pid 5081] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5874] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5873] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] close(4 [pid 5869] close(4 [pid 5085] <... close resumed>) = 0 [pid 5081] <... openat resumed>) = 3 [pid 5874] <... write resumed>) = 262144 [pid 5871] <... close resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5081] fstat(3, [pid 5871] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5871] <... futex resumed>) = 1 [pid 5869] <... futex resumed>) = 1 [pid 5868] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 0 [pid 5081] getdents64(3, [pid 5871] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 0 [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5883 [pid 5081] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5874] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] chdir("./file0" [pid 5869] chdir("./file0" [pid 5868] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5883 attached [pid 5874] <... futex resumed>) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5871] <... chdir resumed>) = 0 [pid 5869] <... chdir resumed>) = 0 [pid 5081] lstat("./29/binderfs", [pid 5883] set_robust_list(0x555556f1a5e0, 24 [pid 5874] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [ 105.893829][ T5869] ext4 filesystem being mounted at /root/syzkaller.22hR0w/30/bus supports timestamps until 2038 (0x7fffffff) [ 105.910647][ T5871] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/30/bus supports timestamps until 2038 (0x7fffffff) [pid 5873] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 ./strace-static-x86_64: Process 5882 attached [pid 5883] <... set_robust_list resumed>) = 0 [pid 5874] <... mmap resumed>) = 0x20000000 [pid 5873] <... futex resumed>) = 0 [pid 5871] <... futex resumed>) = 1 [pid 5869] <... futex resumed>) = 1 [pid 5868] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 0 [pid 5081] unlink("./29/binderfs" [pid 5883] chdir("./29" [pid 5882] set_robust_list(0x555556f1a5e0, 24 [pid 5874] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... unlink resumed>) = 0 [pid 5883] <... chdir resumed>) = 0 [pid 5882] <... set_robust_list resumed>) = 0 [pid 5874] <... futex resumed>) = 0 [pid 5873] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 0 [pid 5081] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5883] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5882] chdir("./31" [pid 5874] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5869] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5868] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] <... prctl resumed>) = 0 [pid 5882] <... chdir resumed>) = 0 [pid 5874] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5873] <... futex resumed>) = 0 [pid 5871] <... openat resumed>) = 4 [pid 5869] <... openat resumed>) = 4 [pid 5874] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5873] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... open resumed>) = 5 [pid 5871] <... futex resumed>) = 1 [pid 5869] <... futex resumed>) = 1 [pid 5868] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 0 [pid 5874] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... futex resumed>) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 0 [pid 5874] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5869] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5868] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] setpgid(0, 0 [pid 5882] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5874] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5873] <... futex resumed>) = 0 [pid 5871] <... write resumed>) = 262144 [pid 5869] <... write resumed>) = 262144 [pid 5874] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5873] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] <... setpgid resumed>) = 0 [pid 5882] <... prctl resumed>) = 0 [pid 5874] <... mount resumed>) = 0 [pid 5874] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5874] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] setpgid(0, 0 [pid 5874] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5873] <... futex resumed>) = 0 [ 105.983289][ T75] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5882] <... setpgid resumed>) = 0 [pid 5874] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5873] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] <... open resumed>) = 6 [pid 5871] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... futex resumed>) = 1 [pid 5868] <... futex resumed>) = 0 [pid 5874] <... futex resumed>) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5871] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5869] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... openat resumed>) = 3 [pid 5882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5874] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... mmap resumed>) = 0x20000000 [pid 5869] <... futex resumed>) = 1 [pid 5868] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 0 [pid 5883] write(3, "1000", 4 [pid 5882] <... openat resumed>) = 3 [pid 5874] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5873] <... futex resumed>) = 0 [pid 5871] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... write resumed>) = 4 [pid 5882] write(3, "1000", 4 [pid 5874] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5873] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... futex resumed>) = 0 [pid 5869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5867] <... futex resumed>) = 0 [pid 5883] close(3 [pid 5882] <... write resumed>) = 4 [pid 5874] <... write resumed>) = 262144 [pid 5871] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5868] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] <... mmap resumed>) = 0x20000000 [pid 5868] <... futex resumed>) = 0 [pid 5874] <... futex resumed>) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5871] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5869] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] <... close resumed>) = 0 [pid 5882] close(3 [pid 5874] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] exit_group(0 [pid 5871] <... open resumed>) = 5 [pid 5869] <... futex resumed>) = 1 [pid 5867] <... futex resumed>) = 0 [pid 5883] symlink("/dev/binderfs", "./binderfs" [pid 5874] <... futex resumed>) = ? [pid 5873] <... exit_group resumed>) = ? [pid 5871] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5867] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... symlink resumed>) = 0 [pid 5882] <... close resumed>) = 0 [pid 5874] +++ exited with 0 +++ [pid 5873] +++ exited with 0 +++ [pid 5871] <... futex resumed>) = 1 [pid 5869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 0 [pid 5871] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5868] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] <... open resumed>) = 5 [pid 5868] <... futex resumed>) = 0 [pid 5871] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5869] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... mount resumed>) = 0 [pid 5869] <... futex resumed>) = 1 [pid 5867] <... futex resumed>) = 0 [pid 5871] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5867] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... futex resumed>) = 1 [pid 5869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 0 [pid 5871] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 5868] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] <... mount resumed>) = 0 [pid 5868] <... futex resumed>) = 0 [pid 5883] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] symlink("/dev/binderfs", "./binderfs" [pid 5871] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5869] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] <... futex resumed>) = 0 [pid 5871] <... open resumed>) = 6 [pid 5869] <... futex resumed>) = 1 [pid 5867] <... futex resumed>) = 0 [pid 5883] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5882] <... symlink resumed>) = 0 [pid 5871] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5867] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5873, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5883] <... mmap resumed>) = 0x7f5659bc2000 [pid 5882] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... futex resumed>) = 1 [pid 5869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 0 [pid 5086] restart_syscall(<... resuming interrupted clone ...> [pid 5883] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5882] <... futex resumed>) = 0 [pid 5871] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5868] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... restart_syscall resumed>) = 0 [pid 5883] <... mprotect resumed>) = 0 [pid 5882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] <... open resumed>) = 6 [pid 5868] <... futex resumed>) = 0 [pid 5883] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5882] <... mmap resumed>) = 0x7f5659bc2000 [ 106.033473][ T75] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 106.067776][ T75] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [pid 5871] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5869] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5869] <... futex resumed>) = 1 [pid 5867] <... futex resumed>) = 0 [pid 5871] <... write resumed>) = 262144 [pid 5869] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5867] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5867] <... futex resumed>) = 0 [pid 5871] <... futex resumed>) = 1 [pid 5869] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5868] <... futex resumed>) = 0 [pid 5867] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5884 attached [pid 5883] <... clone resumed>, parent_tid=[5884], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5884 [pid 5882] <... mprotect resumed>) = 0 [pid 5871] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] exit_group(0 [pid 5086] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5884] set_robust_list(0x7f5659be29e0, 24 [pid 5883] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5871] <... futex resumed>) = ? [pid 5869] <... write resumed>) = 262144 [pid 5868] <... exit_group resumed>) = ? [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5884] <... set_robust_list resumed>) = 0 [pid 5883] <... futex resumed>) = 0 [pid 5871] +++ exited with 0 +++ [pid 5869] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] +++ exited with 0 +++ [pid 5086] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5884] memfd_create("syzkaller", 0 [pid 5883] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5882] <... clone resumed>, parent_tid=[5885], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5885 [pid 5869] <... futex resumed>) = 1 [pid 5867] <... futex resumed>) = 0 [pid 5086] <... openat resumed>) = 3 [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5868, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5884] <... memfd_create resumed>) = 3 [pid 5882] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5867] exit_group(0 [pid 5086] fstat(3, [pid 5082] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 5885 attached [pid 5884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5882] <... futex resumed>) = 0 [pid 5869] <... futex resumed>) = ? [pid 5867] <... exit_group resumed>) = ? [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... restart_syscall resumed>) = 0 [pid 5885] set_robust_list(0x7f5659be29e0, 24 [pid 5884] <... mmap resumed>) = 0x7f56517c2000 [pid 5882] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 106.114602][ T75] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5086] getdents64(3, [pid 5885] <... set_robust_list resumed>) = 0 [pid 5869] +++ exited with 0 +++ [pid 5867] +++ exited with 0 +++ [pid 5885] memfd_create("syzkaller", 0 [pid 5082] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5885] <... memfd_create resumed>) = 3 [pid 5884] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5082] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5885] <... mmap resumed>) = 0x7f56517c2000 [pid 5082] <... openat resumed>) = 3 [pid 5885] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5867, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5082] fstat(3, [pid 5086] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] getdents64(3, [pid 5086] lstat("./30/binderfs", [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] unlink("./30/binderfs" [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] <... unlink resumed>) = 0 [pid 5083] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] lstat("./30/binderfs", [pid 5086] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] unlink("./30/binderfs" [pid 5083] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] <... unlink resumed>) = 0 [ 106.159567][ T75] EXT4-fs (loop0): This should not happen!! Data will be lost [ 106.159567][ T75] [ 106.193195][ T11] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5082] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... openat resumed>) = 3 [pid 5884] <... write resumed>) = 1048576 [pid 5884] munmap(0x7f56517c2000, 1048576) = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5884] ioctl(4, LOOP_SET_FD, 3 [pid 5083] fstat(3, [pid 5884] <... ioctl resumed>) = 0 [pid 5884] close(3) = 0 [pid 5884] mkdir("./bus", 0777) = 0 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] getdents64(3, [ 106.206943][ T46] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 106.221011][ T75] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 106.233547][ T5884] loop4: detected capacity change from 0 to 2048 [ 106.240949][ T75] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5884] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5885] <... write resumed>) = 1048576 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5885] munmap(0x7f56517c2000, 1048576 [pid 5083] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5885] <... munmap resumed>) = 0 [pid 5885] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5885] ioctl(4, LOOP_SET_FD, 3 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5083] unlink("./30/binderfs") = 0 [ 106.254743][ T46] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 106.267620][ T46] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:3: mark_inode_dirty error [ 106.273884][ T11] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 106.280755][ T46] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 106.300325][ T5885] loop3: detected capacity change from 0 to 2048 [pid 5083] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5885] <... ioctl resumed>) = 0 [pid 5885] close(3) = 0 [pid 5885] mkdir("./bus", 0777) = 0 [pid 5885] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5081] <... umount2 resumed>) = 0 [pid 5081] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] lstat("./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 106.310908][ T11] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 106.311804][ T75] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 106.345630][ T46] EXT4-fs (loop1): This should not happen!! Data will be lost [ 106.345630][ T46] [pid 5081] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 106.359154][ T5884] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/29/bus supports timestamps until 2038 (0x7fffffff) [ 106.371963][ T11] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 106.372458][ T75] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 106.385139][ T46] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [pid 5081] openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5884] <... mount resumed>) = 0 [pid 5081] <... openat resumed>) = 4 [pid 5884] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [ 106.395645][ T75] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [ 106.408935][ T11] EXT4-fs (loop5): This should not happen!! Data will be lost [ 106.408935][ T11] [ 106.422712][ T5885] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/31/bus supports timestamps until 2038 (0x7fffffff) [ 106.430988][ T11] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5081] fstat(4, [pid 5884] <... openat resumed>) = 3 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5884] chdir("./bus" [pid 5081] getdents64(4, [pid 5885] <... mount resumed>) = 0 [pid 5885] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5885] chdir("./bus") = 0 [pid 5885] ioctl(4, LOOP_CLR_FD) = 0 [pid 5885] close(4) = 0 [pid 5885] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 0 [pid 5884] <... chdir resumed>) = 0 [pid 5882] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5882] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] ioctl(4, LOOP_CLR_FD [pid 5081] getdents64(4, [pid 5884] <... ioctl resumed>) = 0 [pid 5884] close(4 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5884] <... close resumed>) = 0 [pid 5081] close(4 [pid 5884] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... close resumed>) = 0 [pid 5884] <... futex resumed>) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5081] rmdir("./29/bus" [pid 5884] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... rmdir resumed>) = 0 [pid 5884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5883] <... futex resumed>) = 0 [pid 5884] chdir("./file0" [pid 5883] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] getdents64(3, [pid 5884] <... chdir resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5884] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] close(3 [pid 5884] <... futex resumed>) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5884] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... close resumed>) = 0 [pid 5884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5883] <... futex resumed>) = 0 [pid 5081] rmdir("./29" [pid 5884] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5883] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] <... openat resumed>) = 4 [pid 5086] <... umount2 resumed>) = 0 [pid 5081] <... rmdir resumed>) = 0 [pid 5884] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5885] <... futex resumed>) = 1 [pid 5884] <... futex resumed>) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] mkdir("./30", 0777 [pid 5885] chdir("./file0" [pid 5884] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] lstat("./30/bus", [pid 5885] <... chdir resumed>) = 0 [pid 5884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5883] <... futex resumed>) = 0 [ 106.453821][ T46] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 106.467773][ T11] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 106.487548][ T75] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5081] <... mkdir resumed>) = 0 [pid 5885] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5883] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5885] <... futex resumed>) = 0 [pid 5884] <... write resumed>) = 262144 [pid 5882] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... umount2 resumed>) = 0 [pid 5885] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5882] <... futex resumed>) = 0 [pid 5885] <... openat resumed>) = 4 [pid 5882] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... openat resumed>) = 3 [pid 5885] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5882] <... futex resumed>) = 0 [pid 5885] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5882] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5882] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] ioctl(3, LOOP_CLR_FD [pid 5086] openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] lstat("./30/bus", [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5884] <... futex resumed>) = 1 [pid 5086] <... openat resumed>) = 4 [pid 5885] <... write resumed>) = 262144 [pid 5884] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] <... futex resumed>) = 0 [pid 5086] fstat(4, [pid 5082] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] close(3 [pid 5885] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5883] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... close resumed>) = 0 [pid 5885] <... futex resumed>) = 1 [pid 5884] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5883] <... futex resumed>) = 0 [pid 5882] <... futex resumed>) = 0 [pid 5086] getdents64(4, [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5885] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] <... mmap resumed>) = 0x20000000 [pid 5883] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5083] <... umount2 resumed>) = 0 [pid 5082] openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5890 attached [pid 5885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5884] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 0 [pid 5086] getdents64(4, [pid 5082] <... openat resumed>) = 4 [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5890 [pid 5885] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5884] <... futex resumed>) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5882] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] fstat(4, [pid 5890] set_robust_list(0x555556f1a5e0, 24 [pid 5885] <... mmap resumed>) = 0x20000000 [pid 5884] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] close(4 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 106.555558][ T75] EXT4-fs (loop2): This should not happen!! Data will be lost [ 106.555558][ T75] [ 106.568138][ T75] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 106.582794][ T75] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5885] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5883] <... futex resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5082] getdents64(4, [pid 5890] <... set_robust_list resumed>) = 0 [pid 5885] <... futex resumed>) = 1 [pid 5884] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5883] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] <... futex resumed>) = 0 [pid 5086] rmdir("./30/bus" [pid 5082] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5890] chdir("./30" [pid 5885] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] <... open resumed>) = 5 [pid 5882] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... rmdir resumed>) = 0 [pid 5082] getdents64(4, [pid 5890] <... chdir resumed>) = 0 [pid 5885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5884] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 0 [pid 5086] getdents64(3, [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5890] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5885] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5884] <... futex resumed>) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5882] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] close(4 [pid 5083] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5890] <... prctl resumed>) = 0 [pid 5885] <... open resumed>) = 5 [pid 5884] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] close(3 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... close resumed>) = 0 [pid 5890] setpgid(0, 0 [pid 5885] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5883] <... futex resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5083] lstat("./30/bus", [pid 5082] rmdir("./30/bus" [pid 5890] <... setpgid resumed>) = 0 [pid 5885] <... futex resumed>) = 1 [pid 5884] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 5883] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] <... futex resumed>) = 0 [pid 5086] rmdir("./30" [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... rmdir resumed>) = 0 [pid 5890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5885] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] <... mount resumed>) = 0 [pid 5882] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5890] <... openat resumed>) = 3 [pid 5885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5884] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 0 [pid 5086] <... rmdir resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] getdents64(3, [pid 5890] write(3, "1000", 4 [pid 5885] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 5884] <... futex resumed>) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5882] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] mkdir("./31", 0777 [pid 5083] openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5890] <... write resumed>) = 4 [pid 5885] <... mount resumed>) = 0 [pid 5884] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... openat resumed>) = 4 [pid 5890] close(3 [pid 5083] fstat(4, [pid 5890] <... close resumed>) = 0 [pid 5086] <... mkdir resumed>) = 0 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5890] symlink("/dev/binderfs", "./binderfs" [pid 5885] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5883] <... futex resumed>) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5083] getdents64(4, [pid 5082] close(3 [pid 5890] <... symlink resumed>) = 0 [pid 5885] <... futex resumed>) = 1 [pid 5884] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5883] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] <... futex resumed>) = 0 [pid 5086] <... openat resumed>) = 3 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5082] <... close resumed>) = 0 [pid 5890] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] <... open resumed>) = 6 [pid 5882] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] ioctl(3, LOOP_CLR_FD [pid 5083] getdents64(4, [pid 5082] rmdir("./30" [pid 5890] <... futex resumed>) = 0 [pid 5885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5884] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 0 [pid 5086] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5890] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5885] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5884] <... futex resumed>) = 1 [pid 5882] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] close(3 [pid 5883] <... futex resumed>) = 0 [pid 5083] close(4 [pid 5082] <... rmdir resumed>) = 0 [pid 5890] <... mmap resumed>) = 0x7f5659bc2000 [pid 5885] <... open resumed>) = 6 [pid 5884] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... close resumed>) = 0 [pid 5082] mkdir("./31", 0777 [pid 5885] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5883] <... futex resumed>) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5082] <... mkdir resumed>) = 0 [pid 5083] <... close resumed>) = 0 [pid 5890] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5885] <... futex resumed>) = 1 [pid 5884] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5883] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] <... futex resumed>) = 0 [pid 5083] rmdir("./30/bus" [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 5891 attached [pid 5890] <... mprotect resumed>) = 0 [pid 5885] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] <... write resumed>) = 262144 [pid 5882] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5891 [pid 5082] <... openat resumed>) = 3 [pid 5890] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5884] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 0 [pid 5083] <... rmdir resumed>) = 0 [pid 5082] ioctl(3, LOOP_CLR_FD [pid 5885] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5884] <... futex resumed>) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5882] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] getdents64(3, [pid 5082] <... ioctl resumed>) = -1 ENXIO (No such device or address) ./strace-static-x86_64: Process 5892 attached [pid 5891] set_robust_list(0x555556f1a5e0, 24 [pid 5890] <... clone resumed>, parent_tid=[5892], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5892 [pid 5884] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] exit_group(0 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] close(3 [pid 5892] set_robust_list(0x7f5659be29e0, 24 [pid 5891] <... set_robust_list resumed>) = 0 [pid 5890] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = ? [pid 5883] <... exit_group resumed>) = ? [pid 5083] close(3 [pid 5082] <... close resumed>) = 0 [pid 5892] <... set_robust_list resumed>) = 0 [pid 5891] chdir("./31" [pid 5890] <... futex resumed>) = 0 [pid 5083] <... close resumed>) = 0 [pid 5892] memfd_create("syzkaller", 0 [pid 5891] <... chdir resumed>) = 0 [pid 5890] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5083] rmdir("./30" [pid 5892] <... memfd_create resumed>) = 3 [pid 5891] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5083] <... rmdir resumed>) = 0 [pid 5892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5891] <... prctl resumed>) = 0 [pid 5083] mkdir("./31", 0777 [pid 5892] <... mmap resumed>) = 0x7f56517c2000 [pid 5891] setpgid(0, 0 [pid 5083] <... mkdir resumed>) = 0 [pid 5892] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5891] <... setpgid resumed>) = 0 [pid 5885] <... write resumed>) = 262144 [pid 5884] +++ exited with 0 +++ [pid 5883] +++ exited with 0 +++ [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5885] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5883, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5083] <... openat resumed>) = 3 [pid 5891] <... openat resumed>) = 3 [pid 5885] <... futex resumed>) = 1 [pid 5882] <... futex resumed>) = 0 [pid 5083] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5893 attached [pid 5891] write(3, "1000", 4 [pid 5885] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5882] exit_group(0 [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5893 [pid 5893] set_robust_list(0x555556f1a5e0, 24 [pid 5891] <... write resumed>) = 4 [pid 5885] <... futex resumed>) = ? [pid 5882] <... exit_group resumed>) = ? [pid 5083] close(3 [pid 5893] <... set_robust_list resumed>) = 0 [pid 5892] <... write resumed>) = 1048576 [pid 5891] close(3 [pid 5885] +++ exited with 0 +++ [pid 5882] +++ exited with 0 +++ [pid 5083] <... close resumed>) = 0 [pid 5893] chdir("./31" [pid 5892] munmap(0x7f56517c2000, 1048576 [pid 5891] <... close resumed>) = 0 [pid 5085] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5882, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5893] <... chdir resumed>) = 0 [pid 5892] <... munmap resumed>) = 0 [pid 5891] symlink("/dev/binderfs", "./binderfs" [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5893] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5892] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5891] <... symlink resumed>) = 0 [pid 5085] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5894 ./strace-static-x86_64: Process 5894 attached [pid 5893] <... prctl resumed>) = 0 [pid 5892] <... openat resumed>) = 4 [pid 5891] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... openat resumed>) = 3 [pid 5894] set_robust_list(0x555556f1a5e0, 24 [pid 5893] setpgid(0, 0 [pid 5892] ioctl(4, LOOP_SET_FD, 3 [pid 5085] fstat(3, [pid 5894] <... set_robust_list resumed>) = 0 [pid 5893] <... setpgid resumed>) = 0 [pid 5892] <... ioctl resumed>) = 0 [pid 5891] <... futex resumed>) = 0 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5894] chdir("./31" [pid 5893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5892] close(3 [pid 5891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5085] getdents64(3, [pid 5084] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5894] <... chdir resumed>) = 0 [pid 5893] <... openat resumed>) = 3 [pid 5892] <... close resumed>) = 0 [pid 5891] <... mmap resumed>) = 0x7f5659bc2000 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5894] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5893] write(3, "1000", 4 [pid 5892] mkdir("./bus", 0777 [pid 5891] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5085] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5894] <... prctl resumed>) = 0 [pid 5893] <... write resumed>) = 4 [pid 5892] <... mkdir resumed>) = 0 [pid 5891] <... mprotect resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] <... openat resumed>) = 3 [pid 5894] setpgid(0, 0 [pid 5893] close(3 [pid 5892] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5891] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5085] lstat("./29/binderfs", [pid 5084] fstat(3, [pid 5894] <... setpgid resumed>) = 0 [pid 5893] <... close resumed>) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5893] symlink("/dev/binderfs", "./binderfs" [pid 5891] <... clone resumed>, parent_tid=[5895], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5895 [pid 5085] unlink("./29/binderfs" [pid 5084] getdents64(3, [pid 5894] <... openat resumed>) = 3 [pid 5891] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... symlink resumed>) = 0 [pid 5891] <... futex resumed>) = 0 [pid 5891] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5085] <... unlink resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 ./strace-static-x86_64: Process 5895 attached [pid 5894] write(3, "1000", 4 [pid 5893] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5895] set_robust_list(0x7f5659be29e0, 24 [pid 5894] <... write resumed>) = 4 [pid 5893] <... futex resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5894] close(3 [pid 5893] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5084] lstat("./31/binderfs", [pid 5894] <... close resumed>) = 0 [pid 5893] <... mmap resumed>) = 0x7f5659bc2000 [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5894] symlink("/dev/binderfs", "./binderfs" [pid 5893] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5084] unlink("./31/binderfs" [pid 5894] <... symlink resumed>) = 0 [pid 5893] <... mprotect resumed>) = 0 [pid 5084] <... unlink resumed>) = 0 [pid 5894] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5084] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5895] <... set_robust_list resumed>) = 0 [pid 5894] <... futex resumed>) = 0 [ 106.761429][ T5892] loop0: detected capacity change from 0 to 2048 [ 106.792099][ T948] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 5894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5893] <... clone resumed>, parent_tid=[5898], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5898 [pid 5894] <... mmap resumed>) = 0x7f5659bc2000 [pid 5893] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5893] <... futex resumed>) = 0 [pid 5894] <... mprotect resumed>) = 0 [pid 5893] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5894] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5899], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5899 ./strace-static-x86_64: Process 5898 attached [pid 5894] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] set_robust_list(0x7f5659be29e0, 24 [pid 5894] <... futex resumed>) = 0 [pid 5898] <... set_robust_list resumed>) = 0 [pid 5894] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5898] memfd_create("syzkaller", 0) = 3 [pid 5898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 ./strace-static-x86_64: Process 5899 attached [pid 5895] memfd_create("syzkaller", 0 [ 106.812827][ T75] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 106.832093][ T948] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 106.833713][ T5892] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/30/bus supports timestamps until 2038 (0x7fffffff) [ 106.854059][ T75] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5898] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5899] set_robust_list(0x7f5659be29e0, 24 [pid 5895] <... memfd_create resumed>) = 3 [pid 5899] <... set_robust_list resumed>) = 0 [pid 5895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5892] <... mount resumed>) = 0 [pid 5899] memfd_create("syzkaller", 0 [pid 5895] <... mmap resumed>) = 0x7f56517c2000 [pid 5899] <... memfd_create resumed>) = 3 [pid 5899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5899] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5892] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5892] chdir("./bus") = 0 [pid 5892] ioctl(4, LOOP_CLR_FD) = 0 [pid 5892] close(4 [pid 5898] <... write resumed>) = 1048576 [pid 5898] munmap(0x7f56517c2000, 1048576) = 0 [pid 5898] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5898] ioctl(4, LOOP_SET_FD, 3 [pid 5892] <... close resumed>) = 0 [pid 5892] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5892] <... futex resumed>) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5898] <... ioctl resumed>) = 0 [pid 5898] close(3) = 0 [pid 5892] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] mkdir("./bus", 0777 [pid 5892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5890] <... futex resumed>) = 0 [pid 5892] chdir("./file0" [pid 5890] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] <... chdir resumed>) = 0 [pid 5892] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5892] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5890] <... futex resumed>) = 0 [pid 5892] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5890] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5898] <... mkdir resumed>) = 0 [pid 5898] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5892] <... openat resumed>) = 4 [pid 5892] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5892] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5890] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 106.882442][ T948] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [ 106.895059][ T5898] loop1: detected capacity change from 0 to 2048 [ 106.903434][ T75] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [pid 5890] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5899] <... write resumed>) = 1048576 [pid 5895] <... write resumed>) = 1048576 [pid 5892] <... write resumed>) = 262144 [pid 5899] munmap(0x7f56517c2000, 1048576 [pid 5895] munmap(0x7f56517c2000, 1048576 [ 106.946138][ T75] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 106.956182][ T948] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 106.971522][ T948] EXT4-fs (loop4): This should not happen!! Data will be lost [ 106.971522][ T948] [ 106.974328][ T75] EXT4-fs (loop3): This should not happen!! Data will be lost [ 106.974328][ T75] [pid 5892] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] <... munmap resumed>) = 0 [pid 5895] <... munmap resumed>) = 0 [pid 5892] <... futex resumed>) = 0 [pid 5890] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5899] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5899] ioctl(4, LOOP_SET_FD, 3 [pid 5895] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5892] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 106.983942][ T948] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 106.997415][ T75] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 107.007130][ T948] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 107.023835][ T5899] loop2: detected capacity change from 0 to 2048 [pid 5890] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... openat resumed>) = 4 [pid 5892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5890] <... futex resumed>) = 0 [pid 5895] ioctl(4, LOOP_SET_FD, 3 [pid 5892] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5890] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5899] <... ioctl resumed>) = 0 [pid 5899] close(3) = 0 [pid 5899] mkdir("./bus", 0777 [pid 5892] <... mmap resumed>) = 0x20000000 [pid 5892] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... ioctl resumed>) = 0 [pid 5892] <... futex resumed>) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5895] close(3 [pid 5892] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... umount2 resumed>) = 0 [pid 5899] <... mkdir resumed>) = 0 [pid 5895] <... close resumed>) = 0 [pid 5892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5890] <... futex resumed>) = 0 [pid 5085] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5899] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5895] mkdir("./bus", 0777 [pid 5892] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5890] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5895] <... mkdir resumed>) = 0 [pid 5892] <... open resumed>) = 5 [pid 5085] lstat("./29/bus", [pid 5895] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5892] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5892] <... futex