./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2423818667 <...> CK, 4, 0 [pid 5726] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5722] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [ 98.614237][ T5085] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.618905][ T11] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 98.640953][ T5736] loop1: detected capacity change from 0 to 2048 [pid 5086] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5728] <... mmap resumed>) = 0x20000000 [pid 5727] <... mmap resumed>) = 0x20000000 [pid 5726] <... futex resumed>) = 0 [pid 5722] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] <... umount2 resumed>) = 0 [pid 5726] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5722] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5728] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5727] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5728] <... futex resumed>) = 0 [pid 5727] <... futex resumed>) = 0 [pid 5726] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5722] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] <... openat resumed>) = 4 [pid 5728] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5727] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5726] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5722] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] fstat(4, [pid 5085] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5728] <... open resumed>) = 5 [pid 5726] <... futex resumed>) = 0 [pid 5722] <... futex resumed>) = 0 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5726] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5722] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] getdents64(4, [pid 5727] <... open resumed>) = 5 [pid 5728] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5727] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 98.686210][ T11] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 98.714266][ T27] audit: type=1800 audit(1678856050.115:149): pid=5728 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop3" ino=19 res=0 errno=0 [pid 5728] <... futex resumed>) = 1 [pid 5727] <... futex resumed>) = 1 [pid 5726] <... futex resumed>) = 0 [pid 5722] <... futex resumed>) = 0 [pid 5086] getdents64(4, [pid 5085] lstat("./23/bus", [pid 5728] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5727] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5726] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5722] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5728] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5727] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5726] <... futex resumed>) = 0 [pid 5722] <... futex resumed>) = 0 [pid 5086] close(4 [pid 5085] umount2("./23/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5728] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 5727] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [ 98.738691][ T11] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 98.739316][ T27] audit: type=1800 audit(1678856050.135:150): pid=5727 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop0" ino=19 res=0 errno=0 [ 98.754768][ T5736] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5726] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5722] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... close resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5728] <... mount resumed>) = 0 [pid 5727] <... mount resumed>) = 0 [pid 5086] rmdir("./24/bus" [pid 5085] openat(AT_FDCWD, "./23/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5728] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5727] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... rmdir resumed>) = 0 [pid 5085] <... openat resumed>) = 4 [pid 5728] <... futex resumed>) = 1 [pid 5727] <... futex resumed>) = 1 [pid 5726] <... futex resumed>) = 0 [pid 5722] <... futex resumed>) = 0 [pid 5086] getdents64(3, [pid 5085] fstat(4, [pid 5728] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5727] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5726] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5722] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5728] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5727] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5726] <... futex resumed>) = 0 [pid 5722] <... futex resumed>) = 0 [pid 5086] close(3 [pid 5085] getdents64(4, [pid 5728] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5727] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5726] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5722] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... close resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5728] <... open resumed>) = 6 [pid 5727] <... open resumed>) = 6 [pid 5086] rmdir("./24" [pid 5085] getdents64(4, [pid 5728] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5727] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... rmdir resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5728] <... futex resumed>) = 1 [pid 5727] <... futex resumed>) = 1 [pid 5726] <... futex resumed>) = 0 [pid 5722] <... futex resumed>) = 0 [pid 5086] mkdir("./25", 0777 [pid 5085] close(4 [pid 5728] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5727] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5726] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5722] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... mkdir resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5728] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5727] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5726] <... futex resumed>) = 0 [pid 5722] <... futex resumed>) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5085] rmdir("./23/bus" [pid 5728] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5727] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5726] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5722] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... openat resumed>) = 3 [pid 5085] <... rmdir resumed>) = 0 [pid 5086] ioctl(3, LOOP_CLR_FD [pid 5085] getdents64(3, [pid 5736] <... mount resumed>) = 0 [ 98.785353][ T11] EXT4-fs (loop2): This should not happen!! Data will be lost [ 98.785353][ T11] [ 98.799179][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 98.817009][ T5736] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/24/bus supports