resumed>) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5085] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5892] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5890] <... futex resumed>) = 0 [pid 5085] openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5892] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5890] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... openat resumed>) = 4 [pid 5892] <... mount resumed>) = 0 [pid 5085] fstat(4, [pid 5892] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5892] <... futex resumed>) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5085] getdents64(4, [pid 5892] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5890] <... futex resumed>) = 0 [ 107.038608][ T75] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 107.053108][ T5895] loop5: detected capacity change from 0 to 2048 [pid 5085] getdents64(4, [pid 5892] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5890] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5892] <... open resumed>) = 6 [pid 5085] close(4 [pid 5892] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... close resumed>) = 0 [pid 5892] <... futex resumed>) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5085] rmdir("./29/bus" [pid 5892] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... rmdir resumed>) = 0 [pid 5892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5890] <... futex resumed>) = 0 [pid 5085] getdents64(3, [pid 5892] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5890] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./29") = 0 [pid 5085] mkdir("./30", 0777) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5892] <... write resumed>) = 262144 [pid 5085] <... openat resumed>) = 3 [pid 5892] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5892] <... futex resumed>) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5892] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] exit_group(0 [pid 5085] close(3 [pid 5892] <... futex resumed>) = ? [pid 5890] <... exit_group resumed>) = ? [pid 5085] <... close resumed>) = 0 [pid 5892] +++ exited with 0 +++ [pid 5890] +++ exited with 0 +++ [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 5904 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5890, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5081] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5081] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5081] unlink("./30/binderfs") = 0 [pid 5081] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5898] <... mount resumed>) = 0 [pid 5898] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5898] chdir("./bus") = 0 [pid 5898] ioctl(4, LOOP_CLR_FD) = 0 [pid 5898] close(4) = 0 [pid 5898] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5898] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5904 attached [pid 5904] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 5904] chdir("./30") = 0 [pid 5893] <... futex resumed>) = 0 [pid 5904] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5893] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5898] <... futex resumed>) = 0 [pid 5893] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5898] chdir("./file0") = 0 [pid 5898] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5893] <... futex resumed>) = 0 [pid 5898] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5893] <... futex resumed>) = 0 [pid 5904] <... prctl resumed>) = 0 [pid 5898] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 107.101878][ T5898] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/31/bus supports timestamps until 2038 (0x7fffffff) [ 107.135513][ T75] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5893] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5898] <... openat resumed>) = 4 [pid 5904] setpgid(0, 0 [pid 5898] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5893] <... futex resumed>) = 0 [pid 5904] <... setpgid resumed>) = 0 [pid 5898] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5904] write(3, "1000", 4) = 4 [pid 5904] close(3) = 0 [pid 5904] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5904] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5904] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5904] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5907], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5907 [pid 5904] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 107.156239][ T75] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 107.169054][ T75] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [ 107.182917][ T5899] ext4 filesystem being mounted at /root/syzkaller.22hR0w/31/bus supports timestamps until 2038 (0x7fffffff) [pid 5898] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651./strace-static-x86_64: Process 5907 attached [pid 5899] <... mount resumed>) = 0 [pid 5895] <... mount resumed>) = 0 [pid 5893] <... futex resumed>) = 0 [pid 5084] <... umount2 resumed>) = 0 [pid 5907] set_robust_list(0x7f5659be29e0, 24 [pid 5899] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5895] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5893] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5907] <... set_robust_list resumed>) = 0 [pid 5899] <... openat resumed>) = 3 [pid 5895] <... openat resumed>) = 3 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5907] memfd_create("syzkaller", 0 [pid 5899] chdir("./bus" [pid 5895] chdir("./bus" [pid 5084] lstat("./31/bus", [pid 5907] <... memfd_create resumed>) = 3 [pid 5899] <... chdir resumed>) = 0 [pid 5898] <... write resumed>) = 262144 [pid 5895] <... chdir resumed>) = 0 [pid 5898] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5893] <... futex resumed>) = 0 [pid 5907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5899] ioctl(4, LOOP_CLR_FD [pid 5898] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5895] ioctl(4, LOOP_CLR_FD [pid 5893] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5907] <... mmap resumed>) = 0x7f56517c2000 [pid 5899] <... ioctl resumed>) = 0 [pid 5898] <... mmap resumed>) = 0x20000000 [pid 5895] <... ioctl resumed>) = 0 [pid 5893] <... futex resumed>) = 0 [pid 5084] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5898] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 107.197748][ T5895] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/31/bus supports timestamps until 2038 (0x7fffffff) [ 107.219602][ T75] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5898] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5907] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5899] close(4 [pid 5895] close(4 [pid 5893] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5899] <... close resumed>) = 0 [pid 5895] <... close resumed>) = 0 [pid 5893] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5899] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] <... futex resumed>) = 1 [pid 5898] <... futex resumed>) = 0 [pid 5895] <... futex resumed>) = 1 [pid 5894] <... futex resumed>) = 0 [pid 5893] <... futex resumed>) = 1 [pid 5891] <... futex resumed>) = 0 [pid 5084] <... openat resumed>) = 4 [pid 5899] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5898] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5895] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] fstat(4, [pid 5899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5898] <... open resumed>) = 5 [pid 5895] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5894] <... futex resumed>) = 0 [pid 5891] <... futex resumed>) = 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5899] chdir("./file0" [pid 5898] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] chdir("./file0" [pid 5894] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] getdents64(4, [pid 5899] <... chdir resumed>) = 0 [pid 5898] <... futex resumed>) = 1 [pid 5893] <... futex resumed>) = 0 [pid 5899] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5895] <... chdir resumed>) = 0 [pid 5893] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5899] <... futex resumed>) = 1 [pid 5898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5895] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... futex resumed>) = 0 [pid 5893] <... futex resumed>) = 0 [pid 5084] getdents64(4, [pid 5899] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5898] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5895] <... futex resumed>) = 1 [pid 5894] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] <... futex resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5898] <... mount resumed>) = 0 [pid 5895] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] <... futex resumed>) = 0 [ 107.251319][ T75] EXT4-fs (loop0): This should not happen!! Data will be lost [ 107.251319][ T75] [pid 5891] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] close(4 [pid 5899] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5898] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5894] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] <... futex resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 5898] <... futex resumed>) = 1 [pid 5895] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5893] <... futex resumed>) = 0 [pid 5891] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5898] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] rmdir("./31/bus" [pid 5893] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... rmdir resumed>) = 0 [pid 5898] <... futex resumed>) = 0 [pid 5893] <... futex resumed>) = 1 [pid 5898] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5084] getdents64(3, [pid 5899] <... openat resumed>) = 4 [pid 5898] <... open resumed>) = 6 [pid 5895] <... openat resumed>) = 4 [pid 5893] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5899] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] close(3 [pid 5899] <... futex resumed>) = 1 [pid 5898] <... futex resumed>) = 0 [pid 5895] <... futex resumed>) = 1 [pid 5894] <... futex resumed>) = 0 [pid 5893] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 5907] <... write resumed>) = 1048576 [pid 5899] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5898] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5895] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... futex resumed>) = 0 [pid 5891] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] rmdir("./31" [pid 5907] munmap(0x7f56517c2000, 1048576 [pid 5899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5895] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5894] <... futex resumed>) = 0 [pid 5893] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] <... futex resumed>) = 0 [pid 5084] <... rmdir resumed>) = 0 [pid 5907] <... munmap resumed>) = 0 [pid 5899] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5894] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5895] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5891] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] mkdir("./32", 0777) = 0 [pid 5907] <... openat resumed>) = 4 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5907] ioctl(4, LOOP_SET_FD, 3 [pid 5084] <... openat resumed>) = 3 [ 107.316435][ T75] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 107.352385][ T5907] loop4: detected capacity change from 0 to 2048 [pid 5907] <... ioctl resumed>) = 0 [pid 5895] <... write resumed>) = 262144 [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5899] <... write resumed>) = 262144 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5084] close(3) = 0 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5908 attached [pid 5907] close(3 [pid 5899] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] <... write resumed>) = 262144 [pid 5895] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5908 [pid 5908] set_robust_list(0x555556f1a5e0, 24 [pid 5907] <... close resumed>) = 0 [pid 5899] <... futex resumed>) = 1 [pid 5898] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... futex resumed>) = 0 [pid 5908] <... set_robust_list resumed>) = 0 [pid 5907] mkdir("./bus", 0777 [pid 5899] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5898] <... futex resumed>) = 1 [pid 5895] <... futex resumed>) = 1 [pid 5894] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... futex resumed>) = 0 [pid 5891] <... futex resumed>) = 0 [pid 5908] chdir("./32" [pid 5898] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] <... futex resumed>) = 0 [pid 5893] exit_group(0 [pid 5891] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] <... chdir resumed>) = 0 [pid 5907] <... mkdir resumed>) = 0 [pid 5899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5898] <... futex resumed>) = ? [pid 5895] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5894] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5893] <... exit_group resumed>) = ? [pid 5891] <... futex resumed>) = 0 [pid 5908] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5907] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5899] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5898] +++ exited with 0 +++ [pid 5908] <... prctl resumed>) = 0 [pid 5891] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5908] setpgid(0, 0) = 0 [pid 5893] +++ exited with 0 +++ [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5893, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5908] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5908] write(3, "1000", 4) = 4 [pid 5895] <... mmap resumed>) = 0x20000000 [pid 5908] close(3 [pid 5899] <... mmap resumed>) = 0x20000000 [pid 5895] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] <... close resumed>) = 0 [pid 5899] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] symlink("/dev/binderfs", "./binderfs" [pid 5899] <... futex resumed>) = 1 [pid 5895] <... futex resumed>) = 1 [pid 5894] <... futex resumed>) = 0 [pid 5891] <... futex resumed>) = 0 [pid 5908] <... symlink resumed>) = 0 [pid 5899] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5895] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5894] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5908] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5899] <... open resumed>) = 5 [pid 5894] <... futex resumed>) = 0 [pid 5891] <... futex resumed>) = 0 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5908] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5894] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 107.353669][ T75] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5891] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5908] <... mmap resumed>) = 0x7f5659bc2000 [pid 5899] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... open resumed>) = 5 [pid 5082] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5908] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5899] <... futex resumed>) = 1 [pid 5895] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... futex resumed>) = 0 [pid 5908] <... mprotect resumed>) = 0 [pid 5899] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 5895] <... futex resumed>) = 1 [pid 5894] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = 0 [pid 5082] <... openat resumed>) = 3 [pid 5908] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5894] <... futex resumed>) = 0 [pid 5891] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] <... futex resumed>) = 0 [pid 5082] fstat(3, [pid 5891] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5908] <... clone resumed>, parent_tid=[5912], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5912 [pid 5899] <... mount resumed>) = 0 [pid 5895] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5082] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5908] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... mount resumed>) = 0 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5912 attached [pid 5908] <... futex resumed>) = 0 [pid 5907] <... mount resumed>) = 0 [pid 5899] <... futex resumed>) = 1 [pid 5895] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... futex resumed>) = 0 [pid 5082] lstat("./31/binderfs", [pid 5912] set_robust_list(0x7f5659be29e0, 24 [pid 5908] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5907] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5899] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5895] <... futex resumed>) = 1 [pid 5894] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = 0 [pid 5082] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5912] <... set_robust_list resumed>) = 0 [pid 5907] <... openat resumed>) = 3 [pid 5899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5895] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] <... futex resumed>) = 0 [pid 5891] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] unlink("./31/binderfs" [pid 5081] <... umount2 resumed>) = 0 [pid 5912] memfd_create("syzkaller", 0 [pid 5907] chdir("./bus" [ 107.418745][ T5907] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/30/bus supports timestamps until 2038 (0x7fffffff) [pid 5899] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5895] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5894] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] <... futex resumed>) = 0 [pid 5912] <... memfd_create resumed>) = 3 [pid 5907] <... chdir resumed>) = 0 [pid 5899] <... open resumed>) = 6 [pid 5895] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5891] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... unlink resumed>) = 0 [pid 5912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5907] ioctl(4, LOOP_CLR_FD [pid 5899] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... open resumed>) = 6 [pid 5082] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5912] <... mmap resumed>) = 0x7f56517c2000 [pid 5907] <... ioctl resumed>) = 0 [pid 5899] <... futex resumed>) = 1 [pid 5895] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... futex resumed>) = 0 [pid 5912] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5907] close(4) = 0 [pid 5907] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5899] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5895] <... futex resumed>) = 1 [pid 5894] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = 0 [pid 5899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5895] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] <... futex resumed>) = 0 [pid 5891] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5895] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5894] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] <... futex resumed>) = 0 [pid 5081] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5912] <... write resumed>) = 1048576 [pid 5907] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5891] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 107.490802][ T11] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 107.523154][ T11] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5912] munmap(0x7f56517c2000, 1048576 [pid 5907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5904] <... futex resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5912] <... munmap resumed>) = 0 [pid 5907] chdir("./file0" [pid 5899] <... write resumed>) = 262144 [pid 5912] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5904] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5899] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... chdir resumed>) = 0 [pid 5912] <... openat resumed>) = 4 [pid 5907] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] <... futex resumed>) = 1 [pid 5894] <... futex resumed>) = 0 [pid 5081] lstat("./30/bus", [pid 5912] ioctl(4, LOOP_SET_FD, 3 [pid 5907] <... futex resumed>) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5899] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] exit_group(0 [pid 5912] <... ioctl resumed>) = 0 [pid 5907] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] <... futex resumed>) = ? [pid 5894] <... exit_group resumed>) = ? [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5912] close(3 [pid 5907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5904] <... futex resumed>) = 0 [pid 5912] <... close resumed>) = 0 [pid 5907] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5912] mkdir("./bus", 0777 [pid 5899] +++ exited with 0 +++ [pid 5894] +++ exited with 0 +++ [pid 5904] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5912] <... mkdir resumed>) = 0 [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5894, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 107.534862][ T11] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 107.551010][ T5912] loop3: detected capacity change from 0 to 2048 [ 107.566762][ T11] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5912] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5081] openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5083] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5083] fstat(3, [pid 5081] <... openat resumed>) = 4 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5083] lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5083] unlink("./31/binderfs") = 0 [pid 5083] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5891] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5081] fstat(4, [pid 5895] <... write resumed>) = 262144 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5895] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] getdents64(4, [pid 5891] exit_group(0) = ? [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5895] <... futex resumed>) = ? [pid 5081] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5081] close(4) = 0 [pid 5081] rmdir("./30/bus") = 0 [pid 5081] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5081] close(3) = 0 [pid 5907] <... openat resumed>) = 4 [pid 5895] +++ exited with 0 +++ [pid 5891] +++ exited with 0 +++ [pid 5907] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5891, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5907] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5904] <... futex resumed>) = 0 [pid 5086] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] rmdir("./30" [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, [pid 5904] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] <... rmdir resumed>) = 0 [pid 5086] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./31/binderfs", [pid 5907] <... futex resumed>) = 0 [pid 5904] <... futex resumed>) = 1 [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5907] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5086] unlink("./31/binderfs" [pid 5081] mkdir("./31", 0777 [pid 5904] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... unlink resumed>) = 0 [ 107.580201][ T75] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 107.608923][ T75] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 107.622152][ T11] EXT4-fs (loop1): This should not happen!! Data will be lost [ 107.622152][ T11] [pid 5086] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... mkdir resumed>) = 0 [pid 5907] <... write resumed>) = 262144 [pid 5907] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] <... futex resumed>) = 0 [pid 5904] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] <... futex resumed>) = 1 [pid 5907] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 5907] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] <... futex resumed>) = 0 [pid 5904] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] <... futex resumed>) = 1 [pid 5907] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5907] <... open resumed>) = 5 [pid 5907] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] <... futex resumed>) = 0 [pid 5904] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] <... futex resumed>) = 1 [pid 5907] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5907] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] <... futex resumed>) = 0 [pid 5907] <... futex resumed>) = 1 [pid 5904] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5904] <... futex resumed>) = 0 [pid 5907] <... open resumed>) = 6 [pid 5904] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5907] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5904] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] <... mount resumed>) = 0 [pid 5081] <... openat resumed>) = 3 [pid 5912] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5081] ioctl(3, LOOP_CLR_FD [pid 5912] <... openat resumed>) = 3 [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [ 107.634519][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 107.650973][ T5912] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/32/bus supports timestamps until 2038 (0x7fffffff) [ 107.665464][ T1062] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5912] chdir("./bus" [pid 5081] close(3 [pid 5907] <... write resumed>) = 262144 [pid 5907] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] <... futex resumed>) = 0 [pid 5904] exit_group(0) = ? [pid 5907] <... futex resumed>) = ? [pid 5912] <... chdir resumed>) = 0 [pid 5912] ioctl(4, LOOP_CLR_FD [pid 5081] <... close resumed>) = 0 [pid 5912] <... ioctl resumed>) = 0 [pid 5907] +++ exited with 0 +++ [pid 5904] +++ exited with 0 +++ [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5912] close(4) = 0 [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5915 [pid 5912] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5912] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5908] <... futex resumed>) = 0 [ 107.682397][ T75] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [ 107.683044][ T11] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 107.709417][ T11] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 107.723068][ T1062] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:6: mark_inode_dirty error [pid 5912] chdir("./file0" [pid 5908] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5904, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5085] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5912] <... chdir resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5912] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5085] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5912] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... openat resumed>) = 3 [pid 5912] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5908] <... futex resumed>) = 0 [pid 5085] fstat(3, ./strace-static-x86_64: Process 5915 attached [pid 5912] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5908] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5915] set_robust_list(0x555556f1a5e0, 24 [pid 5912] <... openat resumed>) = 4 [pid 5085] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5915] <... set_robust_list resumed>) = 0 [pid 5912] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5915] chdir("./31" [pid 5912] <... futex resumed>) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5085] lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./30/binderfs" [pid 5915] <... chdir resumed>) = 0 [pid 5912] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5908] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... unlink resumed>) = 0 [pid 5915] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5085] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5908] <... futex resumed>) = 0 [pid 5908] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] <... prctl resumed>) = 0 [pid 5912] <... write resumed>) = 262144 [pid 5915] setpgid(0, 0) = 0 [pid 5915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5915] write(3, "1000", 4) = 4 [pid 5915] close(3) = 0 [ 107.723141][ T75] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 107.758763][ T1062] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 107.782384][ T1062] EXT4-fs (loop5): This should not happen!! Data will be lost [ 107.782384][ T1062] [pid 5915] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5915] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5082] <... umount2 resumed>) = 0 [ 107.799702][ T75] EXT4-fs (loop2): This should not happen!! Data will be lost [ 107.799702][ T75] [ 107.803437][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 107.813434][ T75] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5915] <... futex resumed>) = 0 [pid 5912] <... futex resumed>) = 0 [pid 5908] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5915] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5908] <... futex resumed>) = 0 [pid 5908] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] <... mmap resumed>) = 0x7f5659bc2000 [pid 5915] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5912] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5915] <... mprotect resumed>) = 0 [pid 5912] <... mmap resumed>) = 0x20000000 [pid 5082] lstat("./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5915] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5082] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5912] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] <... clone resumed>, parent_tid=[5916], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5916 [pid 5912] <... futex resumed>) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5082] <... openat resumed>) = 4 [pid 5915] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] fstat(4, [pid 5915] <... futex resumed>) = 0 [pid 5912] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5915] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5908] <... futex resumed>) = 0 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5908] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] <... open resumed>) = 5 [pid 5082] getdents64(4, [pid 5912] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5912] <... futex resumed>) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5082] getdents64(4, [pid 5908] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 5908] <... futex resumed>) = 0 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5908] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] close(4) = 0 [pid 5912] <... mount resumed>) = 0 [pid 5082] rmdir("./31/bus" [pid 5912] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... rmdir resumed>) = 0 [pid 5912] <... futex resumed>) = 1 [pid 5908] <... futex resumed>) = 0 [ 107.837608][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 107.851829][ T75] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 107.851875][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 107.873192][ T11] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5908] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5082] getdents64(3, ./strace-static-x86_64: Process 5916 attached [pid 5916] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 5916] memfd_create("syzkaller", 0) = 3 [pid 5916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5908] <... futex resumed>) = 0 [pid 5912] <... open resumed>) = 6 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5912] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] close(3 [pid 5912] <... futex resumed>) = 0 [pid 5908] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] <... close resumed>) = 0 [pid 5912] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5908] <... futex resumed>) = 0 [pid 5082] rmdir("./31" [pid 5912] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5908] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... rmdir resumed>) = 0 [pid 5082] mkdir("./32", 0777) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5082] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5082] close(3 [pid 5912] <... write resumed>) = 262144 [pid 5082] <... close resumed>) = 0 [ 107.901180][ T11] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 107.915491][ T11] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 107.929118][ T11] EXT4-fs (loop4): This should not happen!! Data will be lost [ 107.929118][ T11] [pid 5912] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5916] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5912] <... futex resumed>) = 1 [pid 5912] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5917 attached [pid 5908] exit_group(0 [pid 5083] <... umount2 resumed>) = 0 [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5917 [pid 5083] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5083] lstat("./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5917] set_robust_list(0x555556f1a5e0, 24 [pid 5908] <... exit_group resumed>) = ? [pid 5912] <... futex resumed>) = ? [pid 5083] openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5083] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5912] +++ exited with 0 +++ [pid 5917] <... set_robust_list resumed>) = 0 [pid 5908] +++ exited with 0 +++ [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5908, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5917] chdir("./32") = 0 [pid 5917] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5084] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5917] <... prctl resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] getdents64(4, [pid 5917] setpgid(0, 0 [pid 5916] <... write resumed>) = 1048576 [pid 5084] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5917] <... setpgid resumed>) = 0 [pid 5084] <... openat resumed>) = 3 [pid 5083] getdents64(4, [pid 5084] fstat(3, [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] close(4 [pid 5084] getdents64(3, [pid 5917] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] <... close resumed>) = 0 [pid 5917] <... openat resumed>) = 3 [pid 5916] munmap(0x7f56517c2000, 1048576 [pid 5086] <... umount2 resumed>) = 0 [pid 5084] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] rmdir("./31/bus" [pid 5917] write(3, "1000", 4 [pid 5916] <... munmap resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] <... rmdir resumed>) = 0 [pid 5917] <... write resumed>) = 4 [pid 5916] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5084] lstat("./32/binderfs", [pid 5083] getdents64(3, [pid 5916] <... openat resumed>) = 4 [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5916] ioctl(4, LOOP_SET_FD, 3 [ 107.986691][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 108.011278][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5084] unlink("./32/binderfs" [pid 5083] close(3 [pid 5917] close(3 [pid 5086] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] <... unlink resumed>) = 0 [pid 5083] <... close resumed>) = 0 [pid 5917] <... close resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] rmdir("./31" [pid 5917] symlink("/dev/binderfs", "./binderfs" [pid 5086] lstat("./31/bus", [pid 5083] <... rmdir resumed>) = 0 [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] mkdir("./32", 0777 [pid 5086] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... mkdir resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5086] openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] <... openat resumed>) = 3 [pid 5086] <... openat resumed>) = 4 [pid 5083] ioctl(3, LOOP_CLR_FD [pid 5086] fstat(4, [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] close(3 [pid 5086] getdents64(4, [pid 5083] <... close resumed>) = 0 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5086] getdents64(4, [pid 5917] <... symlink resumed>) = 0 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5918 [pid 5917] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] close(4 [pid 5917] <... futex resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5917] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5086] rmdir("./31/bus" [pid 5917] <... mmap resumed>) = 0x7f5659bc2000 [pid 5086] <... rmdir resumed>) = 0 [pid 5917] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5916] <... ioctl resumed>) = 0 [pid 5086] getdents64(3, [pid 5917] <... mprotect resumed>) = 0 [pid 5916] close(3 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5917] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5916] <... close resumed>) = 0 [pid 5086] close(3./strace-static-x86_64: Process 5918 attached [pid 5916] mkdir("./bus", 0777 [pid 5086] <... close resumed>) = 0 [pid 5918] set_robust_list(0x555556f1a5e0, 24 [pid 5916] <... mkdir resumed>) = 0 [pid 5086] rmdir("./31" [pid 5918] <... set_robust_list resumed>) = 0 [pid 5916] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5086] <... rmdir resumed>) = 0 [pid 5918] chdir("./32" [pid 5917] <... clone resumed>, parent_tid=[5919], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5919 [pid 5086] mkdir("./32", 0777 [pid 5918] <... chdir resumed>) = 0 [pid 5917] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... mkdir resumed>) = 0 [pid 5918] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5917] <... futex resumed>) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5918] <... prctl resumed>) = 0 [pid 5086] <... openat resumed>) = 3 [pid 5918] setpgid(0, 0 [pid 5917] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5086] ioctl(3, LOOP_CLR_FD [pid 5918] <... setpgid resumed>) = 0 [pid 5086] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5086] close(3 [pid 5918] <... openat resumed>) = 3 [pid 5086] <... close resumed>) = 0 [pid 5918] write(3, "1000", 4 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5918] <... write resumed>) = 4 [pid 5918] close(3 [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5920 [pid 5918] <... close resumed>) = 0 [pid 5918] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 5919 attached ) = 0 [pid 5918] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] set_robust_list(0x7f5659be29e0, 24 [pid 5918] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5920 attached [pid 5918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5920] set_robust_list(0x555556f1a5e0, 24 [pid 5919] <... set_robust_list resumed>) = 0 [pid 5918] <... mmap resumed>) = 0x7f5659bc2000 [pid 5920] <... set_robust_list resumed>) = 0 [pid 5918] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5920] chdir("./32" [pid 5919] memfd_create("syzkaller", 0 [pid 5918] <... mprotect resumed>) = 0 [pid 5085] <... umount2 resumed>) = 0 [pid 5920] <... chdir resumed>) = 0 [pid 5919] <... memfd_create resumed>) = 3 [pid 5918] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5920] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5920] <... prctl resumed>) = 0 [pid 5919] <... mmap resumed>) = 0x7f56517c2000 [pid 5918] <... clone resumed>, parent_tid=[5921], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5921 [pid 5920] setpgid(0, 0 [pid 5918] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5920] <... setpgid resumed>) = 0 [pid 5918] <... futex resumed>) = 0 [pid 5920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5918] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5921 attached [pid 5920] <... openat resumed>) = 3 [pid 5921] set_robust_list(0x7f5659be29e0, 24 [pid 5920] write(3, "1000", 4 [pid 5921] <... set_robust_list resumed>) = 0 [pid 5920] <... write resumed>) = 4 [pid 5921] memfd_create("syzkaller", 0 [pid 5920] close(3 [pid 5921] <... memfd_create resumed>) = 3 [pid 5920] <... close resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5920] symlink("/dev/binderfs", "./binderfs" [pid 5921] <... mmap resumed>) = 0x7f56517c2000 [pid 5920] <... symlink resumed>) = 0 [ 108.059044][ T5916] loop0: detected capacity change from 0 to 2048 [ 108.083066][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5085] lstat("./30/bus", [pid 5920] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [ 108.141058][ T11] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 108.153175][ T5916] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/31/bus supports timestamps until 2038 (0x7fffffff) [pid 5919] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5920] <... futex resumed>) = 0 [pid 5919] <... write resumed>) = 1048576 [pid 5085] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, [pid 5920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5920] <... mmap resumed>) = 0x7f5659bc2000 [pid 5085] close(4 [pid 5920] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5085] <... close resumed>) = 