timestamps until 2038 (0x7fffffff) [pid 5736] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5086] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5086] close(3 [pid 5085] close(3 [pid 5086] <... close resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5085] rmdir("./23") = 0 [pid 5085] mkdir("./24", 0777 [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5739 [pid 5085] <... mkdir resumed>) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5085] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5085] close(3) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 5740 [pid 5736] <... openat resumed>) = 3 [pid 5736] chdir("./bus") = 0 [pid 5736] ioctl(4, LOOP_CLR_FD) = 0 [pid 5736] close(4) = 0 [pid 5736] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5736] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5728] <... write resumed>) = 262144 [pid 5727] <... write resumed>) = 262144 [pid 5735] <... futex resumed>) = 0 [pid 5728] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5727] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5728] <... futex resumed>) = 1 [pid 5727] <... futex resumed>) = 1 [pid 5726] <... futex resumed>) = 0 [pid 5722] <... futex resumed>) = 0 [pid 5735] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5736] <... futex resumed>) = 0 [pid 5735] <... futex resumed>) = 1 [pid 5728] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5727] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5726] exit_group(0 [pid 5722] exit_group(0 [pid 5736] chdir("./file0" [pid 5735] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5728] <... futex resumed>) = ? [pid 5727] <... futex resumed>) = ? [pid 5726] <... exit_group resumed>) = ? [pid 5722] <... exit_group resumed>) = ? [pid 5736] <... chdir resumed>) = 0 [pid 5728] +++ exited with 0 +++ [pid 5727] +++ exited with 0 +++ [pid 5726] +++ exited with 0 +++ [pid 5722] +++ exited with 0 +++ [pid 5736] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5735] <... futex resumed>) = 0 [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5726, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5722, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5736] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5735] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] restart_syscall(<... resuming interrupted clone ...> [pid 5081] restart_syscall(<... resuming interrupted clone ...> [pid 5736] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5735] <... futex resumed>) = 0 [pid 5084] <... restart_syscall resumed>) = 0 [pid 5736] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5735] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... restart_syscall resumed>) = 0 [pid 5736] <... openat resumed>) = 4 [pid 5736] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5736] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5735] <... futex resumed>) = 0 [pid 5084] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5735] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5736] <... futex resumed>) = 0 [pid 5735] <... futex resumed>) = 1 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5736] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 5735] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5084] <... openat resumed>) = 3 [pid 5736] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... openat resumed>) = 3 [pid 5084] fstat(3, [pid 5081] fstat(3, [pid 5736] <... futex resumed>) = 1 [pid 5735] <... futex resumed>) = 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 ./strace-static-x86_64: Process 5740 attached ./strace-static-x86_64: Process 5739 attached [pid 5740] set_robust_list(0x555556f1a5e0, 24 [pid 5739] set_robust_list(0x555556f1a5e0, 24 [pid 5736] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5735] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] getdents64(3, [pid 5081] getdents64(3, [pid 5735] <... futex resumed>) = 0 [pid 5740] <... set_robust_list resumed>) = 0 [pid 5739] <... set_robust_list resumed>) = 0 [pid 5736] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5740] chdir("./24" [pid 5739] chdir("./25" [pid 5736] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5740] <... chdir resumed>) = 0 [pid 5739] <... chdir resumed>) = 0 [pid 5736] <... mmap resumed>) = 0x20000000 [pid 5735] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5740] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5739] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5736] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5740] <... prctl resumed>) = 0 [pid 5739] <... prctl resumed>) = 0 [pid 5736] <... futex resumed>) = 1 [pid 5735] <... futex resumed>) = 0 [pid 5084] lstat("./25/binderfs", [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5740] setpgid(0, 0 [pid 5739] setpgid(0, 0 [pid 5736] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5735] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5740] <... setpgid resumed>) = 0 [pid 5739] <... setpgid resumed>) = 0 [pid 5736] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5081] lstat("./24/binderfs", [pid 5740] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5739] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [ 98.831812][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 98.870076][ T5083] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5736] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5735] <... futex resumed>) = 0 [pid 5084] unlink("./25/binderfs" [pid 5740] <... openat resumed>) = 3 [pid 5739] <... openat resumed>) = 3 [pid 5736] <... open resumed>) = 5 [pid 5735] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... unlink resumed>) = 0 [pid 5083] <... umount2 resumed>) = 0 [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5740] write(3, "1000", 4 [pid 5739] write(3, "1000", 4 [pid 5736] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] unlink("./24/binderfs" [pid 5740] <... write resumed>) = 4 [pid 5739] <... write resumed>) = 4 [pid 5736] <... futex resumed>) = 0 [pid 5735] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 98.904381][ T27] audit: type=1800 audit(1678856050.305:151): pid=5736 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop1" ino=19 res=0 errno=0 [ 98.936410][ T75] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5081] <... unlink resumed>) = 0 [pid 5740] close(3 [pid 5739] close(3 [pid 5736] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5735] <... futex