0 [pid 5920] <... mprotect resumed>) = 0 [pid 5085] rmdir("./30/bus" [pid 5921] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5920] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5919] munmap(0x7f56517c2000, 1048576 [pid 5916] <... mount resumed>) = 0 [pid 5085] <... rmdir resumed>) = 0 [pid 5920] <... clone resumed>, parent_tid=[5925], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5925 [pid 5085] getdents64(3, [pid 5920] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5919] <... munmap resumed>) = 0 [pid 5916] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 5925 attached [pid 5919] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5916] <... openat resumed>) = 3 [ 108.181498][ T11] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 108.204897][ T11] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5925] set_robust_list(0x7f5659be29e0, 24 [pid 5919] <... openat resumed>) = 4 [pid 5916] chdir("./bus" [pid 5925] <... set_robust_list resumed>) = 0 [pid 5925] memfd_create("syzkaller", 0) = 3 [pid 5925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5925] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5921] <... write resumed>) = 1048576 [pid 5919] ioctl(4, LOOP_SET_FD, 3 [pid 5916] <... chdir resumed>) = 0 [pid 5085] close(3 [pid 5921] munmap(0x7f56517c2000, 1048576) = 0 [pid 5921] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5921] ioctl(4, LOOP_SET_FD, 3 [pid 5916] ioctl(4, LOOP_CLR_FD [pid 5085] <... close resumed>) = 0 [pid 5916] <... ioctl resumed>) = 0 [pid 5085] rmdir("./30" [pid 5919] <... ioctl resumed>) = 0 [pid 5916] close(4 [pid 5085] <... rmdir resumed>) = 0 [pid 5916] <... close resumed>) = 0 [pid 5085] mkdir("./31", 0777 [pid 5916] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... mkdir resumed>) = 0 [pid 5919] close(3 [pid 5916] <... futex resumed>) = 1 [pid 5915] <... futex resumed>) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5919] <... close resumed>) = 0 [pid 5916] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5915] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... openat resumed>) = 3 [pid 5919] mkdir("./bus", 0777 [pid 5916] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5915] <... futex resumed>) = 0 [pid 5085] ioctl(3, LOOP_CLR_FD [pid 5919] <... mkdir resumed>) = 0 [pid 5916] chdir("./file0" [pid 5915] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5919] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5916] <... chdir resumed>) = 0 [pid 5085] close(3 [pid 5916] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... close resumed>) = 0 [pid 5916] <... futex resumed>) = 1 [ 108.231053][ T11] EXT4-fs (loop3): This should not happen!! Data will be lost [ 108.231053][ T11] [ 108.244201][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 108.255008][ T5921] loop2: detected capacity change from 0 to 2048 [ 108.257854][ T5919] loop1: detected capacity change from 0 to 2048 [pid 5915] <... futex resumed>) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5925] <... write resumed>) = 1048576 [pid 5921] <... ioctl resumed>) = 0 [pid 5916] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5915] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] munmap(0x7f56517c2000, 1048576 [pid 5921] close(3 [pid 5915] <... futex resumed>) = 0 [pid 5925] <... munmap resumed>) = 0 [pid 5921] <... close resumed>) = 0 [pid 5915] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5921] mkdir("./bus", 0777 [pid 5925] <... openat resumed>) = 4 [pid 5921] <... mkdir resumed>) = 0 [pid 5925] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5926 attached [pid 5921] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5916] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5916] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5926 [pid 5925] <... ioctl resumed>) = 0 [pid 5925] close(3) = 0 [pid 5925] mkdir("./bus", 0777) = 0 [pid 5925] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5916] <... openat resumed>) = 4 [pid 5926] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 5916] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] chdir("./31" [pid 5916] <... futex resumed>) = 1 [pid 5926] <... chdir resumed>) = 0 [pid 5916] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5915] <... futex resumed>) = 0 [pid 5926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5926] setpgid(0, 0) = 0 [pid 5926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5926] write(3, "1000", 4 [pid 5915] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... write resumed>) = 4 [pid 5916] <... futex resumed>) = 0 [pid 5915] <... futex resumed>) = 1 [pid 5926] close(3 [ 108.297962][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 108.302365][ T5925] loop5: detected capacity change from 0 to 2048 [pid 5916] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5915] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5926] <... close resumed>) = 0 [pid 5916] <... write resumed>) = 262144 [pid 5926] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5926] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5926] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5084] <... umount2 resumed>) = 0 [pid 5926] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5933], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5933 [pid 5926] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5084] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5916] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] lstat("./32/bus", [pid 5916] <... futex resumed>) = 1 [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5916] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5919] <... mount resumed>) = 0 [pid 5084] <... openat resumed>) = 4 [pid 5919] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5084] fstat(4, [pid 5919] <... openat resumed>) = 3 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5919] chdir("./bus" [pid 5084] getdents64(4, [pid 5919] <... chdir resumed>) = 0 [pid 5915] <... futex resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5919] ioctl(4, LOOP_CLR_FD [pid 5915] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] getdents64(4, [pid 5919] <... ioctl resumed>) = 0 [pid 5916] <... futex resumed>) = 0 [pid 5915] <... futex resumed>) = 1 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 5933 attached [pid 5919] close(4 [pid 5916] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5915] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] close(4 [pid 5933] set_robust_list(0x7f5659be29e0, 24 [pid 5919] <... close resumed>) = 0 [pid 5916] <... mmap resumed>) = 0x20000000 [pid 5084] <... close resumed>) = 0 [pid 5919] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] rmdir("./32/bus" [pid 5919] <... futex resumed>) = 1 [pid 5917] <... futex resumed>) = 0 [pid 5916] <... futex resumed>) = 0 [pid 5915] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] <... rmdir resumed>) = 0 [pid 5919] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5917] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5915] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] getdents64(3, [pid 5919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5917] <... futex resumed>) = 0 [pid 5916] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5915] <... futex resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5933] <... set_robust_list resumed>) = 0 [pid 5919] chdir("./file0" [pid 5917] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 108.353866][ T5919] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/32/bus supports timestamps until 2038 (0x7fffffff) [ 108.355638][ T5921] ext4 filesystem being mounted at /root/syzkaller.22hR0w/32/bus supports timestamps until 2038 (0x7fffffff) [ 108.386193][ T5925] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/32/bus supports timestamps until 2038 (0x7fffffff) [pid 5916] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5915] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] close(3 [pid 5933] memfd_create("syzkaller", 0 [pid 5919] <... chdir resumed>) = 0 [pid 5916] <... open resumed>) = 5 [pid 5084] <... close resumed>) = 0 [pid 5921] <... mount resumed>) = 0 [pid 5919] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] rmdir("./32" [pid 5921] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5919] <... futex resumed>) = 1 [pid 5916] <... futex resumed>) = 0 [pid 5084] <... rmdir resumed>) = 0 [pid 5921] <... openat resumed>) = 3 [pid 5919] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5916] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] mkdir("./33", 0777 [pid 5921] chdir("./bus" [pid 5084] <... mkdir resumed>) = 0 [pid 5921] <... chdir resumed>) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5921] ioctl(4, LOOP_CLR_FD [pid 5084] <... openat resumed>) = 3 [pid 5921] <... ioctl resumed>) = 0 [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5921] close(4 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5921] <... close resumed>) = 0 [pid 5084] close(3 [pid 5921] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... close resumed>) = 0 [pid 5921] <... futex resumed>) = 1 [pid 5918] <... futex resumed>) = 0 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5921] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] <... futex resumed>) = 0 [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5934 [pid 5921] chdir("./file0" [pid 5918] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] <... mount resumed>) = 0 [pid 5925] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5925] chdir("./bus") = 0 [pid 5925] ioctl(4, LOOP_CLR_FD [pid 5917] <... futex resumed>) = 0 [pid 5915] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5921] <... chdir resumed>) = 0 [pid 5917] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] <... memfd_create resumed>) = 3 [pid 5921] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... futex resumed>) = 0 [pid 5917] <... futex resumed>) = 1 [pid 5916] <... futex resumed>) = 0 [pid 5915] <... futex resumed>) = 1 [pid 5921] <... futex resumed>) = 1 [pid 5919] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5918] <... futex resumed>) = 0 [pid 5917] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5916] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5915] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5921] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] <... mount resumed>) = 0 [pid 5921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] <... futex resumed>) = 0 [pid 5916] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] <... mmap resumed>) = 0x7f56517c2000 [pid 5921] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5919] <... openat resumed>) = 4 [pid 5918] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5916] <... futex resumed>) = 1 [pid 5915] <... futex resumed>) = 0 [pid 5916] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5915] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5915] <... futex resumed>) = 0 [pid 5916] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5921] <... openat resumed>) = 4 [pid 5919] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] <... open resumed>) = 6 [pid 5915] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... futex resumed>) = 1 [pid 5917] <... futex resumed>) = 0 [pid 5916] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5925] <... ioctl resumed>) = 0 [pid 5921] <... futex resumed>) = 1 [pid 5919] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] <... futex resumed>) = 0 [pid 5917] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] <... futex resumed>) = 0 [pid 5915] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] <... futex resumed>) = 0 [pid 5916] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5915] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5934 attached [pid 5933] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5925] close(4 [pid 5921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5919] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5918] <... futex resumed>) = 0 [pid 5917] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5934] set_robust_list(0x555556f1a5e0, 24 [pid 5925] <... close resumed>) = 0 [pid 5921] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5916] <... write resumed>) = 262144 [pid 5916] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5916] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5921] <... write resumed>) = 262144 [pid 5925] <... futex resumed>) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5934] <... set_robust_list resumed>) = 0 [pid 5925] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] exit_group(0 [pid 5934] chdir("./33" [pid 5925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] <... futex resumed>) = 0 [pid 5916] <... futex resumed>) = ? [pid 5915] <... exit_group resumed>) = ? [pid 5934] <... chdir resumed>) = 0 [pid 5925] chdir("./file0" [pid 5920] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5916] +++ exited with 0 +++ [pid 5915] +++ exited with 0 +++ [pid 5934] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5925] <... chdir resumed>) = 0 [ 108.418014][ T27] kauditd_printk_skb: 13 callbacks suppressed [ 108.418032][ T27] audit: type=1800 audit(1678856059.815:192): pid=5916 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop0" ino=19 res=0 errno=0 [pid 5934] <... prctl resumed>) = 0 [pid 5933] <... write resumed>) = 1048576 [pid 5925] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5915, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5934] setpgid(0, 0 [pid 5925] <... futex resumed>) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5081] restart_syscall(<... resuming interrupted clone ...> [pid 5934] <... setpgid resumed>) = 0 [pid 5925] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... restart_syscall resumed>) = 0 [pid 5934] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] <... futex resumed>) = 0 [pid 5934] <... openat resumed>) = 3 [pid 5925] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5920] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5934] write(3, "1000", 4 [pid 5081] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5934] <... write resumed>) = 4 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5934] close(3 [pid 5081] <... openat resumed>) = 3 [pid 5925] <... openat resumed>) = 4 [pid 5081] fstat(3, [pid 5934] <... close resumed>) = 0 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5934] symlink("/dev/binderfs", "./binderfs" [pid 5925] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] getdents64(3, [pid 5934] <... symlink resumed>) = 0 [pid 5920] <... futex resumed>) = 0 [pid 5925] <... futex resumed>) = 1 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5934] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5934] <... futex resumed>) = 0 [pid 5925] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5920] <... futex resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5934] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5933] munmap(0x7f56517c2000, 1048576 [pid 5920] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] lstat("./31/binderfs", [pid 5934] <... mmap resumed>) = 0x7f5659bc2000 [pid 5933] <... munmap resumed>) = 0 [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5934] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5933] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5081] unlink("./31/binderfs" [pid 5934] <... mprotect resumed>) = 0 [pid 5933] <... openat resumed>) = 4 [pid 5081] <... unlink resumed>) = 0 [pid 5934] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5933] ioctl(4, LOOP_SET_FD, 3 [pid 5081] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5919] <... write resumed>) = 262144 [pid 5917] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5934] <... clone resumed>, parent_tid=[5935], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5935 [pid 5917] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5934] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5935 attached [pid 5934] <... futex resumed>) = 0 [pid 5921] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5919] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5934] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5917] <... mmap resumed>) = 0x7f56518a1000 [pid 5935] set_robust_list(0x7f5659be29e0, 24 [pid 5921] <... futex resumed>) = 1 [pid 5919] <... futex resumed>) = 0 [pid 5918] <... futex resumed>) = 0 [pid 5917] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 5935] <... set_robust_list resumed>) = 0 [pid 5921] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5919] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5917] <... mprotect resumed>) = 0 [pid 5935] memfd_create("syzkaller", 0 [pid 5921] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5918] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5917] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5933] <... ioctl resumed>) = 0 [pid 5925] <... write resumed>) = 262144 [pid 5935] <... memfd_create resumed>) = 3 [pid 5917] <... clone resumed>, parent_tid=[5936], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 5936 [pid 5935] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5933] close(3 [pid 5925] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... mmap resumed>) = 0x20000000 ./strace-static-x86_64: Process 5936 attached [pid 5935] <... mmap resumed>) = 0x7f56517c2000 [pid 5933] <... close resumed>) = 0 [pid 5925] <... futex resumed>) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5917] <... futex resumed>) = 0 [pid 5933] mkdir("./bus", 0777 [pid 5925] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5921] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5936] set_robust_list(0x7f56518c19e0, 24 [pid 5933] <... mkdir resumed>) = 0 [pid 5925] <... mmap resumed>) = 0x20000000 [pid 5920] <... futex resumed>) = 0 [pid 5917] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... futex resumed>) = 1 [pid 5918] <... futex resumed>) = 0 [pid 5936] <... set_robust_list resumed>) = 0 [pid 5933] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5925] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 108.523564][ T5933] loop4: detected capacity change from 0 to 2048 [ 108.538740][ T11] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5918] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5936] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5925] <... futex resumed>) = 0 [pid 5921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] <... futex resumed>) = 0 [pid 5925] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] <... futex resumed>) = 0 [pid 5925] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5920] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5936] <... mmap resumed>) = 0x20000000 [pid 5935] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5925] <... open resumed>) = 5 [pid 5921] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5918] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5925] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] <... futex resumed>) = 0 [pid 5925] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5920] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] <... mount resumed>) = 0 [pid 5925] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5925] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] <... futex resumed>) = 0 [pid 5925] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5920] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] <... open resumed>) = 6 [pid 5925] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5936] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] <... futex resumed>) = 0 [pid 5925] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5920] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... open resumed>) = 5 [pid 5917] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5936] <... futex resumed>) = 0 [pid 5917] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5936] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] <... write resumed>) = 262144 [pid 5921] <... futex resumed>) = 1 [pid 5919] <... futex resumed>) = 0 [pid 5918] <... futex resumed>) = 0 [pid 5917] <... futex resumed>) = 1 [pid 5925] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 5919] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5918] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [ 108.566904][ T11] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 108.572530][ T27] audit: type=1800 audit(1678856059.975:193): pid=5925 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop5" ino=19 res=0 errno=0 [ 108.580025][ T11] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 108.608824][ T11] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5917] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5935] <... write resumed>) = 1048576 [pid 5925] <... futex resumed>) = 1 [pid 5921] <... mount resumed>) = 0 [pid 5920] <... futex resumed>) = 0 [pid 5919] <... open resumed>) = 5 [pid 5918] <... futex resumed>) = 0 [pid 5925] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] exit_group(0 [pid 5925] <... futex resumed>) = ? [pid 5920] <... exit_group resumed>) = ? [pid 5935] munmap(0x7f56517c2000, 1048576 [pid 5925] +++ exited with 0 +++ [pid 5921] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] +++ exited with 0 +++ [pid 5919] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5920, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5935] <... munmap resumed>) = 0 [pid 5921] <... futex resumed>) = 0 [pid 5919] <... futex resumed>) = 1 [pid 5918] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5917] <... futex resumed>) = 0 [pid 5086] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5086] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./32/binderfs" [ 108.640826][ T5933] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/31/bus supports timestamps until 2038 (0x7fffffff) [ 108.641415][ T11] EXT4-fs (loop0): This should not happen!! Data will be lost [ 108.641415][ T11] [ 108.664449][ T11] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5935] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5921] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5919] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5918] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... unlink resumed>) = 0 [pid 5935] <... openat resumed>) = 4 [pid 5933] <... mount resumed>) = 0 [pid 5921] <... open resumed>) = 6 [pid 5935] ioctl(4, LOOP_SET_FD, 3 [ 108.680030][ T11] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 108.691531][ T27] audit: type=1800 audit(1678856060.035:194): pid=5921 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop2" ino=19 res=0 errno=0 [ 108.724518][ T75] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5933] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5921] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... mount resumed>) = 0 [pid 5918] <... futex resumed>) = 0 [pid 5917] <... futex resumed>) = 0 [pid 5086] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5933] <... openat resumed>) = 3 [pid 5921] <... futex resumed>) = 0 [pid 5917] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5918] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] chdir("./bus" [pid 5919] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] <... chdir resumed>) = 0 [pid 5933] ioctl(4, LOOP_CLR_FD) = 0 [pid 5933] close(4) = 0 [pid 5933] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5933] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] <... futex resumed>) = 0 [pid 5921] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5919] <... futex resumed>) = 0 [pid 5918] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5917] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5926] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] <... futex resumed>) = 0 [pid 5926] <... futex resumed>) = 1 [pid 5918] <... futex resumed>) = 1 [pid 5921] <... futex resumed>) = 0 [pid 5917] <... futex resumed>) = 0 [pid 5919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5933] chdir("./file0" [pid 5926] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5919] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5918] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5917] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] <... chdir resumed>) = 0 [pid 5933] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... open resumed>) = 6 [pid 5933] <... futex resumed>) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5919] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5919] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5933] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] <... futex resumed>) = 0 [pid 5933] <... futex resumed>) = 0 [pid 5926] <... futex resumed>) = 1 [pid 5917] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5926] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] <... futex resumed>) = 0 [pid 5917] <... futex resumed>) = 1 [pid 5919] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 108.736582][ T27] audit: type=1800 audit(1678856060.045:195): pid=5919 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop1" ino=19 res=0 errno=0 [ 108.764731][ T5935] loop3: detected capacity change from 0 to 2048 [ 108.782246][ T75] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5917] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] <... openat resumed>) = 4 [pid 5933] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5933] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5926] <... futex resumed>) = 0 [pid 5933] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5926] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5935] <... ioctl resumed>) = 0 [pid 5935] close(3) = 0 [pid 5935] mkdir("./bus", 0777) = 0 [pid 5935] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5918] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5933] <... write resumed>) = 262144 [pid 5921] <... write resumed>) = 262144 [pid 5917] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5081] <... umount2 resumed>) = 0 [pid 5933] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] exit_group(0 [pid 5081] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5933] <... futex resumed>) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5921] <... futex resumed>) = ? [pid 5918] <... exit_group resumed>) = ? [pid 5933] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] +++ exited with 0 +++ [pid 5919] <... write resumed>) = 262144 [pid 5919] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5926] <... futex resumed>) = 0 [pid 5918] +++ exited with 0 +++ [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5933] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5926] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] <... futex resumed>) = 0 [pid 5917] exit_group(0 [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5918, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5081] lstat("./31/bus", [pid 5919] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5933] <... mmap resumed>) = 0x20000000 [pid 5936] <... futex resumed>) = ? [pid 5933] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... futex resumed>) = ? [pid 5917] <... exit_group resumed>) = ? [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5936] +++ exited with 0 +++ [pid 5933] <... futex resumed>) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5919] +++ exited with 0 +++ [ 108.817253][ T75] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [pid 5933] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5926] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] +++ exited with 0 +++ [pid 5081] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5933] <... open resumed>) = 5 [pid 5926] <... futex resumed>) = 0 [pid 5083] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5917, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5933] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5081] <... openat resumed>) = 4 [pid 5083] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5933] <... futex resumed>) = 0 [pid 5926] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] fstat(4, [pid 5083] <... openat resumed>) = 3 [pid 5933] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 5926] <... futex resumed>) = 0 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5933] <... mount resumed>) = 0 [pid 5926] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] getdents64(4, [pid 5933] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] fstat(3, [pid 5082] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5933] <... futex resumed>) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5082] <... openat resumed>) = 3 [pid 5081] getdents64(4, [pid 5933] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 108.858847][ T75] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 108.872543][ T27] audit: type=1800 audit(1678856060.275:196): pid=5933 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop4" ino=19 res=0 errno=0 [ 108.874483][ T75] EXT4-fs (loop5): This should not happen!! Data will be lost [ 108.874483][ T75] [pid 5082] fstat(3, [pid 5926] <... futex resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5926] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5933] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] getdents64(3, [pid 5081] close(4 [pid 5933] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5082] getdents64(3, [pid 5081] <... close resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5933] <... open resumed>) = 6 [pid 5083] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] rmdir("./31/bus" [pid 5935] <... mount resumed>) = 0 [pid 5933] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5935] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5933] <... futex resumed>) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5083] lstat("./32/binderfs", [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] <... rmdir resumed>) = 0 [pid 5933] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] lstat("./32/binderfs", [pid 5081] getdents64(3, [pid 5933] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5926] <... futex resumed>) = 0 [pid 5083] unlink("./32/binderfs" [pid 5082] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5935] <... openat resumed>) = 3 [pid 5933] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5926] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... unlink resumed>) = 0 [pid 5082] unlink("./32/binderfs" [pid 5081] close(3 [pid 5935] chdir("./bus") = 0 [pid 5935] ioctl(4, LOOP_CLR_FD) = 0 [pid 5083] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [ 108.911351][ T5935] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/33/bus supports timestamps until 2038 (0x7fffffff) [ 108.926617][ T75] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 108.941387][ T75] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5935] close(4 [pid 5082] <... unlink resumed>) = 0 [pid 5081] <... close resumed>) = 0 [pid 5933] <... write resumed>) = 262144 [pid 5082] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] rmdir("./31" [pid 5935] <... close resumed>) = 0 [pid 5081] <... rmdir resumed>) = 0 [pid 5935] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] mkdir("./32", 0777 [pid 5935] <... futex resumed>) = 1 [pid 5934] <... futex resumed>) = 0 [pid 5933] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... mkdir resumed>) = 0 [pid 5935] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5934] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5935] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5934] <... futex resumed>) = 0 [pid 5081] <... openat resumed>) = 3 [pid 5935] chdir("./file0" [pid 5934] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5926] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5081] ioctl(3, LOOP_CLR_FD [pid 5935] <... chdir resumed>) = 0 [pid 5933] <... futex resumed>) = 0 [pid 5926] exit_group(0 [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [ 108.957946][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 108.981364][ T11] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 108.991489][ T11] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [pid 5935] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... exit_group resumed>) = ? [pid 5081] close(3 [pid 5935] <... futex resumed>) = 1 [pid 5934] <... futex resumed>) = 0 [pid 5933] +++ exited with 0 +++ [pid 5926] +++ exited with 0 +++ [pid 5081] <... close resumed>) = 0 [pid 5935] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5934] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5935] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5934] <... futex resumed>) = 0 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5926, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5935] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5934] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] restart_syscall(<... resuming interrupted clone ...> [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5941 [pid 5935] <... openat resumed>) = 4 [pid 5085] <... restart_syscall resumed>) = 0 [pid 5935] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5934] <... futex resumed>) = 0 [pid 5935] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5934] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5935] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5934] <... futex resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 109.003560][ T11] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 109.016481][ T11] EXT4-fs (loop2): This should not happen!! Data will be lost [ 109.016481][ T11] [ 109.025376][ T1062] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 109.027724][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 ./strace-static-x86_64: Process 5941 attached [pid 5935] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5934] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5941] set_robust_list(0x555556f1a5e0, 24 [pid 5085] <... openat resumed>) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5085] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5941] <... set_robust_list resumed>) = 0 [pid 5935] <... write resumed>) = 262144 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5941] chdir("./32" [pid 5085] lstat("./31/binderfs", [pid 5941] <... chdir resumed>) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5941] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5085] unlink("./31/binderfs" [pid 5941] <... prctl resumed>) = 0 [pid 5085] <... unlink resumed>) = 0 [pid 5941] setpgid(0, 0 [pid 5085] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5941] <... setpgid resumed>) = 0 [ 109.052848][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5941] write(3, "1000", 4) = 4 [pid 5935] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] close(3) = 0 [pid 5935] <... futex resumed>) = 1 [pid 5934] <... futex resumed>) = 0 [pid 5941] symlink("/dev/binderfs", "./binderfs" [pid 5935] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5934] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... symlink resumed>) = 0 [pid 5935] <... mmap resumed>) = 0x20000000 [pid 5934] <... futex resumed>) = 0 [pid 5941] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5934] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5941] <... futex resumed>) = 0 [pid 5935] <... futex resumed>) = 0 [pid 5934] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5935] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5934] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... mmap resumed>) = 0x7f5659bc2000 [pid 5935] <... open resumed>) = 5 [pid 5934] <... futex resumed>) = 0 [pid 5941] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5935] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5934] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5941] <... mprotect resumed>) = 0 [pid 5935] <... futex resumed>) = 0 [pid 5934] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5941] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5935] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 5934] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] <... mount resumed>) = 0 [pid 5934] <... futex resumed>) = 0 [pid 5941] <... clone resumed>, parent_tid=[5942], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5942 [pid 5935] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5934] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5941] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] <... futex resumed>) = 0 [pid 5934] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5941] <... futex resumed>) = 0 [ 109.083828][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 109.091422][ T1062] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5935] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5934] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5942 attached [pid 5941] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5935] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5934] <... futex resumed>) = 0 [pid 5942] set_robust_list(0x7f5659be29e0, 24 [pid 5935] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5934] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5942] <... set_robust_list resumed>) = 0 [pid 5935] <... open resumed>) = 6 [pid 5083] <... umount2 resumed>) = 0 [pid 5942] memfd_create("syzkaller", 0 [pid 5935] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... memfd_create resumed>) = 3 [pid 5935] <... futex resumed>) = 1 [pid 5934] <... futex resumed>) = 0 [pid 5942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5935] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5934] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = 0 [pid 5083] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5942] <... mmap resumed>) = 0x7f56517c2000 [pid 5935] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5934] <... futex resumed>) = 0 [pid 5942] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5935] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5934] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] lstat("./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5935] <... write resumed>) = 262144 [pid 5086] lstat("./32/bus", [pid 5083] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5935] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5934] <... futex resumed>) = 0 [pid 5935] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5934] exit_group(0 [pid 5935] <... futex resumed>) = ? [ 109.120200][ T27] audit: type=1800 audit(1678856060.525:197): pid=5935 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop3" ino=19 res=0 errno=0 [ 109.147226][ T11] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 109.157808][ T1062] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:6: mark_inode_dirty error [pid 5934] <... exit_group resumed>) = ? [pid 5935] +++ exited with 0 +++ [pid 5934] +++ exited with 0 +++ [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5934, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5084] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5084] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5084] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] getdents64(3, [pid 5086] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5084] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] lstat("./33/binderfs", [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5083] <... openat resumed>) = 4 [pid 5084] unlink("./33/binderfs") = 0 [ 109.173927][ T11] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 109.186963][ T1062] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 109.200296][ T11] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 109.213750][ T1062] EXT4-fs (loop1): This should not happen!! Data will be lost [ 109.213750][ T1062] [ 109.223822][ T11] EXT4-fs (loop4): This should not happen!! Data will be lost [ 109.223822][ T11] [pid 5084] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] fstat(4, [pid 5942] <... write resumed>) = 1048576 [pid 5086] <... openat resumed>) = 4 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] fstat(4, [pid 5083] getdents64(4, [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, [pid 5083] getdents64(4, [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5942] munmap(0x7f56517c2000, 1048576) = 0 [pid 5942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5942] ioctl(4, LOOP_SET_FD, 3 [pid 5086] getdents64(4, [ 109.224590][ T948] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 109.235273][ T1062] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 109.262526][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 109.273412][ T5942] loop0: detected capacity change from 0 to 2048 [pid 5083] close(4 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5083] <... close resumed>) = 0 [pid 5086] close(4 [pid 5083] rmdir("./32/bus" [pid 5086] <... close resumed>) = 0 [pid 5083] <... rmdir resumed>) = 0 [pid 5086] rmdir("./32/bus" [pid 5083] getdents64(3, [pid 5086] <... rmdir resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5086] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5083] close(3 [pid 5086] close(3 [pid 5083] <... close resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5083] rmdir("./32" [pid 5086] rmdir("./32" [pid 5083] <... rmdir resumed>) = 0 [ 109.276104][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 109.295803][ T1062] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 109.315630][ T5123] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [pid 5086] <... rmdir resumed>) = 0 [pid 5083] mkdir("./33", 0777 [pid 5086] mkdir("./33", 0777 [pid 5083] <... mkdir resumed>) = 0 [pid 5942] <... ioctl resumed>) = 0 [pid 5942] close(3 [pid 5086] <... mkdir resumed>) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5083] <... openat resumed>) = 3 [pid 5082] <... umount2 resumed>) = 0 [pid 5942] <... close resumed>) = 0 [pid 5086] <... openat resumed>) = 3 [ 109.338065][ T948] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 109.373099][ T948] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [pid 5942] mkdir("./bus", 0777) = 0 [pid 5086] ioctl(3, LOOP_CLR_FD [pid 5083] ioctl(3, LOOP_CLR_FD [pid 5082] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5942] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5086] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] close(3 [pid 5083] close(3 [pid 5082] lstat("./32/bus", [pid 5086] <... close resumed>) = 0 [pid 5085] <... umount2 resumed>) = 0 [pid 5083] <... close resumed>) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5082] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 109.386006][ T948] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 109.399366][ T948] EXT4-fs (loop3): This should not happen!! Data will be lost [ 109.399366][ T948] [ 109.414337][ T948] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 5085] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 ./strace-static-x86_64: Process 5943 attached [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5943 [pid 5085] getdents64(4, [pid 5082] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5943] set_robust_list(0x555556f1a5e0, 24 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5944 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5085] close(4./strace-static-x86_64: Process 5944 attached [pid 5943] <... set_robust_list resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5082] openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5944] set_robust_list(0x555556f1a5e0, 24 [pid 5943] chdir("./33" [pid 5085] rmdir("./31/bus" [pid 5082] <... openat resumed>) = 4 [pid 5944] <... set_robust_list resumed>) = 0 [pid 5943] <... chdir resumed>) = 0 [pid 5085] <... rmdir resumed>) = 0 [pid 5084] <... umount2 resumed>) = 0 [pid 5082] fstat(4, [pid 5944] chdir("./33" [pid 5943] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5085] getdents64(3, [pid 5084] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5944] <... chdir resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5944] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5085] close(3 [pid 5944] <... prctl resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5944] setpgid(0, 0 [pid 5085] rmdir("./31" [pid 5944] <... setpgid resumed>) = 0 [pid 5085] <... rmdir resumed>) = 0 [pid 5944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5943] <... prctl resumed>) = 0 [ 109.428616][ T948] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 5085] mkdir("./32", 0777 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] getdents64(4, [pid 5944] <... openat resumed>) = 3 [pid 5943] setpgid(0, 0 [pid 5085] <... mkdir resumed>) = 0 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5944] write(3, "1000", 4 [pid 5943] <... setpgid resumed>) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5084] lstat("./33/bus", [pid 5082] getdents64(4, [pid 5943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5944] <... write resumed>) = 4 [pid 5943] <... openat resumed>) = 3 [pid 5085] <... openat resumed>) = 3 [pid 5084] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] close(4 [pid 5943] write(3, "1000", 4 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... close resumed>) = 0 [pid 5943] <... write resumed>) = 4 [pid 5084] openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] rmdir("./32/bus" [pid 5944] close(3 [pid 5943] close(3 [pid 5942] <... mount resumed>) = 0 [pid 5085] ioctl(3, LOOP_CLR_FD [pid 5084] <... openat resumed>) = 4 [pid 5082] <... rmdir resumed>) = 0 [pid 5944] <... close resumed>) = 0 [pid 5943] <... close resumed>) = 0 [pid 5942] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5084] fstat(4, [pid 5082] getdents64(3, [pid 5944] symlink("/dev/binderfs", "./binderfs" [pid 5943] symlink("/dev/binderfs", "./binderfs" [pid 5942] <... openat resumed>) = 3 [pid 5085] close(3 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5944] <... symlink resumed>) = 0 [pid 5943] <... symlink resumed>) = 0 [pid 5942] chdir("./bus" [pid 5085] <... close resumed>) = 0 [pid 5942] <... chdir resumed>) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5942] ioctl(4, LOOP_CLR_FD) = 0 [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5948 [pid 5942] close(4) = 0 [pid 5942] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5941] <... futex resumed>) = 0 [pid 5942] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5941] <... futex resumed>) = 0 [pid 5942] chdir("./file0" [pid 5941] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5942] <... chdir resumed>) = 0 [pid 5942] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5941] <... futex resumed>) = 0 [pid 5942] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5941] <... futex resumed>) = 0 [pid 5942] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5941] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5944] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] getdents64(4, [pid 5082] close(3 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5944] <... futex resumed>) = 0 [pid 5082] <... close resumed>) = 0 [ 109.482826][ T5942] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/32/bus supports timestamps until 2038 (0x7fffffff) ./strace-static-x86_64: Process 5948 attached [pid 5944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5943] <... futex resumed>) = 0 [pid 5942] <... openat resumed>) = 4 [pid 5084] getdents64(4, [pid 5082] rmdir("./32") = 0 [pid 5944] <... mmap resumed>) = 0x7f5659bc2000 [pid 5943] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5942] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5084] close(4 [pid 5943] <... mmap resumed>) = 0x7f5659bc2000 [pid 5942] <... futex resumed>) = 1 [pid 5941] <... futex resumed>) = 0 [pid 5944] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5084] <... close resumed>) = 0 [pid 5082] mkdir("./33", 0777 [pid 5948] set_robust_list(0x555556f1a5e0, 24 [pid 5944] <... mprotect resumed>) = 0 [pid 5943] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5942] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] rmdir("./33/bus" [pid 5082] <... mkdir resumed>) = 0 [pid 5948] <... set_robust_list resumed>) = 0 [pid 5944] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5943] <... mprotect resumed>) = 0 [pid 5942] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5941] <... futex resumed>) = 0 [pid 5084] <... rmdir resumed>) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5948] chdir("./32" [pid 5943] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5942] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5941] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] getdents64(3, [pid 5082] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5950 attached ./strace-static-x86_64: Process 5949 attached [pid 5948] <... chdir resumed>) = 0 [pid 5944] <... clone resumed>, parent_tid=[5949], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5949 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] ioctl(3, LOOP_CLR_FD [pid 5950] set_robust_list(0x7f5659be29e0, 24 [pid 5949] set_robust_list(0x7f5659be29e0, 24 [pid 5944] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... clone resumed>, parent_tid=[5950], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5950 [pid 5084] close(3 [pid 5950] <... set_robust_list resumed>) = 0 [pid 5949] <... set_robust_list resumed>) = 0 [pid 5948] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5944] <... futex resumed>) = 0 [pid 5943] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... close resumed>) = 0 [pid 5082] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5950] memfd_create("syzkaller", 0 [pid 5949] memfd_create("syzkaller", 0 [pid 5948] <... prctl resumed>) = 0 [pid 5944] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5943] <... futex resumed>) = 0 [pid 5084] rmdir("./33" [pid 5082] close(3 [pid 5950] <... memfd_create resumed>) = 3 [pid 5949] <... memfd_create resumed>) = 3 [pid 5948] setpgid(0, 0 [pid 5943] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5084] <... rmdir resumed>) = 0 [pid 5082] <... close resumed>) = 0 [pid 5948] <... setpgid resumed>) = 0 [pid 5084] mkdir("./34", 0777 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5084] <... mkdir resumed>) = 0 [pid 5948] <... openat resumed>) = 3 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5951 [pid 5950] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5948] write(3, "1000", 4 [pid 5942] <... write resumed>) = 262144 [pid 5084] <... openat resumed>) = 3 [pid 5950] <... mmap resumed>) = 0x7f56517c2000 [pid 5949] <... mmap resumed>) = 0x7f56517c2000 [pid 5948] <... write resumed>) = 4 [pid 5084] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5951 attached [pid 5950] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5942] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] set_robust_list(0x555556f1a5e0, 24 [pid 5942] <... futex resumed>) = 1 [pid 5941] <... futex resumed>) = 0 [pid 5951] <... set_robust_list resumed>) = 0 [pid 5942] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5941] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] chdir("./33" [pid 5942] <... mmap resumed>) = 0x20000000 [pid 5941] <... futex resumed>) = 0 [pid 5951] <... chdir resumed>) = 0 [pid 5941] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5942] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... prctl resumed>) = 0 [pid 5942] <... futex resumed>) = 1 [pid 5941] <... futex resumed>) = 0 [pid 5951] setpgid(0, 0 [pid 5942] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5941] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... setpgid resumed>) = 0 [pid 5950] <... write resumed>) = 1048576 [pid 5949] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5948] close(3 [pid 5941] <... futex resumed>) = 0 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5950] munmap(0x7f56517c2000, 1048576 [pid 5942] <... open resumed>) = 5 [pid 5941] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] <... openat resumed>) = 3 [pid 5948] <... close resumed>) = 0 [pid 5942] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] close(3 [pid 5951] write(3, "1000", 4 [pid 5948] symlink("/dev/binderfs", "./binderfs" [pid 5942] <... futex resumed>) = 0 [pid 5941] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... close resumed>) = 0 [pid 5951] <... write resumed>) = 4 [pid 5942] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5941] <... futex resumed>) = 0 [pid 5951] close(3 [pid 5942] <... mount resumed>) = 0 [pid 5941] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] <... close resumed>) = 0 [pid 5942] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5951] symlink("/dev/binderfs", "./binderfs" [pid 5942] <... futex resumed>) = 0 [pid 5941] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... symlink resumed>) = 0 [pid 5950] <... munmap resumed>) = 0 [pid 5949] <... write resumed>) = 1048576 [pid 5948] <... symlink resumed>) = 0 [pid 5942] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5941] <... futex resumed>) = 0 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5951] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5949] munmap(0x7f56517c2000, 1048576 [pid 5948] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... open resumed>) = 6 [pid 5941] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] <... futex resumed>) = 0 [pid 5950] <... openat resumed>) = 4 [pid 5949] <... munmap resumed>) = 0 [pid 5942] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5951] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5950] ioctl(4, LOOP_SET_FD, 3 [pid 5949] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5948] <... futex resumed>) = 0 [pid 5942] <... futex resumed>) = 0 [pid 5941] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... mmap resumed>) = 0x7f5659bc2000 [pid 5949] <... openat resumed>) = 4 [pid 5942] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5941] <... futex resumed>) = 0 [pid 5951] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [ 109.610911][ T27] audit: type=1800 audit(1678856061.015:198): pid=5942 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop0" ino=19 res=0 errno=0 [ 109.647463][ T5950] loop5: detected capacity change from 0 to 2048 [pid 5949] ioctl(4, LOOP_SET_FD, 3 [pid 5948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5941] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5952 ./strace-static-x86_64: Process 5952 attached [pid 5951] <... mprotect resumed>) = 0 [pid 5950] <... ioctl resumed>) = 0 [pid 5948] <... mmap resumed>) = 0x7f5659bc2000 [pid 5942] <... write resumed>) = 262144 [pid 5952] set_robust_list(0x555556f1a5e0, 24 [pid 5951] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5950] close(3 [pid 5949] <... ioctl resumed>) = 0 [pid 5948] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5942] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] <... set_robust_list resumed>) = 0 [pid 5950] <... close resumed>) = 0 [pid 5948] <... mprotect resumed>) = 0 [pid 5942] <... futex resumed>) = 1 [pid 5952] chdir("./34" [pid 5950] mkdir("./bus", 0777 [pid 5948] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5942] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5954 attached ./strace-static-x86_64: Process 5953 attached [pid 5952] <... chdir resumed>) = 0 [pid 5950] <... mkdir resumed>) = 0 [pid 5949] close(3 [pid 5952] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5950] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5948] <... clone resumed>, parent_tid=[5954], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5954 [pid 5941] exit_group(0 [pid 5951] <... clone resumed>, parent_tid=[5953], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5953 [pid 5954] set_robust_list(0x7f5659be29e0, 24 [pid 5953] set_robust_list(0x7f5659be29e0, 24 [pid 5952] <... prctl resumed>) = 0 [pid 5951] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... close resumed>) = 0 [pid 5948] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = ? [pid 5941] <... exit_group resumed>) = ? [pid 5954] <... set_robust_list resumed>) = 0 [pid 5953] <... set_robust_list resumed>) = 0 [pid 5952] setpgid(0, 0 [pid 5951] <... futex resumed>) = 0 [pid 5949] mkdir("./bus", 0777 [pid 5948] <... futex resumed>) = 0 [pid 5942] +++ exited with 0 +++ [pid 5954] memfd_create("syzkaller", 0 [pid 5953] memfd_create("syzkaller", 0 [pid 5952] <... setpgid resumed>) = 0 [pid 5951] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5949] <... mkdir resumed>) = 0 [pid 5948] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5941] +++ exited with 0 +++ [pid 5954] <... memfd_create resumed>) = 3 [pid 5953] <... memfd_create resumed>) = 3 [pid 5952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5949] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5952] <... openat resumed>) = 3 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5941, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5954] <... mmap resumed>) = 0x7f56517c2000 [pid 5953] <... mmap resumed>) = 0x7f56517c2000 [pid 5952] write(3, "1000", 4 [pid 5081] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5954] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5952] <... write resumed>) = 4 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5952] close(3 [pid 5081] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5953] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5081] <... openat resumed>) = 3 [pid 5952] <... close resumed>) = 0 [pid 5081] fstat(3, [pid 5952] symlink("/dev/binderfs", "./binderfs" [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5952] <... symlink resumed>) = 0 [pid 5081] getdents64(3, [pid 5952] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5952] <... futex resumed>) = 0 [ 109.663833][ T5949] loop2: detected capacity change from 0 to 2048 [pid 5081] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5081] unlink("./32/binderfs") = 0 [pid 5081] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5953] <... write resumed>) = 1048576 [pid 5953] munmap(0x7f56517c2000, 1048576) = 0 [pid 5953] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5953] ioctl(4, LOOP_SET_FD, 3 [pid 5952] <... mmap resumed>) = 0x7f5659bc2000 [pid 5952] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5952] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5959 attached [pid 5959] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 5959] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] <... write resumed>) = 1048576 [pid 5954] munmap(0x7f56517c2000, 1048576) = 0 [ 109.725336][ T5950] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/33/bus supports timestamps until 2038 (0x7fffffff) [ 109.738397][ T948] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 109.739966][ T5953] loop1: detected capacity change from 0 to 2048 [ 109.752980][ T948] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5954] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5954] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5954] close(3) = 0 [pid 5954] mkdir("./bus", 0777) = 0 [pid 5954] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5952] <... clone resumed>, parent_tid=[5959], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5959 [pid 5952] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5959] <... futex resumed>) = 0 [pid 5952] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5959] memfd_create("syzkaller", 0) = 3 [pid 5959] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5950] <... mount resumed>) = 0 [pid 5950] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5950] chdir("./bus") = 0 [pid 5950] ioctl(4, LOOP_CLR_FD) = 0 [pid 5950] close(4 [pid 5959] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5949] <... mount resumed>) = 0 [pid 5953] <... ioctl resumed>) = 0 [pid 5949] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5953] close(3 [pid 5949] <... openat resumed>) = 3 [pid 5953] <... close resumed>) = 0 [pid 5949] chdir("./bus" [ 109.772569][ T5949] ext4 filesystem being mounted at /root/syzkaller.22hR0w/33/bus supports timestamps until 2038 (0x7fffffff) [ 109.779231][ T5954] loop4: detected capacity change from 0 to 2048 [ 109.785422][ T948] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [pid 5953] mkdir("./bus", 0777 [pid 5950] <... close resumed>) = 0 [pid 5950] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5950] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5943] <... futex resumed>) = 0 [pid 5943] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... futex resumed>) = 0 [pid 5943] <... futex resumed>) = 1 [pid 5950] chdir("./file0" [pid 5943] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5950] <... chdir resumed>) = 0 [pid 5950] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... chdir resumed>) = 0 [pid 5959] <... write resumed>) = 1048576 [pid 5950] <... futex resumed>) = 1 [pid 5943] <... futex resumed>) = 0 [pid 5943] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5943] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5950] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5959] munmap(0x7f56517c2000, 1048576) = 0 [pid 5959] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5959] ioctl(4, LOOP_SET_FD, 3 [pid 5954] <... mount resumed>) = 0 [pid 5953] <... mkdir resumed>) = 0 [pid 5950] <... openat resumed>) = 4 [pid 5949] ioctl(4, LOOP_CLR_FD [pid 5959] <... ioctl resumed>) = 0 [pid 5959] close(3) = 0 [pid 5959] mkdir("./bus", 0777) = 0 [ 109.834021][ T948] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 109.861404][ T5954] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/32/bus supports timestamps until 2038 (0x7fffffff) [ 109.865302][ T5959] loop3: detected capacity change from 0 to 2048 [pid 5959] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5954] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5954] chdir("./bus") = 0 [pid 5954] ioctl(4, LOOP_CLR_FD) = 0 [pid 5953] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5950] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... ioctl resumed>) = 0 [pid 5954] close(4 [pid 5950] <... futex resumed>) = 1 [pid 5943] <... futex resumed>) = 0 [pid 5954] <... close resumed>) = 0 [pid 5950] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5949] close(4 [pid 5943] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5954] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5950] <... write resumed>) = 262144 [pid 5949] <... close resumed>) = 0 [pid 5948] <... futex resumed>) = 0 [pid 5943] <... futex resumed>) = 0 [pid 5949] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5948] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] <... futex resumed>) = 0 [pid 5943] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] <... futex resumed>) = 0 [pid 5949] chdir("./file0" [pid 5948] <... futex resumed>) = 1 [pid 5944] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] chdir("./file0" [pid 5949] <... chdir resumed>) = 0 [pid 5948] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5944] <... futex resumed>) = 0 [pid 5954] <... chdir resumed>) = 0 [pid 5944] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] <... futex resumed>) = 1 [pid 5949] <... futex resumed>) = 1 [pid 5948] <... futex resumed>) = 0 [pid 5944] <... futex resumed>) = 0 [pid 5954] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5949] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5948] <... futex resumed>) = 0 [pid 5944] <... futex resumed>) = 0 [pid 5954] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5949] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5948] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5944] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] <... openat resumed>) = 4 [pid 5950] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5943] <... futex resumed>) = 0 [pid 5950] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5943] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5949] <... openat resumed>) = 4 [pid 5943] <... futex resumed>) = 0 [pid 5954] <... futex resumed>) = 1 [pid 5950] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5949] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = 0 [pid 5943] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5950] <... mmap resumed>) = 0x20000000 [pid 5949] <... futex resumed>) = 1 [ 109.876989][ T948] EXT4-fs (loop0): This should not happen!! Data will be lost [ 109.876989][ T948] [ 109.895458][ T948] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 109.921261][ T948] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 5948] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] <... futex resumed>) = 0 [pid 5954] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5950] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] <... futex resumed>) = 0 [pid 5944] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5950] <... futex resumed>) = 1 [pid 5949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5948] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5944] <... futex resumed>) = 0 [pid 5943] <... futex resumed>) = 0 [pid 5950] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5944] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5943] <... futex resumed>) = 0 [pid 5950] <... open resumed>) = 5 [pid 5949] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5943] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5950] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5950] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... umount2 resumed>) = 0 [pid 5081] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] lstat("./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5943] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5943] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... futex resumed>) = 0 [pid 5943] <... futex resumed>) = 1 [pid 5950] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5943] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5950] <... mount resumed>) = 0 [pid 5950] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5950] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5081] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5081] close(4) = 0 [pid 5081] rmdir("./32/bus") = 0 [pid 5081] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5081] close(3) = 0 [pid 5081] rmdir("./32") = 0 [pid 5081] mkdir("./33", 0777 [pid 5948] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5944] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5943] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5948] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5944] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5944] <... futex resumed>) = 0 [pid 5948] <... mmap resumed>) = 0x7f56518a1000 [pid 5944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5943] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... futex resumed>) = 0 [pid 5948] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 5943] <... futex resumed>) = 1 [pid 5950] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5944] <... mmap resumed>) = 0x7f56518a1000 [pid 5943] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5948] <... mprotect resumed>) = 0 [pid 5950] <... open resumed>) = 6 [pid 5944] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 5950] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] <... mprotect resumed>) = 0 [pid 5950] <... futex resumed>) = 1 [pid 5943] <... futex resumed>) = 0 [pid 5948] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5950] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5944] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5943] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5950] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5943] <... futex resumed>) = 0 [pid 5081] <... mkdir resumed>) = 0 [pid 5948] <... clone resumed>, parent_tid=[5967], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 5967 [pid 5944] <... clone resumed>, parent_tid=[5968], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 5968 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5081] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5081] close(3) = 0 [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5948] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5948] <... futex resumed>) = 0 [pid 5944] <... futex resumed>) = 0 [pid 5948] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5944] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5969 [pid 5954] <... write resumed>) = 262144 [pid 5954] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 109.972983][ T27] audit: type=1800 audit(1678856061.375:199): pid=5950 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop5" ino=19 res=0 errno=0 [ 109.995556][ T5953] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/33/bus supports timestamps until 2038 (0x7fffffff) [ 110.011080][ T5959] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/34/bus supports timestamps until 2038 (0x7fffffff) [pid 5954] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5967 attached ./strace-static-x86_64: Process 5968 attached ./strace-static-x86_64: Process 5969 attached [pid 5968] set_robust_list(0x7f56518c19e0, 24 [pid 5967] set_robust_list(0x7f56518c19e0, 24 [pid 5959] <... mount resumed>) = 0 [pid 5953] <... mount resumed>) = 0 [pid 5950] <... write resumed>) = 262144 [pid 5959] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5953] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5969] set_robust_list(0x555556f1a5e0, 24 [pid 5953] <... openat resumed>) = 3 [pid 5953] chdir("./bus" [pid 5969] <... set_robust_list resumed>) = 0 [pid 5959] <... openat resumed>) = 3 [pid 5953] <... chdir resumed>) = 0 [pid 5953] ioctl(4, LOOP_CLR_FD [pid 5959] chdir("./bus" [pid 5953] <... ioctl resumed>) = 0 [pid 5969] chdir("./33") = 0 [pid 5968] <... set_robust_list resumed>) = 0 [pid 5967] <... set_robust_list resumed>) = 0 [pid 5959] <... chdir resumed>) = 0 [pid 5953] close(4 [pid 5969] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5959] ioctl(4, LOOP_CLR_FD [pid 5953] <... close resumed>) = 0 [pid 5950] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5968] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5949] <... write resumed>) = 262144 [pid 5969] <... prctl resumed>) = 0 [pid 5959] <... ioctl resumed>) = 0 [pid 5953] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... futex resumed>) = 1 [pid 5949] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... futex resumed>) = 0 [pid 5969] setpgid(0, 0 [pid 5968] <... mmap resumed>) = 0x20000000 [pid 5967] <... mmap resumed>) = 0x20000000 [pid 5959] close(4 [pid 5953] <... futex resumed>) = 1 [pid 5951] <... futex resumed>) = 0 [pid 5950] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5949] <... futex resumed>) = 0 [pid 5948] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5944] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5943] exit_group(0 [pid 5969] <... setpgid resumed>) = 0 [pid 5968] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] <... close resumed>) = 0 [pid 5953] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5951] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... futex resumed>) = ? [pid 5949] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... exit_group resumed>) = ? [pid 5969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5968] <... futex resumed>) = 0 [pid 5967] <... futex resumed>) = 0 [pid 5959] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] <... futex resumed>) = 0 [pid 5953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5951] <... futex resumed>) = 0 [pid 5950] +++ exited with 0 +++ [pid 5949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5948] <... futex resumed>) = 1 [pid 5944] <... futex resumed>) = 0 [pid 5969] <... openat resumed>) = 3 [pid 5968] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5959] <... futex resumed>) = 1 [pid 5954] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5953] chdir("./file0" [pid 5952] <... futex resumed>) = 0 [pid 5951] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5948] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5944] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] +++ exited with 0 +++ [pid 5969] write(3, "1000", 4 [pid 5959] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] <... open resumed>) = 5 [pid 5953] <... chdir resumed>) = 0 [pid 5952] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... open resumed>) = 5 [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5943, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5969] <... write resumed>) = 4 [pid 5959] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5954] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] <... futex resumed>) = 0 [pid 5949] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5969] close(3 [pid 5959] chdir("./file0" [pid 5954] <... futex resumed>) = 1 [pid 5953] <... futex resumed>) = 1 [pid 5952] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] <... futex resumed>) = 0 [pid 5949] <... futex resumed>) = 1 [pid 5948] <... futex resumed>) = 0 [pid 5944] <... futex resumed>) = 0 [pid 5969] <... close resumed>) = 0 [pid 5959] <... chdir resumed>) = 0 [pid 5954] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5953] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5951] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5969] symlink("/dev/binderfs", "./binderfs" [pid 5959] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5951] <... futex resumed>) = 0 [pid 5949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5948] <... futex resumed>) = 0 [pid 5944] <... futex resumed>) = 0 [pid 5086] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5969] <... symlink resumed>) = 0 [pid 5959] <... futex resumed>) = 1 [pid 5954] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 5953] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5952] <... futex resumed>) = 0 [pid 5951] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 5948] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5944] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5969] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] <... mount resumed>) = 0 [pid 5953] <... openat resumed>) = 4 [pid 5952] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... mount resumed>) = 0 [pid 5086] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5969] <... futex resumed>) = 0 [pid 5959] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5954] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] <... futex resumed>) = 0 [pid 5949] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... openat resumed>) = 3 [pid 5969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5959] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5954] <... futex resumed>) = 1 [pid 5953] <... futex resumed>) = 1 [pid 5952] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] <... futex resumed>) = 0 [pid 5949] <... futex resumed>) = 1 [pid 5948] <... futex resumed>) = 0 [pid 5944] <... futex resumed>) = 0 [pid 5086] fstat(3, [pid 5969] <... mmap resumed>) = 0x7f5659bc2000 [pid 5954] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5953] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5951] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5969] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5954] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5951] <... futex resumed>) = 0 [pid 5949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5969] <... mprotect resumed>) = 0 [pid 5959] <... openat resumed>) = 4 [pid 5954] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5953] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5951] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5948] <... futex resumed>) = 0 [pid 5944] <... futex resumed>) = 0 [pid 5086] getdents64(3, [pid 5969] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5959] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] <... open resumed>) = 6 [pid 5953] <... write resumed>) = 262144 [pid 5949] <... open resumed>) = 6 [pid 5948] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5944] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5969] <... clone resumed>, parent_tid=[5970], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5970 [pid 5959] <... futex resumed>) = 1 [pid 5954] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... futex resumed>) = 0 [pid 5952] <... futex resumed>) = 0 [pid 5948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5944] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5969] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] <... futex resumed>) = 0 [pid 5952] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5969] <... futex resumed>) = 0 [ 110.116321][ T27] audit: type=1800 audit(1678856061.515:200): pid=5949 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop2" ino=19 res=0 errno=0 [pid 5959] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5954] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5953] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] <... futex resumed>) = 0 [pid 5949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5948] <... futex resumed>) = 0 [pid 5944] <... futex resumed>) = 0 [pid 5086] lstat("./33/binderfs", [pid 5969] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5959] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5953] <... futex resumed>) = 1 [pid 5951] <... futex resumed>) = 0 [pid 5949] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5953] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5952] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5944] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5953] <... mmap resumed>) = 0x20000000 [pid 5951] <... futex resumed>) = 0 [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5953] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] unlink("./33/binderfs" [pid 5953] <... futex resumed>) = 0 [pid 5951] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5949] <... write resumed>) = 262144 [pid 5953] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5951] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... unlink resumed>) = 0 [pid 5953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5951] <... futex resumed>) = 0 [pid 5949] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5953] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5951] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] <... write resumed>) = 262144 [pid 5953] <... open resumed>) = 5 [pid 5949] <... futex resumed>) = 1 [pid 5953] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5953] <... futex resumed>) = 1 [pid 5951] <... futex resumed>) = 0 [pid 5953] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5951] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5951] <... futex resumed>) = 0 [pid 5953] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5951] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5953] <... mount resumed>) = 0 [pid 5953] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5951] <... futex resumed>) = 0 [pid 5953] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5951] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5951] <... futex resumed>) = 0 [pid 5953] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5951] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5953] <... open resumed>) = 6 [pid 5953] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5951] <... futex resumed>) = 0 [pid 5953] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5951] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5951] <... futex resumed>) = 0 [pid 5953] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5951] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5959] <... write resumed>) = 262144 [pid 5944] <... futex resumed>) = 0 [pid 5944] exit_group(0./strace-static-x86_64: Process 5970 attached [pid 5949] <... futex resumed>) = ? [pid 5944] <... exit_group resumed>) = ? [pid 5970] set_robust_list(0x7f5659be29e0, 