resumed>) = 0 [pid 5083] lstat("./24/bus", [pid 5081] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5740] <... close resumed>) = 0 [pid 5739] <... close resumed>) = 0 [pid 5736] <... mount resumed>) = 0 [pid 5735] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5740] symlink("/dev/binderfs", "./binderfs" [pid 5739] symlink("/dev/binderfs", "./binderfs" [pid 5740] <... symlink resumed>) = 0 [pid 5739] <... symlink resumed>) = 0 [pid 5736] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5740] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5740] <... futex resumed>) = 0 [pid 5739] <... futex resumed>) = 0 [pid 5740] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5739] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5740] <... mmap resumed>) = 0x7f5659bc2000 [pid 5739] <... mmap resumed>) = 0x7f5659bc2000 [pid 5740] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5739] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5740] <... mprotect resumed>) = 0 [pid 5739] <... mprotect resumed>) = 0 [pid 5740] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5739] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5736] <... futex resumed>) = 1 [pid 5735] <... futex resumed>) = 0 [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5740] <... clone resumed>, parent_tid=[5741], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5741 [pid 5739] <... clone resumed>, parent_tid=[5742], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5742 [pid 5736] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5735] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5740] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5740] <... futex resumed>) = 0 [pid 5739] <... futex resumed>) = 0 [pid 5740] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5739] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5741 attached [pid 5736] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5735] <... futex resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5742 attached [pid 5741] set_robust_list(0x7f5659be29e0, 24 [pid 5736] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5735] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5742] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 5742] memfd_create("syzkaller", 0) = 3 [pid 5742] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5736] <... open resumed>) = 6 [pid 5083] openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5736] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] <... set_robust_list resumed>) = 0 [pid 5736] <... futex resumed>) = 1 [pid 5735] <... futex resumed>) = 0 [pid 5083] <... openat resumed>) = 4 [pid 5735] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5736] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5083] fstat(4, [pid 5741] memfd_create("syzkaller", 0 [pid 5735] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 98.976059][ T11] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 98.995093][ T75] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 99.008132][ T11] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5742] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5741] <... memfd_create resumed>) = 3 [pid 5736] <... write resumed>) = 262144 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5741] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5083] getdents64(4, [pid 5741] <... mmap resumed>) = 0x7f56517c2000 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5741] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5736] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5083] close(4) = 0 [pid 5736] <... futex resumed>) = 1 [pid 5735] <... futex resumed>) = 0 [pid 5736] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5735] exit_group(0 [pid 5083] rmdir("./24/bus" [pid 5735] <... exit_group resumed>) = ? [pid 5083] <... rmdir resumed>) = 0 [pid 5083] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5083] close(3) = 0 [pid 5736] <... futex resumed>) = ? [pid 5083] rmdir("./24") = 0 [pid 5083] mkdir("./25", 0777) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5083] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5083] close(3) = 0 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 5743 ./strace-static-x86_64: Process 5743 attached [pid 5743] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 5743] chdir("./25" [pid 5736] +++ exited with 0 +++ [pid 5735] +++ exited with 0 +++ [pid 5743] <... chdir resumed>) = 0 [pid 5743] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5743] setpgid(0, 0) = 0 [pid 5743] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5742] <... write resumed>) = 1048576 [pid 5743] <... openat resumed>) = 3 [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5735, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5743] write(3, "1000", 4) = 4 [pid 5743] close(3) = 0 [pid 5082] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5743] symlink("/dev/binderfs", "./binderfs" [pid 5741] <... write resumed>) = 1048576 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5743] <... symlink resumed>) = 0 [ 99.031432][ T11] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 99.043166][ T75] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [ 99.055888][ T75] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 99.068935][ T11] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5082] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5743] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5743] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5742] munmap(0x7f56517c2000, 1048576 [pid 5743] <... mmap resumed>) = 0x7f5659bc2000 [pid 5742] <... munmap resumed>) = 0 [pid 5743] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5742] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5743] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5742] <... openat resumed>) = 4 [pid 5741] munmap(0x7f56517c2000, 1048576 [pid 5743] <... clone resumed>, parent_tid=[5744], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5744 [pid 5742] ioctl(4, LOOP_SET_FD, 3 [pid 5741] <... munmap resumed>) = 0 [pid 5082] <... openat resumed>) = 3 [pid 5743] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] fstat(3, [pid 5743] <... futex resumed>) = 0 [pid 5741] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 5744 attached [pid 5743] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5741] <... openat