24 [pid 5959] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] +++ exited with 0 +++ [pid 5970] <... set_robust_list resumed>) = 0 [pid 5959] <... futex resumed>) = 1 [pid 5952] <... futex resumed>) = 0 [pid 5970] memfd_create("syzkaller", 0 [pid 5959] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5952] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5970] <... memfd_create resumed>) = 3 [pid 5968] <... futex resumed>) = ? [pid 5959] <... mmap resumed>) = 0x20000000 [pid 5952] <... futex resumed>) = 0 [pid 5970] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5952] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5970] <... mmap resumed>) = 0x7f56517c2000 [pid 5959] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5970] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5959] <... futex resumed>) = 1 [pid 5953] <... write resumed>) = 262144 [pid 5952] <... futex resumed>) = 0 [pid 5959] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5953] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] <... open resumed>) = 5 [pid 5953] <... futex resumed>) = 1 [pid 5952] <... futex resumed>) = 0 [pid 5951] <... futex resumed>) = 0 [pid 5968] +++ exited with 0 +++ [pid 5944] +++ exited with 0 +++ [pid 5959] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 110.204894][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 110.209944][ T27] audit: type=1800 audit(1678856061.515:201): pid=5954 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop4" ino=19 res=0 errno=0 [pid 5952] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] exit_group(0 [pid 5948] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5959] <... futex resumed>) = 0 [pid 5954] <... futex resumed>) = 0 [pid 5953] <... futex resumed>) = ? [pid 5952] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5951] <... exit_group resumed>) = ? [pid 5959] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5953] +++ exited with 0 +++ [pid 5952] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] +++ exited with 0 +++ [pid 5959] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5952] <... futex resumed>) = 0 [pid 5959] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 5952] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5959] <... mount resumed>) = 0 [pid 5959] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5952] <... futex resumed>) = 0 [pid 5959] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5952] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5952] <... futex resumed>) = 0 [pid 5959] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5952] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5959] <... open resumed>) = 6 [pid 5959] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5952] <... futex resumed>) = 0 [pid 5959] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5952] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5952] <... futex resumed>) = 0 [pid 5959] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5952] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5948] exit_group(0 [pid 5954] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5944, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5967] <... futex resumed>) = ? [pid 5954] <... futex resumed>) = ? [pid 5948] <... exit_group resumed>) = ? [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5951, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5967] +++ exited with 0 +++ [pid 5954] +++ exited with 0 +++ [pid 5948] +++ exited with 0 +++ [pid 5083] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5948, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] <... openat resumed>) = 3 [pid 5082] <... openat resumed>) = 3 [pid 5085] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] fstat(3, [pid 5083] fstat(3, [pid 5085] <... openat resumed>) = 3 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] fstat(3, [pid 5082] getdents64(3, [pid 5083] getdents64(3, [pid 5959] <... write resumed>) = 262144 [pid 5959] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] getdents64(3, [pid 5083] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./33/binderfs", [pid 5085] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] lstat("./33/binderfs", [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5970] <... write resumed>) = 1048576 [pid 5959] <... futex resumed>) = 1 [pid 5952] <... futex resumed>) = 0 [pid 5085] lstat("./32/binderfs", [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] unlink("./33/binderfs" [pid 5959] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5952] exit_group(0 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5083] unlink("./33/binderfs" [pid 5959] <... futex resumed>) = ? [pid 5952] <... exit_group resumed>) = ? [pid 5085] unlink("./32/binderfs" [pid 5082] <... unlink resumed>) = 0 [pid 5959] +++ exited with 0 +++ [pid 5952] +++ exited with 0 +++ [pid 5083] <... unlink resumed>) = 0 [ 110.251811][ T1062] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 110.290445][ T1062] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:6: mark_inode_dirty error [pid 5085] <... unlink resumed>) = 0 [pid 5970] munmap(0x7f56517c2000, 1048576 [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5952, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5083] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5970] <... munmap resumed>) = 0 [ 110.308490][ T1062] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 110.322814][ T1062] EXT4-fs (loop5): This should not happen!! Data will be lost [ 110.322814][ T1062] [ 110.333046][ T948] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 5970] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5970] ioctl(4, LOOP_SET_FD, 3 [ 110.347808][ T11] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 110.348675][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 110.361320][ T75] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 110.374191][ T948] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 110.388673][ T11] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5084] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5084] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5084] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5970] <... ioctl resumed>) = 0 [pid 5970] close(3 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5970] <... close resumed>) = 0 [pid 5084] lstat("./34/binderfs", [pid 5970] mkdir("./bus", 0777 [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5970] <... mkdir resumed>) = 0 [pid 5084] unlink("./34/binderfs") = 0 [pid 5970] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [ 110.408202][ T5970] loop0: detected capacity change from 0 to 2048 [ 110.410285][ T75] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 110.415591][ T11] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 110.449523][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 110.460957][ T11] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 110.475780][ T948] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [ 110.479386][ T9] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 5084] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] <... umount2 resumed>) = 0 [pid 5086] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 110.488715][ T948] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 110.513631][ T75] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [ 110.533940][ T11] EXT4-fs (loop1): This should not happen!! Data will be lost [ 110.533940][ T11] [ 110.536632][ T75] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5086] lstat("./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./33/bus") = 0 [pid 5086] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./33") = 0 [pid 5086] mkdir("./34", 0777) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5086] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5086] close(3) = 0 [pid 5970] <... mount resumed>) = 0 [ 110.558052][ T9] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 110.570772][ T75] EXT4-fs (loop4): This should not happen!! Data will be lost [ 110.570772][ T75] [ 110.582118][ T5970] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/33/bus supports timestamps until 2038 (0x7fffffff) [ 110.593829][ T9] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5970] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5970] chdir("./bus") = 0 [pid 5970] ioctl(4, LOOP_CLR_FD) = 0 [pid 5970] close(4) = 0 [ 110.608184][ T9] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 110.616015][ T75] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 110.621521][ T9] EXT4-fs (loop3): This should not happen!! Data will be lost [ 110.621521][ T9] [ 110.644722][ T11] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5970] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5974 attached ) = 1 [pid 5969] <... futex resumed>) = 0 [pid 5970] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5969] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5970] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5969] <... futex resumed>) = 0 [pid 5970] chdir("./file0" [pid 5969] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5970] <... chdir resumed>) = 0 [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5974 [pid 5970] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5974] set_robust_list(0x555556f1a5e0, 24 [pid 5970] <... futex resumed>) = 1 [pid 5969] <... futex resumed>) = 0 [pid 5974] <... set_robust_list resumed>) = 0 [pid 5970] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5969] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5970] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5969] <... futex resumed>) = 0 [pid 5970] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5969] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5970] <... openat resumed>) = 4 [pid 5970] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5969] <... futex resumed>) = 0 [pid 5970] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5969] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5970] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5969] <... futex resumed>) = 0 [pid 5974] chdir("./34" [ 110.645141][ T9] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 110.672333][ T948] EXT4-fs (loop2): This should not happen!! Data will be lost [ 110.672333][ T948] [ 110.682204][ T9] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 5970] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5969] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5974] <... chdir resumed>) = 0 [pid 5974] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5970] <... write resumed>) = 262144 [pid 5970] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5969] <... futex resumed>) = 0 [pid 5969] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5970] <... futex resumed>) = 1 [pid 5969] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5970] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5974] setpgid(0, 0) = 0 [pid 5974] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [ 110.698279][ T948] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 110.712562][ T948] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 110.725928][ T75] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 110.743939][ T11] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5970] <... mmap resumed>) = 0x20000000 [pid 5974] <... openat resumed>) = 3 [pid 5974] write(3, "1000", 4) = 4 [pid 5974] close(3) = 0 [pid 5974] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5970] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5969] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5974] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... umount2 resumed>) = 0 [pid 5974] <... futex resumed>) = 0 [pid 5974] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5970] <... futex resumed>) = 0 [pid 5969] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5974] <... mmap resumed>) = 0x7f5659bc2000 [pid 5969] <... futex resumed>) = 0 [pid 5085] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5974] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5969] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5974] <... mprotect resumed>) = 0 [pid 5970] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5974] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5976], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5976 [pid 5974] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5974] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5970] <... open resumed>) = 5 [pid 5085] lstat("./32/bus", [pid 5970] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5976 attached ) = 1 [pid 5969] <... futex resumed>) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] <... umount2 resumed>) = 0 [pid 5976] set_robust_list(0x7f5659be29e0, 24 [pid 5970] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5969] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5969] <... futex resumed>) = 0 [pid 5969] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5976] <... set_robust_list resumed>) = 0 [pid 5970] <... mount resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5970] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5969] <... futex resumed>) = 0 [pid 5970] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5969] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5970] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5969] <... futex resumed>) = 0 [pid 5970] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5969] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... openat resumed>) = 4 [pid 5970] <... open resumed>) = 6 [pid 5085] fstat(4, [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... umount2 resumed>) = 0 [pid 5976] memfd_create("syzkaller", 0 [pid 5970] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] lstat("./34/bus", [pid 5970] <... futex resumed>) = 1 [pid 5969] <... futex resumed>) = 0 [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5976] <... memfd_create resumed>) = 3 [pid 5085] getdents64(4, [pid 5970] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5969] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5970] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5969] <... futex resumed>) = 0 [pid 5085] getdents64(4, [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./33/bus", [pid 5976] <... mmap resumed>) = 0x7f56517c2000 [pid 5970] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5969] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5084] openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] <... openat resumed>) = 4 [pid 5082] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] fstat(4, [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5084] getdents64(4, [pid 5082] <... openat resumed>) = 4 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5082] fstat(4, [pid 5084] getdents64(4, [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] getdents64(4, [pid 5084] close(4 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5085] close(4 [pid 5084] <... close resumed>) = 0 [pid 5082] getdents64(4, [pid 5085] <... close resumed>) = 0 [pid 5084] rmdir("./34/bus" [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5085] rmdir("./32/bus" [pid 5084] <... rmdir resumed>) = 0 [pid 5082] close(4 [pid 5084] getdents64(3, [pid 5082] <... close resumed>) = 0 [pid 5085] <... rmdir resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] rmdir("./33/bus" [pid 5085] getdents64(3, [pid 5084] close(3 [pid 5082] <... rmdir resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5084] <... close resumed>) = 0 [pid 5082] getdents64(3, [pid 5085] close(3 [pid 5084] rmdir("./34" [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5970] <... write resumed>) = 262144 [pid 5085] <... close resumed>) = 0 [pid 5084] <... rmdir resumed>) = 0 [pid 5083] <... umount2 resumed>) = 0 [pid 5082] close(3 [pid 5970] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] rmdir("./32" [pid 5084] mkdir("./35", 0777 [pid 5082] <... close resumed>) = 0 [pid 5083] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5970] <... futex resumed>) = 1 [pid 5969] <... futex resumed>) = 0 [pid 5085] <... rmdir resumed>) = 0 [pid 5084] <... mkdir resumed>) = 0 [pid 5082] rmdir("./33" [pid 5970] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5969] exit_group(0 [pid 5085] mkdir("./33", 0777 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... rmdir resumed>) = 0 [pid 5969] <... exit_group resumed>) = ? [pid 5084] <... openat resumed>) = 3 [pid 5082] mkdir("./34", 0777 [pid 5970] <... futex resumed>) = ? [pid 5085] <... mkdir resumed>) = 0 [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5083] lstat("./33/bus", [pid 5082] <... mkdir resumed>) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5085] <... openat resumed>) = 3 [pid 5084] close(3 [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... openat resumed>) = 3 [pid 5976] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5085] ioctl(3, LOOP_CLR_FD [pid 5084] <... close resumed>) = 0 [pid 5083] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] ioctl(3, LOOP_CLR_FD [pid 5970] +++ exited with 0 +++ [pid 5969] +++ exited with 0 +++ [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] close(3 [pid 5083] openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5085] <... close resumed>) = 0 [pid 5083] <... openat resumed>) = 4 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5969, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5083] fstat(4, [pid 5081] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5977 [pid 5083] getdents64(4, [pid 5081] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5082] close(3 [pid 5081] <... openat resumed>) = 3 [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5978 [pid 5083] getdents64(4, [pid 5081] fstat(3, [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] <... close resumed>) = 0 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] close(4 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5081] getdents64(3, [pid 5083] <... close resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 ./strace-static-x86_64: Process 5978 attached ./strace-static-x86_64: Process 5977 attached [pid 5083] rmdir("./33/bus" [pid 5081] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... rmdir resumed>) = 0 [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5979 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] getdents64(3, [pid 5081] lstat("./33/binderfs", [pid 5977] set_robust_list(0x555556f1a5e0, 24 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 ./strace-static-x86_64: Process 5979 attached [pid 5978] set_robust_list(0x555556f1a5e0, 24 [pid 5977] <... set_robust_list resumed>) = 0 [pid 5083] close(3 [pid 5081] unlink("./33/binderfs" [pid 5979] set_robust_list(0x555556f1a5e0, 24 [pid 5978] <... set_robust_list resumed>) = 0 [pid 5977] chdir("./33" [pid 5976] <... write resumed>) = 1048576 [pid 5083] <... close resumed>) = 0 [pid 5081] <... unlink resumed>) = 0 [pid 5979] <... set_robust_list resumed>) = 0 [pid 5978] chdir("./35" [pid 5977] <... chdir resumed>) = 0 [pid 5083] rmdir("./33" [pid 5081] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5979] chdir("./34" [pid 5978] <... chdir resumed>) = 0 [pid 5977] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5976] munmap(0x7f56517c2000, 1048576 [pid 5083] <... rmdir resumed>) = 0 [pid 5979] <... chdir resumed>) = 0 [pid 5978] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5977] <... prctl resumed>) = 0 [pid 5976] <... munmap resumed>) = 0 [pid 5083] mkdir("./34", 0777 [pid 5979] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5978] <... prctl resumed>) = 0 [pid 5977] setpgid(0, 0 [pid 5976] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5083] <... mkdir resumed>) = 0 [pid 5979] <... prctl resumed>) = 0 [pid 5978] setpgid(0, 0 [pid 5977] <... setpgid resumed>) = 0 [pid 5976] <... openat resumed>) = 4 [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5979] setpgid(0, 0 [pid 5978] <... setpgid resumed>) = 0 [pid 5977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5976] ioctl(4, LOOP_SET_FD, 3 [pid 5083] <... openat resumed>) = 3 [pid 5979] <... setpgid resumed>) = 0 [pid 5978] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5977] <... openat resumed>) = 3 [pid 5976] <... ioctl resumed>) = 0 [pid 5083] ioctl(3, LOOP_CLR_FD [pid 5979] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5978] <... openat resumed>) = 3 [pid 5977] write(3, "1000", 4 [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5979] <... openat resumed>) = 3 [pid 5978] write(3, "1000", 4 [pid 5977] <... write resumed>) = 4 [pid 5083] close(3 [pid 5979] write(3, "1000", 4 [pid 5978] <... write resumed>) = 4 [pid 5977] close(3 [pid 5083] <... close resumed>) = 0 [pid 5979] <... write resumed>) = 4 [pid 5978] close(3 [pid 5977] <... close resumed>) = 0 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 5980 [pid 5979] close(3 [pid 5978] <... close resumed>) = 0 [pid 5977] symlink("/dev/binderfs", "./binderfs" [pid 5979] <... close resumed>) = 0 [pid 5978] symlink("/dev/binderfs", "./binderfs" [ 110.946195][ T1062] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 110.970962][ T5976] loop5: detected capacity change from 0 to 2048 [pid 5976] close(3./strace-static-x86_64: Process 5980 attached [pid 5979] symlink("/dev/binderfs", "./binderfs" [pid 5977] <... symlink resumed>) = 0 [pid 5978] <... symlink resumed>) = 0 [pid 5976] <... close resumed>) = 0 [pid 5980] set_robust_list(0x555556f1a5e0, 24 [pid 5979] <... symlink resumed>) = 0 [pid 5978] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] mkdir("./bus", 0777 [pid 5980] <... set_robust_list resumed>) = 0 [pid 5979] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5976] <... mkdir resumed>) = 0 [pid 5980] chdir("./34" [pid 5979] <... futex resumed>) = 0 [pid 5978] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5976] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5980] <... chdir resumed>) = 0 [pid 5980] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5980] setpgid(0, 0) = 0 [pid 5980] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5980] write(3, "1000", 4) = 4 [pid 5980] close(3 [pid 5979] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5980] <... close resumed>) = 0 [pid 5979] <... mmap resumed>) = 0x7f5659bc2000 [pid 5978] <... mmap resumed>) = 0x7f5659bc2000 [pid 5977] <... mmap resumed>) = 0x7f5659bc2000 [pid 5980] symlink("/dev/binderfs", "./binderfs" [pid 5979] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5978] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5977] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5980] <... symlink resumed>) = 0 [pid 5979] <... mprotect resumed>) = 0 [pid 5980] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5979] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5978] <... mprotect resumed>) = 0 [pid 5977] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 5981 attached [pid 5980] <... futex resumed>) = 0 [pid 5978] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5977] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5981] set_robust_list(0x7f5659be29e0, 24 [pid 5979] <... clone resumed>, parent_tid=[5981], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5981 [pid 5981] <... set_robust_list resumed>) = 0 [pid 5979] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... clone resumed>, parent_tid=[5982], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5982 [pid 5977] <... clone resumed>, parent_tid=[5983], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5983 [pid 5981] memfd_create("syzkaller", 0 [pid 5979] <... futex resumed>) = 0 [pid 5978] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... memfd_create resumed>) = 3 [pid 5979] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5981] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5978] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5977] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5981] <... mmap resumed>) = 0x7f56517c2000 [ 110.992731][ T1062] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 111.027831][ T1062] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:6: mark_inode_dirty error [pid 5980] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 5983 attached ./strace-static-x86_64: Process 5982 attached [pid 5981] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5980] <... mmap resumed>) = 0x7f5659bc2000 [pid 5983] set_robust_list(0x7f5659be29e0, 24 [pid 5982] set_robust_list(0x7f5659be29e0, 24 [pid 5983] <... set_robust_list resumed>) = 0 [pid 5982] <... set_robust_list resumed>) = 0 [pid 5980] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5983] memfd_create("syzkaller", 0 [pid 5982] memfd_create("syzkaller", 0 [pid 5980] <... mprotect resumed>) = 0 [pid 5980] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5983] <... memfd_create resumed>) = 3 [pid 5982] <... memfd_create resumed>) = 3 [pid 5981] <... write resumed>) = 1048576 [pid 5981] munmap(0x7f56517c2000, 1048576) = 0 [pid 5981] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5981] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5981] close(3) = 0 [pid 5982] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [ 111.042111][ T1062] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 111.056670][ T1062] EXT4-fs (loop0): This should not happen!! Data will be lost [ 111.056670][ T1062] [ 111.072828][ T5976] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/34/bus supports timestamps until 2038 (0x7fffffff) [ 111.075919][ T5981] loop1: detected capacity change from 0 to 2048 [pid 5981] mkdir("./bus", 0777 [pid 5983] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5982] <... mmap resumed>) = 0x7f56517c2000 [pid 5981] <... mkdir resumed>) = 0 [pid 5983] <... mmap resumed>) = 0x7f56517c2000 [pid 5981] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5980] <... clone resumed>, parent_tid=[5986], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5986 ./strace-static-x86_64: Process 5986 attached [pid 5980] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... mount resumed>) = 0 [pid 5986] set_robust_list(0x7f5659be29e0, 24 [pid 5980] <... futex resumed>) = 0 [pid 5976] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5986] <... set_robust_list resumed>) = 0 [pid 5983] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5982] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5980] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5976] <... openat resumed>) = 3 [pid 5986] memfd_create("syzkaller", 0 [pid 5983] <... write resumed>) = 1048576 [pid 5976] chdir("./bus" [pid 5986] <... memfd_create resumed>) = 3 [pid 5976] <... chdir resumed>) = 0 [pid 5986] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5976] ioctl(4, LOOP_CLR_FD [pid 5986] <... mmap resumed>) = 0x7f56517c2000 [pid 5976] <... ioctl resumed>) = 0 [pid 5976] close(4) = 0 [pid 5976] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5976] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5976] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] <... futex resumed>) = 0 [pid 5983] munmap(0x7f56517c2000, 1048576 [pid 5982] <... write resumed>) = 1048576 [ 111.094936][ T1062] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 111.115766][ T1062] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [pid 5986] <... write resumed>) = 1048576 [pid 5983] <... munmap resumed>) = 0 [pid 5982] munmap(0x7f56517c2000, 1048576 [pid 5976] chdir("./file0" [pid 5974] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5983] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5982] <... munmap resumed>) = 0 [pid 5976] <... chdir resumed>) = 0 [pid 5986] munmap(0x7f56517c2000, 1048576 [pid 5983] <... openat resumed>) = 4 [pid 5982] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5976] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... munmap resumed>) = 0 [pid 5983] ioctl(4, LOOP_SET_FD, 3 [pid 5982] <... openat resumed>) = 4 [pid 5981] <... mount resumed>) = 0 [pid 5976] <... futex resumed>) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5986] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5981] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5976] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... openat resumed>) = 4 [pid 5982] ioctl(4, LOOP_SET_FD, 3 [pid 5981] <... openat resumed>) = 3 [pid 5976] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] <... futex resumed>) = 0 [pid 5986] ioctl(4, LOOP_SET_FD, 3 [pid 5981] chdir("./bus" [pid 5976] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5974] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5986] <... ioctl resumed>) = 0 [pid 5981] <... chdir resumed>) = 0 [pid 5976] <... openat resumed>) = 4 [pid 5981] ioctl(4, LOOP_CLR_FD [pid 5976] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... ioctl resumed>) = 0 [pid 5976] <... futex resumed>) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5981] close(4 [pid 5976] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... close resumed>) = 0 [pid 5976] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] <... futex resumed>) = 0 [pid 5981] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5974] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5986] close(3 [pid 5983] <... ioctl resumed>) = 0 [pid 5982] <... ioctl resumed>) = 0 [pid 5981] <... futex resumed>) = 1 [pid 5979] <... futex resumed>) = 0 [pid 5081] <... umount2 resumed>) = 0 [pid 5986] <... close resumed>) = 0 [pid 5983] close(3 [pid 5982] close(3 [pid 5981] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5979] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5986] mkdir("./bus", 0777 [pid 5983] <... close resumed>) = 0 [pid 5982] <... close resumed>) = 0 [pid 5981] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5979] <... futex resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5986] <... mkdir resumed>) = 0 [pid 5983] mkdir("./bus", 0777 [pid 5982] mkdir("./bus", 0777 [pid 5981] chdir("./file0" [pid 5979] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5976] <... write resumed>) = 262144 [ 111.178570][ T5981] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/34/bus supports timestamps until 2038 (0x7fffffff) [ 111.203388][ T5983] loop4: detected capacity change from 0 to 2048 [ 111.204492][ T5986] loop2: detected capacity change from 0 to 2048 [ 111.210922][ T5982] loop3: detected capacity change from 0 to 2048 [pid 5081] lstat("./33/bus", [pid 5986] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5983] <... mkdir resumed>) = 0 [pid 5982] <... mkdir resumed>) = 0 [pid 5981] <... chdir resumed>) = 0 [pid 5976] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5983] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5982] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5981] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5081] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5981] <... futex resumed>) = 1 [pid 5979] <... futex resumed>) = 0 [pid 5976] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5979] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] <... futex resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5981] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5979] <... futex resumed>) = 0 [pid 5976] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5974] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5981] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5979] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5976] <... mmap resumed>) = 0x20000000 [pid 5981] <... openat resumed>) = 4 [pid 5976] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... openat resumed>) = 4 [pid 5981] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5081] fstat(4, [pid 5981] <... futex resumed>) = 1 [pid 5979] <... futex resumed>) = 0 [pid 5976] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5981] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5979] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] <... futex resumed>) = 0 [pid 5981] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5979] <... futex resumed>) = 0 [pid 5976] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5974] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] getdents64(4, [pid 5981] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5979] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5976] <... open resumed>) = 5 [pid 5981] <... write resumed>) = 262144 [pid 5976] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5976] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5976] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] <... futex resumed>) = 0 [pid 5976] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5974] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] getdents64(4, [pid 5976] <... mount resumed>) = 0 [pid 5976] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5976] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] <... futex resumed>) = 0 [pid 5976] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5974] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5976] <... open resumed>) = 6 [pid 5976] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5976] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] <... futex resumed>) = 0 [pid 5976] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5974] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5986] <... mount resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5986] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5081] close(4 [pid 5976] <... write resumed>) = 262144 [pid 5081] <... close resumed>) = 0 [pid 5981] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... futex resumed>) = 1 [pid 5081] rmdir("./33/bus" [pid 5981] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5976] <... futex resumed>) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5979] <... futex resumed>) = 0 [pid 5974] exit_group(0 [pid 5081] <... rmdir resumed>) = 0 [pid 5976] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] <... mount resumed>) = 0 [pid 5979] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = ? [pid 5974] <... exit_group resumed>) = ? [pid 5081] getdents64(3, [pid 5979] <... futex resumed>) = 1 [pid 5979] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5986] <... openat resumed>) = 3 [pid 5986] chdir("./bus") = 0 [pid 5986] ioctl(4, LOOP_CLR_FD) = 0 [pid 5986] close(4) = 0 [pid 5983] <... mount resumed>) = 0 [pid 5982] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5981] <... futex resumed>) = 0 [pid 5976] +++ exited with 0 +++ [pid 5974] +++ exited with 0 +++ [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5986] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5982] <... openat resumed>) = 3 [pid 5981] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5974, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5081] close(3 [pid 5986] <... futex resumed>) = 1 [pid 5983] <... openat resumed>) = 3 [pid 5982] chdir("./bus" [pid 5981] <... mmap resumed>) = 0x20000000 [pid 5980] <... futex resumed>) = 0 [pid 5081] <... close resumed>) = 0 [pid 5986] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5983] chdir("./bus" [pid 5982] <... chdir resumed>) = 0 [pid 5981] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5980] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] rmdir("./33" [pid 5986] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5983] <... chdir resumed>) = 0 [pid 5982] ioctl(4, LOOP_CLR_FD [pid 5981] <... futex resumed>) = 1 [pid 5980] <... futex resumed>) = 0 [pid 5979] <... futex resumed>) = 0 [pid 5086] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... rmdir resumed>) = 0 [pid 5986] chdir("./file0" [pid 5983] ioctl(4, LOOP_CLR_FD [pid 5982] <... ioctl resumed>) = 0 [pid 5981] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] mkdir("./34", 0777 [pid 5986] <... chdir resumed>) = 0 [pid 5983] <... ioctl resumed>) = 0 [pid 5982] close(4 [pid 5981] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5979] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5081] <... mkdir resumed>) = 0 [pid 5986] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] close(4 [pid 5982] <... close resumed>) = 0 [pid 5981] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5086] <... openat resumed>) = 3 [ 111.276000][ T5986] ext4 filesystem being mounted at /root/syzkaller.22hR0w/34/bus supports timestamps until 2038 (0x7fffffff) [ 111.291346][ T5982] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/35/bus supports timestamps until 2038 (0x7fffffff) [ 111.312839][ T5983] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/33/bus supports timestamps until 2038 (0x7fffffff) [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5986] <... futex resumed>) = 1 [pid 5983] <... close resumed>) = 0 [pid 5982] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... open resumed>) = 5 [pid 5980] <... futex resumed>) = 0 [pid 5979] <... futex resumed>) = 0 [pid 5086] fstat(3, [pid 5081] <... openat resumed>) = 3 [pid 5986] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5983] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] <... futex resumed>) = 1 [pid 5981] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5980] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... futex resumed>) = 0 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] ioctl(3, LOOP_CLR_FD [pid 5986] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5983] <... futex resumed>) = 1 [pid 5982] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5981] <... futex resumed>) = 0 [pid 5980] <... futex resumed>) = 0 [pid 5979] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5978] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] <... futex resumed>) = 0 [pid 5086] getdents64(3, [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5986] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5983] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5981] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5979] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5978] <... futex resumed>) = 0 [pid 5977] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] close(3 [pid 5986] <... openat resumed>) = 4 [pid 5983] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5982] chdir("./file0" [pid 5979] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] <... futex resumed>) = 0 [pid 5086] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... close resumed>) = 0 [pid 5986] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] chdir("./file0" [pid 5982] <... chdir resumed>) = 0 [pid 5981] <... futex resumed>) = 0 [pid 5979] <... futex resumed>) = 1 [pid 5977] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5986] <... futex resumed>) = 1 [pid 5983] <... chdir resumed>) = 0 [pid 5982] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5980] <... futex resumed>) = 0 [pid 5979] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] lstat("./34/binderfs", [pid 5986] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5983] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] <... futex resumed>) = 1 [pid 5981] <... mount resumed>) = 0 [pid 5980] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... futex resumed>) = 0 [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5995 [pid 5986] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5983] <... futex resumed>) = 1 [pid 5982] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5981] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5980] <... futex resumed>) = 0 [pid 5978] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] <... futex resumed>) = 0 [pid 5086] unlink("./34/binderfs" [pid 5986] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5983] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5981] <... futex resumed>) = 1 [pid 5980] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5979] <... futex resumed>) = 0 [pid 5978] <... futex resumed>) = 0 [pid 5977] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... unlink resumed>) = 0 [pid 5986] <... write resumed>) = 262144 [pid 5983] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5982] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5981] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5979] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] <... futex resumed>) = 0 [pid 5086] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5995 attached [pid 5986] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5982] <... openat resumed>) = 4 [pid 5981] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5979] <... futex resumed>) = 0 [pid 5977] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5995] set_robust_list(0x555556f1a5e0, 24 [pid 5986] <... futex resumed>) = 1 [pid 5983] <... openat resumed>) = 4 [pid 5982] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5980] <... futex resumed>) = 0 [pid 5979] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5995] <... set_robust_list resumed>) = 0 [pid 5986] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5983] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] <... futex resumed>) = 1 [pid 5981] <... open resumed>) = 6 [pid 5980] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... futex resumed>) = 0 [pid 5995] chdir("./34" [pid 5986] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5983] <... futex resumed>) = 1 [pid 5982] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5981] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5980] <... futex resumed>) = 0 [pid 5978] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] <... futex resumed>) = 0 [pid 5995] <... chdir resumed>) = 0 [pid 5986] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5983] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5981] <... futex resumed>) = 1 [pid 5980] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5979] <... futex resumed>) = 0 [pid 5978] <... futex resumed>) = 0 [pid 5977] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5986] <... mmap resumed>) = 0x20000000 [pid 5983] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5982] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5981] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5979] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] <... futex resumed>) = 0 [pid 5995] <... prctl resumed>) = 0 [pid 5986] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5979] <... futex resumed>) = 0 [pid 5995] setpgid(0, 0 [pid 5986] <... futex resumed>) = 1 [pid 5979] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5995] <... setpgid resumed>) = 0 [pid 5986] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 111.395280][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [pid 5995] write(3, "1000", 4) = 4 [pid 5995] close(3) = 0 [pid 5995] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5981] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5977] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5995] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5980] <... futex resumed>) = 0 [pid 5995] <... futex resumed>) = 0 [pid 5995] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5995] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5995] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5996], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5996 [pid 5995] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5980] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5986] <... futex resumed>) = 0 [pid 5980] <... futex resumed>) = 1 [pid 5986] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5980] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5986] <... open resumed>) = 5 [pid 5986] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5980] <... futex resumed>) = 0 [pid 5986] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5980] <... futex resumed>) = 0 [pid 5986] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 5980] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5986] <... mount resumed>) = 0 [pid 5986] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5980] <... futex resumed>) = 0 [pid 5986] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5980] <... futex resumed>) = 0 [pid 5986] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5980] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5986] <... open resumed>) = 6 [pid 5986] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5980] <... futex resumed>) = 0 [pid 5986] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5980] <... futex resumed>) = 0 [pid 5986] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5980] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5996 attached [pid 5983] <... write resumed>) = 262144 [pid 5982] <... write resumed>) = 262144 [pid 5981] <... write resumed>) = 262144 [pid 5979] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5986] <... write resumed>) = 262144 [pid 5996] set_robust_list(0x7f5659be29e0, 24 [pid 5986] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... set_robust_list resumed>) = 0 [pid 5986] <... futex resumed>) = 1 [pid 5983] <... futex resumed>) = 1 [pid 5982] <... futex resumed>) = 1 [pid 5981] <... futex resumed>) = 0 [pid 5980] <... futex resumed>) = 0 [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5996] memfd_create("syzkaller", 0 [pid 5983] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5981] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5978] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... memfd_create resumed>) = 3 [pid 5983] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5982] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5983] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5982] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5978] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] <... mmap resumed>) = 0x7f56517c2000 [pid 5983] <... mmap resumed>) = 0x20000000 [pid 5982] <... mmap resumed>) = 0x20000000 [pid 5996] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5986] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5983] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5980] exit_group(0 [pid 5979] exit_group(0 [pid 5983] <... futex resumed>) = 1 [pid 5982] <... futex resumed>) = 1 [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5983] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5978] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5982] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5983] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5982] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5978] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5986] <... futex resumed>) = ? [pid 5983] <... open resumed>) = 5 [pid 5982] <... open resumed>) = 5 [pid 5981] <... futex resumed>) = ? [pid 5980] <... exit_group resumed>) = ? [pid 5979] <... exit_group resumed>) = ? [pid 5983] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] +++ exited with 0 +++ [pid 5983] <... futex resumed>) = 1 [pid 5982] <... futex resumed>) = 1 [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5983] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5978] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5982] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5983] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 5982] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 5978] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5986] +++ exited with 0 +++ [pid 5983] <... mount resumed>) = 0 [pid 5982] <... mount resumed>) = 0 [pid 5980] +++ exited with 0 +++ [pid 5983] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5980, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5983] <... futex resumed>) = 1 [pid 5982] <... futex resumed>) = 1 [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5983] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5978] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5982] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5083] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5983] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5982] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5978] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5996] <... write resumed>) = 1048576 [pid 5983] <... open resumed>) = 6 [pid 5982] <... open resumed>) = 6 [pid 5083] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5996] munmap(0x7f56517c2000, 1048576 [pid 5983] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... openat resumed>) = 3 [pid 5996] <... munmap resumed>) = 0 [pid 5983] <... futex resumed>) = 1 [pid 5982] <... futex resumed>) = 1 [pid 5979] +++ exited with 0 +++ [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5083] fstat(3, [pid 5996] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5983] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5978] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5979, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5996] <... openat resumed>) = 4 [pid 5983] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5982] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5083] getdents64(3, [ 111.496061][ T1062] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 111.507922][ T1062] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:6: mark_inode_dirty error [ 111.521769][ T1062] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 111.535543][ T1062] EXT4-fs (loop5): This should not happen!! Data will be lost [ 111.535543][ T1062] [pid 5996] ioctl(4, LOOP_SET_FD, 3 [pid 5983] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5982] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5978] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] lstat("./34/binderfs", [pid 5082] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] <... openat resumed>) = 3 [pid 5083] unlink("./34/binderfs" [pid 5082] fstat(3, [pid 5983] <... write resumed>) = 262144 [pid 5982] <... write resumed>) = 262144 [pid 5083] <... unlink resumed>) = 0 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5983] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [ 111.566692][ T5996] loop0: detected capacity change from 0 to 2048 [ 111.576066][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 111.600386][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [pid 5083] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] getdents64(3, [pid 5996] <... ioctl resumed>) = 0 [pid 5983] <... futex resumed>) = 1 [pid 5982] <... futex resumed>) = 1 [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5996] close(3) = 0 [pid 5996] mkdir("./bus", 0777) = 0 [pid 5996] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5983] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5978] exit_group(0 [pid 5977] exit_group(0 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5086] <... umount2 resumed>) = 0 [ 111.619632][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 111.635652][ T11] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 111.646103][ T11] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [pid 5086] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./34/bus", [pid 5978] <... exit_group resumed>) = ? [pid 5977] <... exit_group resumed>) = ? [pid 5082] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5983] <... futex resumed>) = ? [pid 5982] <... futex resumed>) = ? [pid 5983] +++ exited with 0 +++ [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5982] +++ exited with 0 +++ [pid 5978] +++ exited with 0 +++ [pid 5977] +++ exited with 0 +++ [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 111.659326][ T11] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 111.678415][ T11] EXT4-fs (loop2): This should not happen!! Data will be lost [ 111.678415][ T11] [ 111.679648][ T5996] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/34/bus supports timestamps until 2038 (0x7fffffff) [ 111.690284][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5086] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5977, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5978, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5082] lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] unlink("./34/binderfs" [pid 5085] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... unlink resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5084] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5085] <... openat resumed>) = 3 [pid 5084] <... openat resumed>) = 3 [pid 5085] fstat(3, [pid 5084] fstat(3, [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, [pid 5084] getdents64(3, [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5085] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./33/binderfs", [pid 5084] lstat("./35/binderfs", [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./33/binderfs" [pid 5084] unlink("./35/binderfs" [pid 5085] <... unlink resumed>) = 0 [pid 5084] <... unlink resumed>) = 0 [pid 5085] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5996] <... mount resumed>) = 0 [pid 5086] getdents64(4, [pid 5996] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5996] <... openat resumed>) = 3 [pid 5086] getdents64(4, [pid 5996] chdir("./bus" [pid 5086] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5996] <... chdir resumed>) = 0 [pid 5086] close(4 [pid 5996] ioctl(4, LOOP_CLR_FD [pid 5086] <... close resumed>) = 0 [pid 5996] <... ioctl resumed>) = 0 [pid 5086] rmdir("./34/bus" [pid 5996] close(4 [pid 5086] <... rmdir resumed>) = 0 [pid 5996] <... close resumed>) = 0 [pid 5086] getdents64(3, [pid 5996] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5996] <... futex resumed>) = 1 [pid 5995] <... futex resumed>) = 0 [pid 5086] close(3 [pid 5996] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... close resumed>) = 0 [pid 5996] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5995] <... futex resumed>) = 0 [pid 5086] rmdir("./34" [pid 5996] chdir("./file0" [pid 5995] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... rmdir resumed>) = 0 [ 111.713347][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 111.727305][ T1062] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 111.757582][ T948] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 5086] mkdir("./35", 0777 [pid 5996] <... chdir resumed>) = 0 [pid 5086] <... mkdir resumed>) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5086] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5086] close(3) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 5999 [pid 5996] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5995] <... futex resumed>) = 0 [pid 5995] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5995] <... futex resumed>) = 0 [pid 5995] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] <... openat resumed>) = 4 [pid 5996] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5995] <... futex resumed>) = 0 [pid 5996] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5995] <... futex resumed>) = 0 [pid 5996] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 111.771661][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 111.791153][ T1062] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5995] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] <... write resumed>) = 262144 ./strace-static-x86_64: Process 5999 attached [pid 5999] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 5999] chdir("./35") = 0 [pid 5999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5999] setpgid(0, 0) = 0 [pid 5999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] <... umount2 resumed>) = 0 [pid 5999] write(3, "1000", 4) = 4 [pid 5999] close(3) = 0 [pid 5999] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5999] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5999] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5999] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6000], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6000 [pid 5999] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5995] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... futex resumed>) = 0 [pid 5995] <... futex resumed>) = 0 [pid 5999] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5995] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5083] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5995] <... mmap resumed>) = 0x7f56518a1000 [pid 5995] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6000 attached [pid 5995] <... mprotect resumed>) = 0 [pid 5995] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5083] lstat("./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5996] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] <... clone resumed>, parent_tid=[6001], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 6001 [pid 5995] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5995] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] set_robust_list(0x7f5659be29e0, 24 [pid 5083] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6000] <... set_robust_list resumed>) = 0 [pid 6000] memfd_create("syzkaller", 0 [pid 5996] <... futex resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5996] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 6001 attached [pid 6000] <... memfd_create resumed>) = 3 [pid 6001] set_robust_list(0x7f56518c19e0, 24 [pid 6000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5083] <... openat resumed>) = 4 [pid 6001] <... set_robust_list resumed>) = 0 [pid 6000] <... mmap resumed>) = 0x7f56517c2000 [pid 6001] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5083] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5083] getdents64(4, [pid 6001] <... mmap resumed>) = 0x20000000 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6001] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] close(4 [pid 6001] <... futex resumed>) = 1 [pid 5995] <... futex resumed>) = 0 [pid 5083] <... close resumed>) = 0 [ 111.815863][ T11] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 111.816099][ T948] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 111.849032][ T11] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 111.895107][ T1062] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:6: mark_inode_dirty error [ 111.897083][ T948] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [ 111.919076][ T11] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 111.931787][ T1062] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 6001] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5995] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] rmdir("./34/bus" [pid 6000] <... write resumed>) = 1048576 [pid 5996] <... futex resumed>) = 0 [pid 5995] <... futex resumed>) = 1 [pid 5083] <... rmdir resumed>) = 0 [pid 5996] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5995] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] getdents64(3, [pid 5996] <... open resumed>) = 5 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5996] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] close(3 [pid 5996] <... futex resumed>) = 1 [pid 5995] <... futex resumed>) = 0 [pid 5083] <... close resumed>) = 0 [pid 5996] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] rmdir("./34" [pid 5996] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5995] <... futex resumed>) = 0 [pid 5083] <... rmdir resumed>) = 0 [pid 5996] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5995] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] mkdir("./35", 0777 [pid 5996] <... mount resumed>) = 0 [pid 5083] <... mkdir resumed>) = 0 [pid 5996] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5996] <... futex resumed>) = 1 [pid 5995] <... futex resumed>) = 0 [pid 5083] <... openat resumed>) = 3 [pid 5996] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] ioctl(3, LOOP_CLR_FD [pid 5996] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5995] <... futex resumed>) = 0 [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5996] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5995] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] close(3 [pid 5996] <... open resumed>) = 6 [pid 5083] <... close resumed>) = 0 [pid 5996] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6000] munmap(0x7f56517c2000, 1048576 [pid 5996] <... futex resumed>) = 1 [pid 5995] <... futex resumed>) = 0 [pid 6000] <... munmap resumed>) = 0 [pid 5996] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6002 [pid 6000] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5996] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5995] <... futex resumed>) = 0 [pid 6000] <... openat resumed>) = 4 [pid 5996] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5995] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6002 attached [pid 6002] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 6002] chdir("./35") = 0 [pid 6002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6002] setpgid(0, 0) = 0 [pid 6002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6002] write(3, "1000", 4) = 4 [pid 6002] close(3) = 0 [pid 6002] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6002] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6002] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6002] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5996] <... write resumed>) = 262144 [pid 6002] <... clone resumed>, parent_tid=[6003], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6003 [pid 5996] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6002] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6000] <... ioctl resumed>) = 0 [pid 6002] <... futex resumed>) = 0 [pid 6000] close(3 [pid 6002] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6000] <... close resumed>) = 0 [pid 5996] <... futex resumed>) = 1 [pid 5995] <... futex resumed>) = 0 [pid 6000] mkdir("./bus", 0777) = 0 [pid 5996] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] exit_group(0 [pid 6001] <... futex resumed>) = ? [pid 6000] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5996] <... futex resumed>) = ? [pid 5995] <... exit_group resumed>) = ? [pid 6001] +++ exited with 0 +++ [pid 5996] +++ exited with 0 +++ [ 111.944315][ T948] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 111.957512][ T1062] EXT4-fs (loop1): This should not happen!! Data will be lost [ 111.957512][ T1062] [ 111.968389][ T6000] loop5: detected capacity change from 0 to 2048 [ 111.968491][ T11] EXT4-fs (loop4): This should not happen!! Data will be lost [ 111.968491][ T11] [ 111.985202][ T948] EXT4-fs (loop3): This should not happen!! Data will be lost [ 111.985202][ T948] [pid 5995] +++ exited with 0 +++ ./strace-static-x86_64: Process 6003 attached [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5995, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 6003] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6003] memfd_create("syzkaller", 0) = 3 [pid 6003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5081] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6003] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5081] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5081] unlink("./34/binderfs") = 0 [pid 5081] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6003] <... write resumed>) = 1048576 [ 112.008132][ T1062] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 112.022236][ T948] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 112.037433][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 6003] munmap(0x7f56517c2000, 1048576) = 0 [pid 6003] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6003] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6003] close(3) = 0 [pid 6003] mkdir("./bus", 0777) = 0 [ 112.051142][ T75] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 112.063948][ T6003] loop2: detected capacity change from 0 to 2048 [ 112.073287][ T1062] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 112.074914][ T75] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6003] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6000] <... mount resumed>) = 0 [pid 6000] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6000] chdir("./bus") = 0 [pid 6000] ioctl(4, LOOP_CLR_FD) = 0 [pid 6000] close(4) = 0 [pid 6000] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6000] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5999] <... futex resumed>) = 0 [pid 5999] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6000] <... futex resumed>) = 0 [pid 5999] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] chdir("./file0") = 0 [pid 6000] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5999] <... futex resumed>) = 0 [pid 6000] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5999] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6000] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5999] <... futex resumed>) = 0 [pid 6000] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5999] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] <... openat resumed>) = 4 [pid 6000] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... futex resumed>) = 0 [pid 6000] <... futex resumed>) = 1 [pid 5999] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 112.086482][ T948] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 112.109631][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 112.111868][ T6000] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/35/bus supports timestamps until 2038 (0x7fffffff) [ 112.137690][ T75] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [pid 5999] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5085] <... umount2 resumed>) = 0 [pid 5085] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./33/bus") = 0 [pid 5085] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./33") = 0 [ 112.182349][ T75] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 112.207623][ T75] EXT4-fs (loop0): This should not happen!! Data will be lost [ 112.207623][ T75] [pid 5085] mkdir("./34", 0777) = 0 [pid 6000] <... write resumed>) = 262144 [pid 6000] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6000] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] <... umount2 resumed>) = 0 [pid 5082] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5082] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5082] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] close(4) = 0 [pid 5082] rmdir("./34/bus") = 0 [pid 5082] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] close(3) = 0 [pid 5082] rmdir("./34") = 0 [pid 5082] mkdir("./35", 0777) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5082] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5082] close(3) = 0 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 6008 ./strace-static-x86_64: Process 6008 attached [pid 6008] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 6008] chdir("./35") = 0 [pid 6008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6008] setpgid(0, 0) = 0 [pid 6008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5999] <... futex resumed>) = 0 [pid 5999] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... openat resumed>) = 3 [pid 6008] write(3, "1000", 4) = 4 [pid 6000] <... futex resumed>) = 0 [pid 5999] <... futex resumed>) = 1 [pid 6000] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5999] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6008] close(3 [pid 6003] <... mount resumed>) = 0 [pid 6000] <... mmap resumed>) = 0x20000000 [pid 6008] <... close resumed>) = 0 [pid 6000] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... openat resumed>) = 3 [pid 6000] <... futex resumed>) = 1 [pid 5999] <... futex resumed>) = 0 [pid 5085] ioctl(3, LOOP_CLR_FD [pid 6008] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6008] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6000] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5999] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6000] <... open resumed>) = 5 [pid 5999] <... futex resumed>) = 0 [pid 5999] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5999] <... futex resumed>) = 0 [pid 6000] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5999] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5999] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] <... mount resumed>) = 0 [pid 6000] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5999] <... futex resumed>) = 0 [pid 6000] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5999] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6000] <... open resumed>) = 6 [pid 5999] <... futex resumed>) = 0 [pid 5999] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] close(3 [pid 6000] <... futex resumed>) = 1 [pid 5999] <... futex resumed>) = 0 [pid 6000] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5999] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... close resumed>) = 0 [pid 5999] <... futex resumed>) = 0 [pid 5999] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6008] <... mmap resumed>) = 0x7f5659bc2000 [pid 6003] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6009 [pid 6003] <... openat resumed>) = 3 [pid 6003] chdir("./bus") = 0 [pid 6003] ioctl(4, LOOP_CLR_FD) = 0 [pid 6003] close(4) = 0 ./strace-static-x86_64: Process 6009 attached [pid 6003] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] set_robust_list(0x555556f1a5e0, 24 [pid 6003] <... futex resumed>) = 1 [pid 6002] <... futex resumed>) = 0 [pid 6009] <... set_robust_list resumed>) = 0 [pid 6003] chdir("./file0" [pid 6002] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] chdir("./34" [pid 6008] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6003] <... chdir resumed>) = 0 [pid 6002] <... futex resumed>) = 0 [pid 6008] <... mprotect resumed>) = 0 [pid 6002] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6008] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6000] <... write resumed>) = 262144 [pid 6000] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5999] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6010 attached [pid 6010] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6010] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6008] <... clone resumed>, parent_tid=[6010], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6010 [pid 6000] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5999] exit_group(0 [pid 6008] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... exit_group resumed>) = ? [pid 6010] <... futex resumed>) = 0 [pid 6008] <... futex resumed>) = 1 [pid 6000] <... futex resumed>) = ? [pid 6010] memfd_create("syzkaller", 0 [pid 6000] +++ exited with 0 +++ [pid 5999] +++ exited with 0 +++ [pid 6010] <... memfd_create resumed>) = 3 [pid 6010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6008] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6010] <... mmap resumed>) = 0x7f56517c2000 [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5999, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5086] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5086] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, [pid 6009] <... chdir resumed>) = 0 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6009] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5086] getdents64(3, [pid 6009] <... prctl resumed>) = 0 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6009] setpgid(0, 0 [pid 5086] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./35/binderfs" [pid 6009] <... setpgid resumed>) = 0 [pid 6009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5086] <... unlink resumed>) = 0 [pid 5086] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6009] <... openat resumed>) = 3 [pid 6009] write(3, "1000", 4) = 4 [pid 6009] close(3) = 0 [ 112.212213][ T6003] ext4 filesystem being mounted at /root/syzkaller.22hR0w/35/bus supports timestamps until 2038 (0x7fffffff) [ 112.243175][ T75] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 112.259343][ T75] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 6009] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6009] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6009] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6003] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... umount2 resumed>) = 0 [pid 6002] <... futex resumed>) = 0 [pid 6003] <... futex resumed>) = 1 [pid 6002] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6002] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6011], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6011 [pid 6003] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6009] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6009] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6003] <... openat resumed>) = 4 ./strace-static-x86_64: Process 6011 attached [pid 6010] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5084] <... umount2 resumed>) = 0 [pid 5081] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6011] set_robust_list(0x7f5659be29e0, 24 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6011] <... set_robust_list resumed>) = 0 [pid 5081] lstat("./34/bus", [pid 6011] memfd_create("syzkaller", 0 [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6011] <... memfd_create resumed>) = 3 [pid 6003] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6003] <... futex resumed>) = 1 [pid 6002] <... futex resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6011] <... mmap resumed>) = 0x7f56517c2000 [pid 6010] <... write resumed>) = 1048576 [pid 6003] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6002] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6011] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6010] munmap(0x7f56517c2000, 1048576 [pid 5084] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] lstat("./35/bus", [pid 6010] <... munmap resumed>) = 0 [pid 6002] <... futex resumed>) = 0 [pid 5081] <... openat resumed>) = 4 [pid 6010] openat(AT_FDCWD, "/dev/loop1", O_RDWR [ 112.342205][ T9] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 112.363656][ T9] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6002] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] fstat(4, [pid 6011] <... write resumed>) = 1048576 [pid 6010] <... openat resumed>) = 4 [pid 6003] <... write resumed>) = 262144 [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5084] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5084] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6010] ioctl(4, LOOP_SET_FD, 3 [pid 6003] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] close(4 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6003] <... futex resumed>) = 1 [pid 6002] <... futex resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 6011] munmap(0x7f56517c2000, 1048576 [pid 6010] <... ioctl resumed>) = 0 [pid 6003] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6002] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] rmdir("./35/bus" [pid 5081] getdents64(4, [pid 6011] <... munmap resumed>) = 0 [pid 6010] close(3 [pid 6003] <... mmap resumed>) = 0x20000000 [pid 6002] <... futex resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6011] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6010] <... close resumed>) = 0 [pid 6003] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6002] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] getdents64(4, [pid 6011] <... openat resumed>) = 4 [pid 6010] mkdir("./bus", 0777 [pid 6003] <... futex resumed>) = 0 [pid 6002] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] <... rmdir resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [ 112.408515][ T9] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [ 112.422679][ T6010] loop1: detected capacity change from 0 to 2048 [ 112.430402][ T9] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 6011] ioctl(4, LOOP_SET_FD, 3 [pid 6010] <... mkdir resumed>) = 0 [pid 6003] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6002] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] getdents64(3, [pid 5081] close(4 [pid 6010] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6003] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6002] <... futex resumed>) = 0 [pid 5081] <... close resumed>) = 0 [pid 6011] <... ioctl resumed>) = 0 [pid 6003] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6002] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5081] rmdir("./34/bus" [pid 6011] close(3 [pid 6003] <... open resumed>) = 5 [pid 5084] close(3 [pid 5081] <... rmdir resumed>) = 0 [pid 6011] <... close resumed>) = 0 [pid 6003] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] getdents64(3, [pid 6011] mkdir("./bus", 0777 [pid 6003] <... futex resumed>) = 1 [pid 6002] <... futex resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6011] <... mkdir resumed>) = 0 [pid 6003] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6002] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] close(3 [pid 6011] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6003] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6002] <... futex resumed>) = 0 [pid 5081] <... close resumed>) = 0 [ 112.456826][ T6011] loop4: detected capacity change from 0 to 2048 [ 112.464183][ T5123] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 112.479345][ T9] EXT4-fs (loop5): This should not happen!! Data will be lost [ 112.479345][ T9] [ 112.494046][ T6010] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/35/bus supports timestamps until 2038 (0x7fffffff) [pid 6003] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 6002] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... close resumed>) = 0 [pid 5081] rmdir("./34" [pid 6003] <... mount resumed>) = 0 [pid 5081] <... rmdir resumed>) = 0 [pid 6003] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] mkdir("./35", 0777 [pid 6003] <... futex resumed>) = 1 [pid 6002] <... futex resumed>) = 0 [pid 5081] <... mkdir resumed>) = 0 [pid 6003] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6002] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6003] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6002] <... futex resumed>) = 0 [pid 5081] <... openat resumed>) = 3 [pid 6003] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6002] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] ioctl(3, LOOP_CLR_FD [pid 6003] <... open resumed>) = 6 [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6003] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] close(3 [pid 6003] <... futex resumed>) = 1 [pid 6002] <... futex resumed>) = 0 [pid 5081] <... close resumed>) = 0 [pid 6003] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6002] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] rmdir("./35" [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6003] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6002] <... futex resumed>) = 0 [pid 6003] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6002] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6015 ./strace-static-x86_64: Process 6015 attached [pid 5084] <... rmdir resumed>) = 0 [pid 6015] set_robust_list(0x555556f1a5e0, 24 [pid 5084] mkdir("./36", 0777 [pid 6015] <... set_robust_list resumed>) = 0 [pid 6003] <... write resumed>) = 262144 [pid 6010] <... mount resumed>) = 0 [pid 5084] <... mkdir resumed>) = 0 [pid 6015] chdir("./35" [pid 6003] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6015] <... chdir resumed>) = 0 [pid 6003] <... futex resumed>) = 1 [pid 6002] <... futex resumed>) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6015] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6003] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6002] exit_group(0) = ? [pid 6010] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6003] <... futex resumed>) = ? [pid 6010] <... openat resumed>) = 3 [pid 6003] +++ exited with 0 +++ [pid 6002] +++ exited with 0 +++ [pid 6010] chdir("./bus") = 0 [pid 6010] ioctl(4, LOOP_CLR_FD) = 0 [pid 6010] close(4) = 0 [pid 6015] <... prctl resumed>) = 0 [pid 6010] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... openat