resumed>) = 4 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5741] ioctl(4, LOOP_SET_FD, 3 [pid 5082] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5744] set_robust_list(0x7f5659be29e0, 24 [pid 5082] unlink("./24/binderfs" [pid 5744] <... set_robust_list resumed>) = 0 [pid 5082] <... unlink resumed>) = 0 [pid 5744] memfd_create("syzkaller", 0 [ 99.104010][ T11] EXT4-fs (loop0): This should not happen!! Data will be lost [ 99.104010][ T11] [ 99.114460][ T75] EXT4-fs (loop3): This should not happen!! Data will be lost [ 99.114460][ T75] [ 99.117384][ T5742] loop5: detected capacity change from 0 to 2048 [ 99.136195][ T5741] loop4: detected capacity change from 0 to 2048 [pid 5082] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5744] <... memfd_create resumed>) = 3 [pid 5742] <... ioctl resumed>) = 0 [pid 5741] <... ioctl resumed>) = 0 [pid 5742] close(3 [pid 5741] close(3 [pid 5742] <... close resumed>) = 0 [pid 5741] <... close resumed>) = 0 [pid 5742] mkdir("./bus", 0777 [pid 5741] mkdir("./bus", 0777 [pid 5742] <... mkdir resumed>) = 0 [pid 5741] <... mkdir resumed>) = 0 [pid 5742] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5741] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5744] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [ 99.151869][ T11] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 99.154349][ T5118] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 99.183978][ T11] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5744] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [ 99.194902][ T75] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 99.205320][ T5081] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.219571][ T5118] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 99.229412][ T75] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 99.235922][ T5742] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5744] munmap(0x7f56517c2000, 1048576 [pid 5742] <... mount resumed>) = 0 [pid 5742] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5742] chdir("./bus") = 0 [pid 5744] <... munmap resumed>) = 0 [pid 5744] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5742] ioctl(4, LOOP_CLR_FD [pid 5744] ioctl(4, LOOP_SET_FD, 3 [pid 5742] <... ioctl resumed>) = 0 [pid 5742] close(4) = 0 [pid 5742] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 99.255158][ T5742] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/25/bus supports timestamps until 2038 (0x7fffffff) [ 99.257097][ T5741] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 99.275146][ T5084] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.290015][ T5744] loop2: detected capacity change from 0 to 2048 [pid 5742] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5744] <... ioctl resumed>) = 0 [pid 5739] <... futex resumed>) = 0 [pid 5739] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] close(3 [pid 5742] <... futex resumed>) = 0 [pid 5739] <... futex resumed>) = 1 [pid 5742] chdir("./file0" [pid 5739] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5742] <... chdir resumed>) = 0 [pid 5742] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5739] <... futex resumed>) = 0 [pid 5742] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5739] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5739] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5742] <... openat resumed>) = 4 [pid 5742] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5739] <... futex resumed>) = 0 [pid 5739] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5739] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5742] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5741] <... mount resumed>) = 0 [pid 5741] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5744] <... close resumed>) = 0 [pid 5741] <... openat resumed>) = 3 [pid 5744] mkdir("./bus", 0777) = 0 [pid 5741] chdir("./bus" [pid 5744] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5741] <... chdir resumed>) = 0 [pid 5741] ioctl(4, LOOP_CLR_FD) = 0 [ 99.294177][ T5118] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [ 99.311277][ T5741] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/24/bus supports timestamps until 2038 (0x7fffffff) [pid 5741] close(4 [pid 5742] <... write resumed>) = 262144 [pid 5739] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5739] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5742] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] <... close resumed>) = 0 [pid 5739] <... futex resumed>) = 0 [pid 5739] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f56518a1000 [pid 5739] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5739] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5749 attached [pid 5742] <... futex resumed>) = 0 [pid 5741] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] <... clone resumed>, parent_tid=[5749], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 5749 [pid 5742] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5741] <... futex resumed>) = 1 [pid 5740] <... futex resumed>) = 0 [pid 5739] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [ 99.345089][ T5118] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 99.357883][ T5118] EXT4-fs (loop1): This should not happen!! Data will be lost [ 99.357883][ T5118] [ 99.369051][ T5118] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [pid 5740] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] <... futex resumed>) = 0 [pid 5081] <... umount2 resumed>) = 0 [pid 5740] <... futex resumed>) = 0 [pid 5739] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5741] chdir("./file0" [pid 5749] set_robust_list(0x7f56518c19e0, 24 [pid 5740] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5749] <... set_robust_list resumed>) = 0 [pid 5741] <... chdir resumed>) = 0 [pid 5081] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5749] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5741] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5749] <... mmap resumed>) = 0x20000000 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5749] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] lstat("./24/bus", [pid 5749] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5739] <... futex resumed>) = 0 [pid 5741] <... futex resumed>) = 1 [pid 5740] <... futex resumed>) = 0 [pid 5739] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5081] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5081] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5081] close(4) = 