resumed>) = 3 [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6002, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 6015] setpgid(0, 0 [pid 6010] <... futex resumed>) = 1 [pid 6008] <... futex resumed>) = 0 [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5083] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6015] <... setpgid resumed>) = 0 [pid 6008] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6010] chdir("./file0" [pid 6008] <... futex resumed>) = 0 [pid 5084] close(3 [pid 5083] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6015] <... openat resumed>) = 3 [pid 6010] <... chdir resumed>) = 0 [pid 6008] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... close resumed>) = 0 [pid 6015] write(3, "1000", 4 [pid 6010] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5083] <... openat resumed>) = 3 [pid 6015] <... write resumed>) = 4 [pid 6010] <... futex resumed>) = 0 [pid 6010] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6008] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6015] close(3 [pid 5083] fstat(3, [pid 6010] <... futex resumed>) = 0 [pid 6008] <... futex resumed>) = 1 [ 112.501698][ T9] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 112.539732][ T9] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 ./strace-static-x86_64: Process 6018 attached [pid 6015] <... close resumed>) = 0 [pid 6010] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6008] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6018 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6015] symlink("/dev/binderfs", "./binderfs" [pid 5086] <... umount2 resumed>) = 0 [pid 5083] getdents64(3, [pid 6015] <... symlink resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6015] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] <... openat resumed>) = 4 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6015] <... futex resumed>) = 0 [pid 5083] lstat("./35/binderfs", [pid 6015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6010] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6015] <... mmap resumed>) = 0x7f5659bc2000 [pid 6010] <... futex resumed>) = 1 [pid 6008] <... futex resumed>) = 0 [pid 5083] unlink("./35/binderfs" [pid 6015] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6010] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6008] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6015] <... mprotect resumed>) = 0 [pid 5083] <... unlink resumed>) = 0 [pid 6015] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6008] <... futex resumed>) = 0 [pid 6008] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6015] <... clone resumed>, parent_tid=[6019], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6019 [pid 6011] <... mount resumed>) = 0 [pid 6015] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6015] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6011] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6011] chdir("./bus" [pid 6018] set_robust_list(0x555556f1a5e0, 24 [pid 5086] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6018] <... set_robust_list resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6018] chdir("./36" [pid 5086] lstat("./35/bus", [pid 6018] <... chdir resumed>) = 0 [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 ./strace-static-x86_64: Process 6019 attached [pid 6018] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5086] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6018] <... prctl resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6019] set_robust_list(0x7f5659be29e0, 24 [pid 6018] setpgid(0, 0 [pid 6011] <... chdir resumed>) = 0 [pid 5086] openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6019] <... set_robust_list resumed>) = 0 [pid 6018] <... setpgid resumed>) = 0 [pid 6011] ioctl(4, LOOP_CLR_FD [pid 5086] <... openat resumed>) = 4 [pid 6018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6011] <... ioctl resumed>) = 0 [pid 5086] fstat(4, [pid 6019] memfd_create("syzkaller", 0 [pid 6011] close(4 [pid 6019] <... memfd_create resumed>) = 3 [pid 6018] <... openat resumed>) = 3 [pid 6011] <... close resumed>) = 0 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6018] write(3, "1000", 4 [pid 6011] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] getdents64(4, [pid 6019] <... mmap resumed>) = 0x7f56517c2000 [pid 6018] <... write resumed>) = 4 [pid 6011] <... futex resumed>) = 1 [pid 6009] <... futex resumed>) = 0 [pid 6018] close(3 [pid 6011] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6009] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] <... close resumed>) = 0 [pid 6011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6009] <... futex resumed>) = 0 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6018] symlink("/dev/binderfs", "./binderfs" [pid 6011] chdir("./file0" [pid 6009] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 112.598635][ T6011] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/34/bus supports timestamps until 2038 (0x7fffffff) [ 112.627950][ T9] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 5086] getdents64(4, [pid 6018] <... symlink resumed>) = 0 [pid 6011] <... chdir resumed>) = 0 [pid 6010] <... write resumed>) = 262144 [pid 6008] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5086] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6019] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6018] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] close(4 [pid 6018] <... futex resumed>) = 0 [pid 6011] <... futex resumed>) = 1 [pid 6009] <... futex resumed>) = 0 [pid 6008] <... futex resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 6018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6011] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6010] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5086] rmdir("./35/bus" [pid 6018] <... mmap resumed>) = 0x7f5659bc2000 [pid 6011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6009] <... futex resumed>) = 0 [pid 6008] <... mmap resumed>) = 0x7f56518a1000 [pid 5086] <... rmdir resumed>) = 0 [pid 6018] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6011] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6009] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6008] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 5086] getdents64(3, [pid 6018] <... mprotect resumed>) = 0 [pid 6011] <... openat resumed>) = 4 [pid 6008] <... mprotect resumed>) = 0 [pid 6019] <... write resumed>) = 1048576 [pid 6018] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6011] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] <... futex resumed>) = 0 [pid 6008] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [ 112.674350][ T9] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 112.687993][ T9] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [ 112.703404][ T9] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 112.716663][ T9] EXT4-fs (loop2): This should not happen!! Data will be lost [pid 6019] munmap(0x7f56517c2000, 1048576 [pid 6011] <... futex resumed>) = 1 [pid 6010] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6009] <... futex resumed>) = 0 [pid 5086] close(3./strace-static-x86_64: Process 6020 attached [pid 6020] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6020] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6011] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6009] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... close resumed>) = 0 [pid 6011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6008] <... clone resumed>, parent_tid=[6021], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 6021 [pid 6011] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6009] <... futex resumed>) = 0 [pid 6008] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] <... clone resumed>, parent_tid=[6020], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6020 [pid 5086] rmdir("./35" [pid 6019] <... munmap resumed>) = 0 [pid 6018] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6008] <... futex resumed>) = 0 [pid 5086] <... rmdir resumed>) = 0 [pid 6020] <... futex resumed>) = 0 [pid 6018] <... futex resumed>) = 1 [pid 6008] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6018] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5086] mkdir("./36", 0777 [pid 6020] memfd_create("syzkaller", 0) = 3 [pid 6020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5086] <... mkdir resumed>) = 0 [pid 6020] <... mmap resumed>) = 0x7f56517c2000 ./strace-static-x86_64: Process 6021 attached [pid 6019] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6019] <... openat resumed>) = 4 [pid 5086] <... openat resumed>) = 3 [pid 5086] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5086] close(3) = 0 [ 112.716663][ T9] [ 112.731411][ T9] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 6021] set_robust_list(0x7f56518c19e0, 24 [pid 6019] ioctl(4, LOOP_SET_FD, 3 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6020] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6022 ./strace-static-x86_64: Process 6022 attached [pid 6022] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 6022] chdir("./36") = 0 [pid 6022] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6022] setpgid(0, 0) = 0 [pid 6022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6022] write(3, "1000", 4) = 4 [pid 6022] close(3) = 0 [pid 6022] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6022] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6021] <... set_robust_list resumed>) = 0 [pid 6011] <... write resumed>) = 262144 [pid 6022] <... futex resumed>) = 0 [pid 6021] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6011] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6008] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6022] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6019] <... ioctl resumed>) = 0 [pid 6022] <... mmap resumed>) = 0x7f5659bc2000 [pid 6019] close(3 [pid 6022] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6019] <... close resumed>) = 0 [pid 6022] <... mprotect resumed>) = 0 [pid 6019] mkdir("./bus", 0777 [pid 6022] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6019] <... mkdir resumed>) = 0 [pid 6019] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6022] <... clone resumed>, parent_tid=[6023], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6023 [pid 6021] <... mmap resumed>) = 0x20000000 [pid 6011] <... futex resumed>) = 0 [pid 6009] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6022] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6021] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6010] <... futex resumed>) = 0 [pid 6009] <... futex resumed>) = 0 [pid 6008] <... futex resumed>) = 1 [pid 6022] <... futex resumed>) = 0 [pid 6021] <... futex resumed>) = 0 [pid 6022] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6023 attached [pid 6023] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6023] memfd_create("syzkaller", 0 [pid 6011] <... mmap resumed>) = 0x20000000 [pid 6010] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6009] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6008] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6021] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6011] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] <... memfd_create resumed>) = 3 [pid 6023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6010] <... open resumed>) = 5 [pid 6009] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6011] <... futex resumed>) = 0 [pid 6010] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6011] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6010] <... futex resumed>) = 1 [pid 6009] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6008] <... futex resumed>) = 0 [ 112.765350][ T6019] loop0: detected capacity change from 0 to 2048 [ 112.778901][ T9] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 6020] <... write resumed>) = 1048576 [pid 6011] <... open resumed>) = 5 [pid 6010] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6008] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6008] <... futex resumed>) = 0 [pid 6011] <... futex resumed>) = 1 [pid 6010] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 6009] <... futex resumed>) = 0 [pid 6008] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6020] munmap(0x7f56517c2000, 1048576 [pid 6011] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6010] <... mount resumed>) = 0 [pid 6009] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] <... write resumed>) = 1048576 [pid 6020] <... munmap resumed>) = 0 [pid 6019] <... mount resumed>) = 0 [pid 6011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6010] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] <... futex resumed>) = 0 [pid 5083] <... umount2 resumed>) = 0 [pid 6023] munmap(0x7f56517c2000, 1048576 [pid 6020] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6019] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6011] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 6010] <... futex resumed>) = 1 [pid 6009] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6008] <... futex resumed>) = 0 [pid 5083] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6023] <... munmap resumed>) = 0 [pid 6020] <... openat resumed>) = 4 [pid 6019] <... openat resumed>) = 3 [pid 6011] <... mount resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6010] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6023] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6020] ioctl(4, LOOP_SET_FD, 3 [pid 6019] chdir("./bus" [pid 6011] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6008] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] lstat("./35/bus", [pid 6023] <... openat resumed>) = 4 [pid 6019] <... chdir resumed>) = 0 [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6023] ioctl(4, LOOP_SET_FD, 3 [pid 6020] <... ioctl resumed>) = 0 [pid 6019] ioctl(4, LOOP_CLR_FD [pid 5083] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6020] close(3 [pid 6019] <... ioctl resumed>) = 0 [pid 6011] <... futex resumed>) = 1 [pid 6010] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6009] <... futex resumed>) = 0 [pid 6008] <... futex resumed>) = 0 [pid 6023] <... ioctl resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6023] close(3 [pid 6020] <... close resumed>) = 0 [pid 6019] close(4 [pid 5083] openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6023] <... close resumed>) = 0 [pid 6019] <... close resumed>) = 0 [pid 5083] <... openat resumed>) = 4 [pid 6023] mkdir("./bus", 0777 [pid 6019] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] fstat(4, [pid 6023] <... mkdir resumed>) = 0 [pid 6019] <... futex resumed>) = 1 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6023] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6019] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5083] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6011] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] close(4 [pid 6010] <... open resumed>) = 6 [pid 6009] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6015] <... futex resumed>) = 0 [pid 6008] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... close resumed>) = 0 [pid 6011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6015] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6010] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] <... futex resumed>) = 0 [pid 6008] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] rmdir("./35/bus" [pid 6019] <... futex resumed>) = 0 [pid 6015] <... futex resumed>) = 1 [pid 6011] <... open resumed>) = 6 [pid 6010] <... futex resumed>) = 0 [pid 6009] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6008] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... rmdir resumed>) = 0 [pid 6019] chdir("./file0" [pid 6015] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6011] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6008] <... futex resumed>) = 0 [pid 6020] mkdir("./bus", 0777 [pid 5083] getdents64(3, [pid 6008] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5083] close(3) = 0 [pid 5083] rmdir("./35") = 0 [pid 5083] mkdir("./36", 0777) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5083] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5083] close(3) = 0 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6020] <... mkdir resumed>) = 0 [pid 6019] <... chdir resumed>) = 0 [pid 6011] <... futex resumed>) = 1 [pid 6009] <... futex resumed>) = 0 [pid 6019] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6026 [pid 6019] <... futex resumed>) = 1 [pid 6015] <... futex resumed>) = 0 [pid 6011] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6009] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6019] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6015] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6009] <... futex resumed>) = 0 [pid 6019] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6019] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6015] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] <... openat resumed>) = 4 [ 112.834974][ T6019] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/35/bus supports timestamps until 2038 (0x7fffffff) [ 112.866050][ T6020] loop3: detected capacity change from 0 to 2048 [ 112.874631][ T6023] loop5: detected capacity change from 0 to 2048 [pid 6019] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] <... write resumed>) = 262144 [pid 6010] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6015] <... futex resumed>) = 0 [pid 6019] <... futex resumed>) = 1 [pid 6015] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] <... futex resumed>) = 1 [pid 6008] <... futex resumed>) = 0 [pid 6019] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6015] <... futex resumed>) = 0 [pid 6008] exit_group(0 [pid 6015] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6021] <... futex resumed>) = ? [pid 6008] <... exit_group resumed>) = ? [pid 6021] +++ exited with 0 +++ [pid 6010] +++ exited with 0 +++ [pid 6008] +++ exited with 0 +++ [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6008, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5082] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6026 attached ) = -1 EINVAL (Invalid argument) [pid 5082] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5082] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6026] set_robust_list(0x555556f1a5e0, 24 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./35/binderfs", [pid 6026] <... set_robust_list resumed>) = 0 [pid 5082] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6026] chdir("./36" [pid 5082] unlink("./35/binderfs" [pid 6026] <... chdir resumed>) = 0 [pid 6026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6026] setpgid(0, 0 [pid 5082] <... unlink resumed>) = 0 [pid 6026] <... setpgid resumed>) = 0 [pid 5082] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6026] write(3, "1000", 4) = 4 [pid 6026] close(3) = 0 [pid 6026] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6026] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6026] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6026] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6029], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6029 [pid 6026] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6029 attached [pid 6019] <... write resumed>) = 262144 [pid 6009] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6023] <... mount resumed>) = 0 [pid 6023] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6023] chdir("./bus") = 0 [pid 6023] ioctl(4, LOOP_CLR_FD) = 0 [pid 6023] close(4) = 0 [pid 6023] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6022] <... futex resumed>) = 0 [pid 6022] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6022] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6023] <... futex resumed>) = 1 [pid 6023] chdir("./file0") = 0 [pid 6023] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6022] <... futex resumed>) = 0 [pid 6022] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6022] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6023] <... futex resumed>) = 1 [pid 6023] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6029] set_robust_list(0x7f5659be29e0, 24 [pid 6019] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6015] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6029] <... set_robust_list resumed>) = 0 [pid 6019] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6015] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] <... write resumed>) = 262144 [pid 6029] memfd_create("syzkaller", 0 [pid 6015] <... futex resumed>) = 0 [pid 6011] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] <... mmap resumed>) = 0x20000000 [pid 6015] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6011] <... futex resumed>) = 0 [pid 6009] exit_group(0 [pid 6011] exit_group(0 [pid 6009] <... exit_group resumed>) = ? [pid 6011] +++ exited with 0 +++ [pid 6029] <... memfd_create resumed>) = 3 [pid 6029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6019] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6009, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 6019] <... futex resumed>) = 1 [pid 6015] <... futex resumed>) = 0 [ 112.937308][ T948] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 112.953865][ T6023] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/36/bus supports timestamps until 2038 (0x7fffffff) [ 112.966063][ T948] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6019] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6015] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6015] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] <... open resumed>) = 5 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6019] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... openat resumed>) = 3 [pid 6019] <... futex resumed>) = 1 [pid 6015] <... futex resumed>) = 0 [pid 5085] fstat(3, [pid 6015] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6019] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6015] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6019] <... mount resumed>) = 0 [pid 5085] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6022] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5085] lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./34/binderfs" [pid 6022] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6022] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5085] <... unlink resumed>) = 0 [pid 6022] <... mmap resumed>) = 0x7f56518a1000 [pid 6022] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 5085] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6022] <... mprotect resumed>) = 0 [pid 6022] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6032], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 6032 [pid 6022] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6022] <... futex resumed>) = 0 [pid 6019] <... futex resumed>) = 1 [pid 6015] <... futex resumed>) = 0 [pid 6022] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6015] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6015] <... futex resumed>) = 0 [ 112.991297][ T948] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [ 113.012322][ T6020] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/36/bus supports timestamps until 2038 (0x7fffffff) [pid 6019] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6015] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] <... open resumed>) = 6 [pid 6019] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6015] <... futex resumed>) = 0 [pid 6019] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6015] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6015] <... futex resumed>) = 0 [pid 6019] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6015] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6023] <... openat resumed>) = 4 [pid 6029] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6023] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6022] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6020] <... mount resumed>) = 0 [pid 6015] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 113.041099][ T46] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 113.073154][ T948] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 ./strace-static-x86_64: Process 6032 attached [pid 6023] <... futex resumed>) = 0 [pid 6022] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6023] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6022] <... futex resumed>) = 0 [pid 6020] <... openat resumed>) = 3 [pid 6032] set_robust_list(0x7f56518c19e0, 24 [pid 6023] <... mmap resumed>) = 0x20000000 [pid 6032] <... set_robust_list resumed>) = 0 [pid 6023] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] <... write resumed>) = 262144 [pid 6032] write(4, 0x20000040, 34136651 [pid 6023] <... futex resumed>) = 0 [pid 6022] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6020] chdir("./bus" [pid 6019] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] <... write resumed>) = -1 EFAULT (Bad address) [pid 6023] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6019] <... futex resumed>) = 0 [pid 6032] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6015] exit_group(0 [pid 6032] <... futex resumed>) = 0 [pid 6022] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6020] <... chdir resumed>) = 0 [pid 6019] <... futex resumed>) = ? [pid 6015] <... exit_group resumed>) = ? [ 113.086131][ T948] EXT4-fs (loop1): This should not happen!! Data will be lost [ 113.086131][ T948] [ 113.098012][ T948] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 113.113075][ T948] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 113.126874][ T46] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6032] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6022] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] ioctl(4, LOOP_CLR_FD [pid 6019] +++ exited with 0 +++ [pid 6015] +++ exited with 0 +++ [pid 6022] <... futex resumed>) = 1 [pid 6020] <... ioctl resumed>) = 0 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6015, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6023] <... futex resumed>) = 0 [pid 6023] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000c4} --- [pid 6022] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6020] close(4) = 0 [pid 6032] <... futex resumed>) = ? [pid 6029] <... write resumed>) = 1048576 [pid 6022] <... futex resumed>) = ? [pid 6020] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] +++ killed by SIGBUS +++ [pid 6029] munmap(0x7f56517c2000, 1048576 [pid 6023] +++ killed by SIGBUS +++ [pid 6022] +++ killed by SIGBUS +++ [pid 6020] <... futex resumed>) = 1 [pid 6018] <... futex resumed>) = 0 [pid 6029] <... munmap resumed>) = 0 [pid 6020] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6018] <... futex resumed>) = 0 [ 113.137102][ T46] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:3: mark_inode_dirty error [ 113.151092][ T46] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 113.163665][ T46] EXT4-fs (loop4): This should not happen!! Data will be lost [ 113.163665][ T46] [ 113.175007][ T46] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6022, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5081] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6029] <... openat resumed>) = 4 [pid 6020] chdir("./file0" [pid 6018] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6029] ioctl(4, LOOP_SET_FD, 3 [pid 6020] <... chdir resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6020] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5081] <... openat resumed>) = 3 [pid 6029] <... ioctl resumed>) = 0 [pid 6020] <... futex resumed>) = 1 [pid 6018] <... futex resumed>) = 0 [pid 5086] <... openat resumed>) = 3 [pid 6020] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] fstat(3, [pid 6020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6018] <... futex resumed>) = 0 [pid 5086] fstat(3, [pid 6029] close(3 [pid 6020] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6018] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6029] <... close resumed>) = 0 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6029] mkdir("./bus", 0777) = 0 [pid 6020] <... openat resumed>) = 4 [pid 5086] getdents64(3, [pid 5081] getdents64(3, [pid 6029] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6020] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./36/binderfs", [pid 6020] <... futex resumed>) = 1 [pid 6018] <... futex resumed>) = 0 [pid 5081] lstat("./35/binderfs", [pid 6018] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6020] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6018] <... futex resumed>) = 0 [pid 5086] unlink("./36/binderfs" [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6018] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... unlink resumed>) = 0 [pid 5081] unlink("./35/binderfs") = 0 [ 113.195847][ T46] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 113.213557][ T6029] loop2: detected capacity change from 0 to 2048 [pid 5086] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6020] <... write resumed>) = 262144 [pid 5082] <... umount2 resumed>) = 0 [pid 5082] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5082] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5082] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] close(4) = 0 [pid 5082] rmdir("./35/bus") = 0 [pid 5082] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] close(3) = 0 [pid 5082] rmdir("./35") = 0 [pid 5082] mkdir("./36", 0777) = 0 [pid 6020] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5085] <... umount2 resumed>) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5082] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5082] close(3 [pid 6020] <... futex resumed>) = 0 [pid 6018] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... close resumed>) = 0 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6020] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6018] <... futex resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6018] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6020] <... mmap resumed>) = 0x20000000 [pid 5085] lstat("./34/bus", [pid 6020] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 113.268483][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 113.285841][ T9] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 113.291082][ T6029] ext4 filesystem being mounted at /root/syzkaller.22hR0w/36/bus supports timestamps until 2038 (0x7fffffff) [ 113.305797][ T9] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [pid 6020] <... futex resumed>) = 1 [pid 6018] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = 0 [pid 5085] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6020] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6018] <... futex resumed>) = 0 [pid 5085] openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6020] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6018] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... openat resumed>) = 4 [pid 6020] <... open resumed>) = 5 [pid 5085] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6020] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] getdents64(4, [pid 6020] <... futex resumed>) = 1 [pid 6018] <... futex resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6020] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] getdents64(4, [pid 6020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6018] <... futex resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6020] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 6018] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] close(4 [pid 6020] <... mount resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 6020] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] rmdir("./34/bus" [pid 6020] <... futex resumed>) = 1 [pid 6018] <... futex resumed>) = 0 [pid 5085] <... rmdir resumed>) = 0 [pid 6020] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] getdents64(3, [pid 6020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6018] <... futex resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6020] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6018] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] close(3 [pid 6020] <... open resumed>) = 6 [pid 5085] <... close resumed>) = 0 [pid 6020] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] rmdir("./34" [pid 6029] <... mount resumed>) = 0 [pid 6020] <... futex resumed>) = 1 [ 113.336206][ T9] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 113.349599][ T9] EXT4-fs (loop0): This should not happen!! Data will be lost [ 113.349599][ T9] [ 113.362745][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 6018] <... futex resumed>) = 0 [pid 5086] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6035 attached [pid 6029] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6020] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] mkdir("./35", 0777 [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6035 [pid 6035] set_robust_list(0x555556f1a5e0, 24 [pid 6029] <... openat resumed>) = 3 [pid 6020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6018] <... futex resumed>) = 0 [pid 5086] lstat("./36/bus", [pid 5085] <... mkdir resumed>) = 0 [pid 5081] <... umount2 resumed>) = 0 [pid 6035] <... set_robust_list resumed>) = 0 [ 113.376651][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 6029] chdir("./bus" [pid 6020] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6018] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5081] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6035] chdir("./36" [pid 6029] <... chdir resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6035] <... chdir resumed>) = 0 [pid 6029] ioctl(4, LOOP_CLR_FD [pid 5081] lstat("./35/bus", [pid 6035] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6029] <... ioctl resumed>) = 0 [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6035] <... prctl resumed>) = 0 [pid 6029] close(4 [pid 5081] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6035] setpgid(0, 0 [pid 6029] <... close resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6035] <... setpgid resumed>) = 0 [pid 6029] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6029] <... futex resumed>) = 1 [pid 6026] <... futex resumed>) = 0 [pid 5081] <... openat resumed>) = 4 [pid 6035] <... openat resumed>) = 3 [pid 6029] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... openat resumed>) = 3 [pid 5081] fstat(4, [pid 6035] write(3, "1000", 4 [pid 6029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6026] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] ioctl(3, LOOP_CLR_FD [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6035] <... write resumed>) = 4 [pid 6029] chdir("./file0" [pid 6026] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5081] getdents64(4, [pid 6035] close(3 [pid 6029] <... chdir resumed>) = 0 [pid 5086] <... openat resumed>) = 4 [pid 5085] close(3 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6035] <... close resumed>) = 0 [pid 6029] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] fstat(4, [pid 5085] <... close resumed>) = 0 [pid 5081] getdents64(4, [pid 6035] symlink("/dev/binderfs", "./binderfs" [pid 6029] <... futex resumed>) = 1 [pid 6026] <... futex resumed>) = 0 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6035] <... symlink resumed>) = 0 [pid 6029] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5081] close(4 [pid 6035] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6026] <... futex resumed>) = 0 [pid 5086] getdents64(4, [pid 5081] <... close resumed>) = 0 [pid 6035] <... futex resumed>) = 0 [pid 5081] rmdir("./35/bus" [pid 6035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6029] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6026] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5081] <... rmdir resumed>) = 0 [pid 6035] <... mmap resumed>) = 0x7f5659bc2000 [pid 5081] getdents64(3, [pid 6035] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6035] <... mprotect resumed>) = 0 [pid 5081] close(3 [pid 6035] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5086] getdents64(4, [pid 5081] <... close resumed>) = 0 [pid 5081] rmdir("./35" [pid 6035] <... clone resumed>, parent_tid=[6037], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6037 [pid 6029] <... openat resumed>) = 4 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6036 [pid 5081] <... rmdir resumed>) = 0 [pid 6035] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] close(4 [pid 5081] mkdir("./36", 0777 [pid 6035] <... futex resumed>) = 0 [pid 6029] <... futex resumed>) = 1 [pid 6026] <... futex resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5081] <... mkdir resumed>) = 0 [pid 6035] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6029] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] rmdir("./36/bus" [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6026] <... futex resumed>) = 0 [pid 5081] <... openat resumed>) = 3 [pid 6026] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] ioctl(3, LOOP_CLR_FD [pid 6029] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5086] <... rmdir resumed>) = 0 [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5081] close(3) = 0 [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6037 attached [pid 6037] set_robust_list(0x7f5659be29e0, 24 [pid 5086] getdents64(3, [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6038 [pid 6037] <... set_robust_list resumed>) = 0 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6038 attached ./strace-static-x86_64: Process 6036 attached [pid 6037] memfd_create("syzkaller", 0 [pid 6029] <... write resumed>) = 262144 [pid 6020] <... write resumed>) = 262144 [pid 5086] close(3 [pid 6038] set_robust_list(0x555556f1a5e0, 24 [pid 6037] <... memfd_create resumed>) = 3 [pid 6036] set_robust_list(0x555556f1a5e0, 24 [pid 6029] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... close resumed>) = 0 [pid 6038] <... set_robust_list resumed>) = 0 [pid 6037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6036] <... set_robust_list resumed>) = 0 [pid 6029] <... futex resumed>) = 1 [pid 6026] <... futex resumed>) = 0 [pid 6020] <... futex resumed>) = 0 [pid 6018] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5086] rmdir("./36" [pid 6038] chdir("./36" [pid 6037] <... mmap resumed>) = 0x7f56517c2000 [pid 6036] chdir("./35" [pid 6029] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] exit_group(0 [pid 5086] <... rmdir resumed>) = 0 [pid 6038] <... chdir resumed>) = 0 [pid 6036] <... chdir resumed>) = 0 [pid 6029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6026] <... futex resumed>) = 0 [pid 6020] <... futex resumed>) = ? [pid 6018] <... exit_group resumed>) = ? [pid 5086] mkdir("./37", 0777 [pid 6038] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6037] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6036] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6029] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6026] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6020] +++ exited with 0 +++ [pid 6018] +++ exited with 0 +++ [pid 5086] <... mkdir resumed>) = 0 [pid 6038] <... prctl resumed>) = 0 [pid 6036] <... prctl resumed>) = 0 [pid 6029] <... mmap resumed>) = 0x20000000 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6018, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 6038] setpgid(0, 0 [pid 6036] setpgid(0, 0 [pid 6029] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... openat resumed>) = 3 [pid 6038] <... setpgid resumed>) = 0 [pid 6036] <... setpgid resumed>) = 0 [pid 6029] <... futex resumed>) = 1 [pid 6026] <... futex resumed>) = 0 [pid 5086] ioctl(3, LOOP_CLR_FD [pid 6038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6029] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5084] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6038] <... openat resumed>) = 3 [pid 6036] <... openat resumed>) = 3 [pid 6029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6026] <... futex resumed>) = 0 [pid 5086] close(3 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6038] write(3, "1000", 4 [pid 6036] write(3, "1000", 4 [pid 6029] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6026] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... close resumed>) = 0 [pid 5084] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6038] <... write resumed>) = 4 [pid 6036] <... write resumed>) = 4 [pid 6029] <... open resumed>) = 5 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5084] <... openat resumed>) = 3 [pid 6038] close(3 [pid 6036] close(3 [pid 6029] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] fstat(3, [pid 6038] <... close resumed>) = 0 [pid 6036] <... close resumed>) = 0 [pid 6029] <... futex resumed>) = 1 [pid 6026] <... futex resumed>) = 0 [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6039 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6038] symlink("/dev/binderfs", "./binderfs" [pid 6036] symlink("/dev/binderfs", "./binderfs" [pid 6029] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] getdents64(3, [pid 6038] <... symlink resumed>) = 0 [pid 6036] <... symlink resumed>) = 0 [pid 6029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6026] <... futex resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6038] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 6026] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6038] <... futex resumed>) = 0 [pid 6036] <... futex resumed>) = 0 [pid 6029] <... mount resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6029] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] lstat("./36/binderfs", [pid 6038] <... mmap resumed>) = 0x7f5659bc2000 [pid 6036] <... mmap resumed>) = 0x7f5659bc2000 [pid 6029] <... futex resumed>) = 1 [pid 6026] <... futex resumed>) = 0 [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6038] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6036] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6029] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] unlink("./36/binderfs" [pid 6038] <... mprotect resumed>) = 0 [pid 6037] <... write resumed>) = 1048576 [pid 6036] <... mprotect resumed>) = 0 [pid 6029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6026] <... futex resumed>) = 0 [pid 5084] <... unlink resumed>) = 0 [pid 6038] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6036] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6029] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6026] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 113.522359][ T27] kauditd_printk_skb: 15 callbacks suppressed [ 113.522378][ T27] audit: type=1800 audit(1678856064.925:217): pid=6029 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop2" ino=19 res=0 errno=0 [pid 5084] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6041 attached ./strace-static-x86_64: Process 6039 attached [pid 6037] munmap(0x7f56517c2000, 1048576 [pid 6029] <... open resumed>) = 6 [pid 6041] set_robust_list(0x7f5659be29e0, 24 [pid 6039] set_robust_list(0x555556f1a5e0, 24 [pid 6038] <... clone resumed>, parent_tid=[6040], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6040 [pid 6037] <... munmap resumed>) = 0 [pid 6036] <... clone resumed>, parent_tid=[6041], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6041 [pid 6029] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6040 attached [pid 6041] <... set_robust_list resumed>) = 0 [pid 6039] <... set_robust_list resumed>) = 0 [pid 6038] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6036] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] <... futex resumed>) = 1 [pid 6026] <... futex resumed>) = 0 [pid 6041] memfd_create("syzkaller", 0 [pid 6040] set_robust_list(0x7f5659be29e0, 24 [pid 6039] chdir("./37" [pid 6038] <... futex resumed>) = 0 [pid 6037] <... openat resumed>) = 4 [pid 6036] <... futex resumed>) = 0 [pid 6029] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] <... memfd_create resumed>) = 3 [pid 6040] <... set_robust_list resumed>) = 0 [pid 6039] <... chdir resumed>) = 0 [pid 6038] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6037] ioctl(4, LOOP_SET_FD, 3 [pid 6036] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6026] <... futex resumed>) = 0 [pid 6041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6040] memfd_create("syzkaller", 0 [pid 6039] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6029] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6026] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... mmap resumed>) = 0x7f56517c2000 [pid 6040] <... memfd_create resumed>) = 3 [pid 6039] <... prctl resumed>) = 0 [pid 6040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6029] <... write resumed>) = 262144 [pid 6040] <... mmap resumed>) = 0x7f56517c2000 [pid 6039] setpgid(0, 0 [pid 6029] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6039] <... setpgid resumed>) = 0 [pid 6037] <... ioctl resumed>) = 0 [pid 6029] <... futex resumed>) = 1 [pid 6026] <... futex resumed>) = 0 [pid 6039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6037] close(3 [pid 6029] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] exit_group(0 [pid 6040] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6039] <... openat resumed>) = 3 [pid 6037] <... close resumed>) = 0 [pid 6029] <... futex resumed>) = ? [pid 6026] <... exit_group resumed>) = ? [pid 6039] write(3, "1000", 4 [pid 6037] mkdir("./bus", 0777 [pid 6029] +++ exited with 0 +++ [pid 6026] +++ exited with 0 +++ [pid 6039] <... write resumed>) = 4 [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6026, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6039] close(3 [pid 6037] <... mkdir resumed>) = 0 [pid 6039] <... close resumed>) = 0 [pid 6037] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6039] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6039] <... mmap resumed>) = 0x7f5659bc2000 [pid 5083] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6039] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5083] <... openat resumed>) = 3 [pid 6039] <... mprotect resumed>) = 0 [ 113.560242][ T75] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 113.588373][ T6037] loop1: detected capacity change from 0 to 2048 [ 113.610268][ T75] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5083] fstat(3, [pid 6039] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] getdents64(3, [pid 6039] <... clone resumed>, parent_tid=[6043], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6043 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6039] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6043 attached [pid 6041] <... write resumed>) = 1048576 [pid 6039] <... futex resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6043] set_robust_list(0x7f5659be29e0, 24 [pid 6041] munmap(0x7f56517c2000, 1048576 [pid 6039] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5083] lstat("./36/binderfs", [pid 6043] <... set_robust_list resumed>) = 0 [pid 6041] <... munmap resumed>) = 0 [pid 6040] <... write resumed>) = 1048576 [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5083] unlink("./36/binderfs") = 0 [pid 5083] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6040] munmap(0x7f56517c2000, 1048576) = 0 [pid 6040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6040] ioctl(4, LOOP_SET_FD, 3 [pid 6043] memfd_create("syzkaller", 0 [pid 6041] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6043] <... memfd_create resumed>) = 3 [pid 6041] <... openat resumed>) = 4 [pid 6043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6041] ioctl(4, LOOP_SET_FD, 3 [pid 6043] <... mmap resumed>) = 0x7f56517c2000 [pid 6041] <... ioctl resumed>) = 0 [ 113.658745][ T75] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [ 113.678195][ T6037] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/36/bus supports timestamps until 2038 (0x7fffffff) [ 113.687848][ T6040] loop0: detected capacity change from 0 to 2048 [ 113.696382][ T6041] loop4: detected capacity change from 0 to 2048 [pid 6043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6041] close(3 [pid 6040] <... ioctl resumed>) = 0 [pid 6037] <... mount resumed>) = 0 [pid 6041] <... close resumed>) = 0 [pid 6041] mkdir("./bus", 0777) = 0 [pid 6041] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6040] close(3 [pid 6037] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6040] <... close resumed>) = 0 [ 113.705240][ T9] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 113.706436][ T75] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 113.731976][ T75] EXT4-fs (loop3): This should not happen!! Data will be lost [ 113.731976][ T75] [ 113.742624][ T9] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6040] mkdir("./bus", 0777 [pid 6037] <... openat resumed>) = 3 [pid 6043] <... write resumed>) = 1048576 [pid 6043] munmap(0x7f56517c2000, 1048576) = 0 [pid 6040] <... mkdir resumed>) = 0 [pid 6037] chdir("./bus" [pid 6040] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6037] <... chdir resumed>) = 0 [pid 6037] ioctl(4, LOOP_CLR_FD) = 0 [pid 6037] close(4) = 0 [pid 6037] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6037] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6043] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6035] <... futex resumed>) = 0 [pid 6043] <... openat resumed>) = 4 [pid 6041] <... mount resumed>) = 0 [pid 6035] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6035] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6037] <... futex resumed>) = 0 [pid 6041] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6043] ioctl(4, LOOP_SET_FD, 3 [pid 6041] chdir("./bus" [pid 6037] chdir("./file0" [pid 6041] <... chdir resumed>) = 0 [pid 6041] ioctl(4, LOOP_CLR_FD [pid 6037] <... chdir resumed>) = 0 [pid 6037] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6035] <... futex resumed>) = 0 [pid 6037] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6035] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6035] <... futex resumed>) = 0 [pid 6037] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6035] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... ioctl resumed>) = 0 [ 113.745172][ T75] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 113.761049][ T6041] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/35/bus supports timestamps until 2038 (0x7fffffff) [ 113.780707][ T75] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 113.797353][ T6043] loop5: detected capacity change from 0 to 2048 [pid 6041] close(4) = 0 [pid 6037] <... openat resumed>) = 4 [pid 6041] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6036] <... futex resumed>) = 0 [pid 6041] chdir("./file0" [pid 6036] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] <... chdir resumed>) = 0 [pid 6036] <... futex resumed>) = 0 [pid 6041] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... futex resumed>) = 0 [pid 6036] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6041] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 113.809934][ T9] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [ 113.837272][ T6040] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/36/bus supports timestamps until 2038 (0x7fffffff) [pid 6036] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = 0 [pid 6037] <... futex resumed>) = 1 [pid 6036] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6035] <... futex resumed>) = 0 [pid 6037] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6035] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] <... openat resumed>) = 4 [pid 6041] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6036] <... futex resumed>) = 0 [pid 6041] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6036] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] <... write resumed>) = 262144 [pid 6036] <... futex resumed>) = 0 [pid 6036] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6035] <... futex resumed>) = 0 [pid 6041] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = 0 [pid 6036] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... futex resumed>) = 1 [pid 6041] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6041] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = 0 [pid 6036] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... futex resumed>) = 1 [pid 6041] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6035] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... open resumed>) = 5 [pid 6043] <... ioctl resumed>) = 0 [pid 6043] close(3) = 0 [pid 6043] mkdir("./bus", 0777) = 0 [pid 6041] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = 0 [pid 6036] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... futex resumed>) = 1 [pid 6041] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL) = 0 [pid 6041] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = 0 [pid 6036] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... futex resumed>) = 1 [pid 6041] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 6043] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6041] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = 0 [pid 6036] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... futex resumed>) = 1 [pid 6041] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6037] <... write resumed>) = 262144 [pid 6037] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6037] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6040] <... mount resumed>) = 0 [pid 6040] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6040] chdir("./bus") = 0 [pid 6040] ioctl(4, LOOP_CLR_FD) = 0 [ 113.856046][ T27] audit: type=1800 audit(1678856065.255:218): pid=6041 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop4" ino=19 res=0 errno=0 [ 113.863016][ T9] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 113.900472][ T9] EXT4-fs (loop2): This should not happen!! Data will be lost [ 113.900472][ T9] [pid 6040] close(4 [pid 6035] <... futex resumed>) = 0 [pid 6035] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... umount2 resumed>) = 0 [pid 6037] <... futex resumed>) = 0 [pid 6035] <... futex resumed>) = 1 [pid 6035] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6037] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6041] <... write resumed>) = 262144 [pid 6041] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = 0 [pid 6036] exit_group(0) = ? [pid 6041] <... futex resumed>) = ? [pid 6041] +++ exited with 0 +++ [pid 6036] +++ exited with 0 +++ [pid 6040] <... close resumed>) = 0 [pid 6040] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6038] <... futex resumed>) = 0 [pid 6038] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6038] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6040] <... futex resumed>) = 1 [pid 6037] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] chdir("./file0" [pid 6035] <... futex resumed>) = 0 [pid 6035] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6035] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6037] <... futex resumed>) = 1 [pid 6037] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6036, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6040] <... chdir resumed>) = 0 [pid 5085] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6040] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 113.914915][ T9] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 113.930281][ T9] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 6040] <... futex resumed>) = 1 [pid 6038] <... futex resumed>) = 0 [pid 5084] lstat("./36/bus", [pid 6040] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6038] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6037] <... open resumed>) = 5 [pid 5085] <... openat resumed>) = 3 [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6038] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6037] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6037] <... futex resumed>) = 1 [pid 6035] <... futex resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6037] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 6035] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] <... mount resumed>) = 0 [pid 6035] <... futex resumed>) = 0 [pid 5084] openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6037] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6035] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... openat resumed>) = 4 [pid 6037] <... futex resumed>) = 0 [pid 6035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] fstat(4, [pid 6037] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6035] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6037] <... open resumed>) = 6 [pid 6035] <... futex resumed>) = 0 [pid 5084] getdents64(4, [pid 6037] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6035] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6037] <... futex resumed>) = 0 [pid 6035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] getdents64(4, [pid 6037] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6035] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6035] <... futex resumed>) = 0 [pid 5084] close(4 [pid 6037] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6035] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... close resumed>) = 0 [pid 5084] rmdir("./36/bus") = 0 [pid 5084] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5084] close(3 [pid 5085] fstat(3, [pid 5084] <... close resumed>) = 0 [pid 5084] rmdir("./36") = 0 [pid 5084] mkdir("./37", 0777 [pid 6043] <... mount resumed>) = 0 [pid 6040] <... openat resumed>) = 4 [pid 6037] <... write resumed>) = 262144 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] <... umount2 resumed>) = 0 [pid 6043] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6037] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] getdents64(3, [pid 6043] <... openat resumed>) = 3 [pid 6037] <... futex resumed>) = 1 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6043] chdir("./bus" [pid 6037] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6043] <... chdir resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6043] ioctl(4, LOOP_CLR_FD [pid 5085] lstat("./35/binderfs", [pid 6043] <... ioctl resumed>) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6043] close(4 [pid 5085] unlink("./35/binderfs" [pid 6043] <... close resumed>) = 0 [pid 6040] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6038] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6035] <... futex resumed>) = 0 [pid 5085] <... unlink resumed>) = 0 [pid 5084] <... mkdir resumed>) = 0 [pid 5083] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6043] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] <... futex resumed>) = 0 [pid 6038] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6035] exit_group(0 [pid 5085] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [ 113.954858][ T6043] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/37/bus supports timestamps until 2038 (0x7fffffff) [ 113.975928][ T27] audit: type=1800 audit(1678856065.375:219): pid=6037 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop1" ino=19 res=0 errno=0 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6043] <... futex resumed>) = 1 [pid 6040] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6039] <... futex resumed>) = 0 [pid 6038] <... futex resumed>) = 0 [pid 6037] <... futex resumed>) = ? [pid 6035] <... exit_group resumed>) = ? [pid 5084] <... openat resumed>) = 3 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6043] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6037] +++ exited with 0 +++ [pid 6039] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6038] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6043] <... futex resumed>) = 0 [pid 6039] <... futex resumed>) = 1 [pid 6035] +++ exited with 0 +++ [pid 6043] chdir("./file0" [pid 6039] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5083] lstat("./36/bus", [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6035, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6043] <... chdir resumed>) = 0 [pid 6040] <... write resumed>) = 262144 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6043] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] close(3 [pid 5083] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6043] <... futex resumed>) = 1 [pid 6039] <... futex resumed>) = 0 [pid 5082] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6043] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6039] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6039] <... futex resumed>) = 0 [pid 5082] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6043] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6039] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... openat resumed>) = 3 [pid 5082] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] unlink("./36/binderfs") = 0 [pid 5082] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6043] <... openat resumed>) = 4 [pid 6040] <... futex resumed>) = 1 [pid 6038] <... futex resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 114.036449][ T9] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 114.073962][ T9] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6040] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6038] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5083] openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6043] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6039] <... futex resumed>) = 0 [pid 6043] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6039] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... openat resumed>) = 4 [pid 6038] <... futex resumed>) = 0 [pid 5083] fstat(4, [pid 6040] <... mmap resumed>) = 0x20000000 [pid 6038] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6051 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] getdents64(4, [pid 6040] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6038] <... futex resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6040] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6038] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] getdents64(4, ./strace-static-x86_64: Process 6051 attached [pid 6043] <... write resumed>) = 262144 [pid 6040] <... open resumed>) = 5 [pid 6038] <... futex resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6043] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6038] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] close(4 [pid 6051] set_robust_list(0x555556f1a5e0, 24 [ 114.088328][ T75] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 114.113044][ T27] audit: type=1800 audit(1678856065.515:220): pid=6040 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop0" ino=19 res=0 errno=0 [pid 6043] <... futex resumed>) = 1 [pid 6040] <... futex resumed>) = 0 [pid 6038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] <... close resumed>) = 0 [pid 6051] <... set_robust_list resumed>) = 0 [pid 6039] <... futex resumed>) = 0 [pid 6051] chdir("./37" [pid 6039] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6051] <... chdir resumed>) = 0 [pid 6039] <... futex resumed>) = 0 [pid 6051] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6039] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6051] <... prctl resumed>) = 0 [pid 6051] setpgid(0, 0) = 0 [pid 6051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6051] write(3, "1000", 4) = 4 [pid 6051] close(3) = 0 [pid 6051] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6051] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6051] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6051] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6052], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6052 [pid 6051] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6052 attached [pid 6052] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6052] memfd_create("syzkaller", 0) = 3 [pid 6052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6043] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6040] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6038] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] rmdir("./36/bus" [pid 6043] <... mmap resumed>) = 0x20000000 [pid 6040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6038] <... futex resumed>) = 0 [pid 6038] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... rmdir resumed>) = 0 [pid 6043] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5083] getdents64(3, [pid 6043] <... futex resumed>) = 1 [pid 6039] <... futex resumed>) = 0 [pid 6039] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] <... mount resumed>) = 0 [pid 6043] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6040] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] <... futex resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6039] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6043] <... open resumed>) = 5 [pid 6040] <... futex resumed>) = 1 [pid 6038] <... futex resumed>) = 0 [pid 5083] close(3 [pid 6043] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6043] <... futex resumed>) = 1 [pid 6039] <... futex resumed>) = 0 [pid 6038] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... close resumed>) = 0 [pid 6043] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6039] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6038] <... futex resumed>) = 0 [pid 6039] <... futex resumed>) = 0 [pid 6038] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6039] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 114.135241][ T9] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [ 114.146997][ T75] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 114.167061][ T27] audit: type=1800 audit(1678856065.565:221): pid=6043 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop5" ino=19 res=0 errno=0 [pid 6052] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6040] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5083] rmdir("./36" [pid 6043] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 6040] <... open resumed>) = 6 [pid 5083] <... rmdir resumed>) = 0 [pid 6043] <... mount resumed>) = 0 [pid 6040] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6043] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] <... futex resumed>) = 1 [pid 6038] <... futex resumed>) = 0 [pid 5083] mkdir("./37", 0777 [pid 6038] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6038] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] <... write resumed>) = 1048576 [pid 6052] munmap(0x7f56517c2000, 1048576) = 0 [pid 6052] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6052] ioctl(4, LOOP_SET_FD, 3 [pid 6043] <... futex resumed>) = 1 [pid 6040] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5083] <... mkdir resumed>) = 0 [ 114.188654][ T75] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [ 114.203182][ T9] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 114.211497][ T6052] loop3: detected capacity change from 0 to 2048 [ 114.217624][ T9] EXT4-fs (loop4): This should not happen!! Data will be lost [ 114.217624][ T9] [pid 6043] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6039] <... futex resumed>) = 0 [pid 6039] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] <... ioctl resumed>) = 0 [pid 6052] close(3) = 0 [pid 6052] mkdir("./bus", 0777 [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6052] <... mkdir resumed>) = 0 [pid 6052] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5083] <... openat resumed>) = 3 [pid 6043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] ioctl(3, LOOP_CLR_FD [pid 6043] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6043] <... open resumed>) = 6 [ 114.238914][ T75] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 114.254197][ T75] EXT4-fs (loop1): This should not happen!! Data will be lost [ 114.254197][ T75] [ 114.256900][ T9] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 6040] <... write resumed>) = 262144 [pid 5083] close(3 [pid 6043] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6038] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6043] <... futex resumed>) = 1 [pid 6040] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] <... futex resumed>) = 0 [pid 5083] <... close resumed>) = 0 [pid 6039] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6043] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6040] <... futex resumed>) = 0 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6040] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6038] exit_group(0 [pid 6040] <... futex resumed>) = ? [pid 6038] <... exit_group resumed>) = ? [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6055 [pid 6040] +++ exited with 0 +++ [pid 6038] +++ exited with 0 +++ [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6038, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5081] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5081] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5081] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 114.265541][ T75] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 114.280872][ T9] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 6039] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5081] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6043] <... write resumed>) = 262144 [pid 5085] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 6055 attached [pid 6055] set_robust_list(0x555556f1a5e0, 24 [pid 6043] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] lstat("./36/binderfs", [pid 6055] <... set_robust_list resumed>) = 0 [pid 6039] exit_group(0 [pid 6055] chdir("./37" [pid 6043] <... futex resumed>) = ? [pid 6039] <... exit_group resumed>) = ? [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6055] <... chdir resumed>) = 0 [pid 6043] +++ exited with 0 +++ [pid 6039] +++ exited with 0 +++ [pid 5081] unlink("./36/binderfs" [pid 6055] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6039, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6055] <... prctl resumed>) = 0 [pid 6055] setpgid(0, 0 [pid 5081] <... unlink resumed>) = 0 [pid 6055] <... setpgid resumed>) = 0 [ 114.335556][ T6052] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/37/bus supports timestamps until 2038 (0x7fffffff) [ 114.339913][ T75] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5086] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6055] <... openat resumed>) = 3 [pid 5086] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6055] write(3, "1000", 4 [pid 5086] <... openat resumed>) = 3 [pid 6055] <... write resumed>) = 4 [pid 5086] fstat(3, [pid 6055] close(3 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6055] <... close resumed>) = 0 [pid 5086] getdents64(3, [pid 6055] symlink("/dev/binderfs", "./binderfs" [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6055] <... symlink resumed>) = 0 [pid 5086] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6055] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6055] <... futex resumed>) = 0 [pid 5086] lstat("./37/binderfs", [pid 6055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6055] <... mmap resumed>) = 0x7f5659bc2000 [pid 5086] unlink("./37/binderfs" [pid 6055] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5086] <... unlink resumed>) = 0 [pid 5085] lstat("./35/bus", [pid 6055] <... mprotect resumed>) = 0 [pid 5086] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6055] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6055] <... clone resumed>, parent_tid=[6056], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6056 [pid 5085] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6055] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] <... mount resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6055] <... futex resumed>) = 0 [pid 6052] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5085] openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6055] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6052] <... openat resumed>) = 3 [pid 5085] <... openat resumed>) = 4 [pid 6052] chdir("./bus" [pid 5085] fstat(4, ./strace-static-x86_64: Process 6056 attached [pid 6052] <... chdir resumed>) = 0 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6056] set_robust_list(0x7f5659be29e0, 24 [pid 6052] ioctl(4, LOOP_CLR_FD [pid 5085] getdents64(4, [pid 6056] <... set_robust_list resumed>) = 0 [pid 6052] <... ioctl resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6056] memfd_create("syzkaller", 0 [pid 6052] close(4 [pid 5085] getdents64(4, [pid 6056] <... memfd_create resumed>) = 3 [pid 6052] <... close resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [ 114.378625][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 114.394745][ T948] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 6052] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] close(4 [pid 6056] <... mmap resumed>) = 0x7f56517c2000 [pid 6052] <... futex resumed>) = 1 [pid 6051] <... futex resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 6056] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6052] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] rmdir("./35/bus" [pid 6052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6051] <... futex resumed>) = 0 [pid 5085] <... rmdir resumed>) = 0 [pid 6052] chdir("./file0" [pid 6051] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] getdents64(3, [pid 6052] <... chdir resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6052] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] close(3 [pid 6052] <... futex resumed>) = 1 [pid 6051] <... futex resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 6052] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] rmdir("./35" [pid 6052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6051] <... futex resumed>) = 0 [pid 5085] <... rmdir resumed>) = 0 [pid 6052] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6051] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] mkdir("./36", 0777 [pid 6052] <... openat resumed>) = 4 [pid 5085] <... mkdir resumed>) = 0 [pid 6052] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6052] <... futex resumed>) = 1 [pid 6051] <... futex resumed>) = 0 [pid 5085] <... openat resumed>) = 3 [pid 6052] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] ioctl(3, LOOP_CLR_FD [pid 6052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6051] <... futex resumed>) = 0 [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6052] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6051] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] close(3 [pid 6056] <... write resumed>) = 1048576 [ 114.420413][ T9] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 114.445487][ T948] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 114.459910][ T9] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [pid 6056] munmap(0x7f56517c2000, 1048576) = 0 [pid 5085] <... close resumed>) = 0 [pid 6056] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6052] <... write resumed>) = 262144 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6056] <... openat resumed>) = 4 [ 114.489605][ T9] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 114.505258][ T948] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [ 114.523506][ T9] EXT4-fs (loop0): This should not happen!! Data will be lost [ 114.523506][ T9] [pid 6056] ioctl(4, LOOP_SET_FD, 3 [pid 6052] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6051] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6052] <... futex resumed>) = 0 [pid 6051] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6057 [pid 6052] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6051] <... futex resumed>) = 0 [pid 6052] <... mmap resumed>) = 0x20000000 [pid 6052] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6051] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] <... futex resumed>) = 0 [pid 6051] <... futex resumed>) = 1 [pid 6052] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6051] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6056] <... ioctl resumed>) = 0 [pid 6056] close(3) = 0 [pid 6056] mkdir("./bus", 0777./strace-static-x86_64: Process 6057 attached ) = 0 [pid 6057] set_robust_list(0x555556f1a5e0, 24 [pid 6056] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6057] <... set_robust_list resumed>) = 0 [pid 6057] chdir("./36") = 0 [pid 6057] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6057] setpgid(0, 0) = 0 [pid 6057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6052] <... open resumed>) = 5 [pid 6057] <... openat resumed>) = 3 [pid 6052] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... umount2 resumed>) = 0 [pid 6057] write(3, "1000", 4 [pid 6052] <... futex resumed>) = 1 [pid 6051] <... futex resumed>) = 0 [pid 6057] <... write resumed>) = 4 [pid 6052] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6057] close(3 [pid 6052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6051] <... futex resumed>) = 0 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6057] <... close resumed>) = 0 [pid 6052] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 6051] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] lstat("./36/bus", [pid 6057] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6052] <... mount resumed>) = 0 [pid 5082] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6057] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6057] <... futex resumed>) = 0 [pid 6052] <... futex resumed>) = 1 [pid 6051] <... futex resumed>) = 0 [ 114.530856][ T948] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 114.548086][ T6056] loop2: detected capacity change from 0 to 2048 [ 114.559947][ T27] audit: type=1800 audit(1678856065.965:222): pid=6052 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop3" ino=19 res=0 errno=0 [pid 6057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6052] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6057] <... mmap resumed>) = 0x7f5659bc2000 [pid 6057] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6057] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6058], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6058 [pid 6057] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6057] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6058 attached [pid 6058] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6058] memfd_create("syzkaller", 0) = 3 [pid 6058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6051] <... futex resumed>) = 0 [pid 5082] openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6058] <... mmap resumed>) = 0x7f56517c2000 [pid 6052] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [ 114.597693][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 114.612917][ T948] EXT4-fs (loop5): This should not happen!! Data will be lost [ 114.612917][ T948] [ 114.613161][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 114.625212][ T948] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 6051] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... openat resumed>) = 4 [pid 6058] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6052] <... open resumed>) = 6 [pid 5082] fstat(4, [pid 6052] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6052] <... futex resumed>) = 1 [pid 6051] <... futex resumed>) = 0 [pid 5082] getdents64(4, [pid 6052] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6051] <... futex resumed>) = 0 [pid 5082] getdents64(4, [pid 6052] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6051] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] close(4) = 0 [pid 5082] rmdir("./36/bus") = 0 [pid 5082] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] close(3) = 0 [pid 5082] rmdir("./36") = 0 [pid 5082] mkdir("./37", 0777) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR) =