0 [pid 5081] rmdir("./24/bus") = 0 [pid 5081] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5081] close(3) = 0 [pid 5081] rmdir("./24") = 0 [pid 5081] mkdir("./25", 0777) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5081] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5081] close(3 [pid 5744] <... mount resumed>) = 0 [pid 5742] <... futex resumed>) = 0 [pid 5741] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5740] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] <... futex resumed>) = 1 [pid 5081] <... close resumed>) = 0 [pid 5744] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [ 99.394083][ T5118] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 99.419203][ T5082] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.429382][ T5744] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 99.441622][ T5744] ext4 filesystem being mounted at /root/syzkaller.22hR0w/25/bus supports timestamps until 2038 (0x7fffffff) [pid 5742] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 5740] <... futex resumed>) = 0 [pid 5739] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5742] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5742] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... umount2 resumed>) = 0 [pid 5740] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5739] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5739] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5742] <... futex resumed>) = 0 [pid 5739] <... futex resumed>) = 1 [pid 5742] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5752 [pid 5742] <... mount resumed>) = 0 [pid 5742] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] <... openat resumed>) = 4 [pid 5739] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5744] <... openat resumed>) = 3 [pid 5742] <... futex resumed>) = 0 [pid 5739] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5741] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] chdir("./bus" [pid 5742] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5739] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5741] <... futex resumed>) = 1 [pid 5744] <... chdir resumed>) = 0 [pid 5740] <... futex resumed>) = 0 [pid 5744] ioctl(4, LOOP_CLR_FD [pid 5742] <... futex resumed>) = 0 [pid 5741] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5740] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] <... futex resumed>) = 1 [pid 5084] lstat("./25/bus", ./strace-static-x86_64: Process 5752 attached [pid 5744] <... ioctl resumed>) = 0 [pid 5742] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5740] <... futex resumed>) = 0 [pid 5739] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... umount2 resumed>) = 0 [pid 5752] set_robust_list(0x555556f1a5e0, 24 [pid 5744] close(4 [pid 5742] <... open resumed>) = 6 [pid 5741] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5740] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5752] <... set_robust_list resumed>) = 0 [pid 5744] <... close resumed>) = 0 [pid 5742] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] <... write resumed>) = 262144 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5752] chdir("./25" [pid 5744] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5742] <... futex resumed>) = 1 [pid 5739] <... futex resumed>) = 0 [ 99.460902][ T27] audit: type=1800 audit(1678856050.865:152): pid=5742 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop5" ino=19 res=0 errno=0 [pid 5084] openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] lstat("./24/bus", [pid 5752] <... chdir resumed>) = 0 [pid 5744] <... futex resumed>) = 1 [pid 5743] <... futex resumed>) = 0 [pid 5742] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5739] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... openat resumed>) = 4 [pid 5082] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5752] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5744] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5742] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5739] <... futex resumed>) = 0 [pid 5084] fstat(4, [pid 5082] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5752] <... prctl resumed>) = 0 [pid 5744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5743] <... futex resumed>) = 0 [pid 5742] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5741] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5752] setpgid(0, 0 [pid 5744] chdir("./file0" [pid 5743] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5741] <... futex resumed>) = 1 [pid 5740] <... futex resumed>) = 0 [pid 5084] getdents64(4, [pid 5082] openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5752] <... setpgid resumed>) = 0 [pid 5741] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5740] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5082] <... openat resumed>) = 4 [pid 5752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5741] <... mmap resumed>) = 0x20000000 [pid 5740] <... futex resumed>) = 0 [pid 5084] getdents64(4, [pid 5744] <... chdir resumed>) = 0 [pid 5082] fstat(4, [pid 5752] <... openat resumed>) = 3 [pid 5744] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5740] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5752] write(3, "1000", 4 [pid 5744] <... futex resumed>) = 1 [pid 5743] <... futex resumed>) = 0 [pid 5741] <... futex resumed>) = 0 [pid 5740] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] close(4 [pid 5082] getdents64(4, [pid 5752] <... write resumed>) = 4 [pid 5744] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5740] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... close resumed>) = 0 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5752] close(3 [pid 5744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5743] <... futex resumed>) = 0 [pid 5741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5740] <... futex resumed>) = 0 [pid 5084] rmdir("./25/bus" [pid 5082] getdents64(4, [pid 5752] <... close resumed>) = 0 [pid 5744] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5743] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5742] <... write resumed>) = 262144 [pid 5741] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5740] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... rmdir resumed>) = 0 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5752] symlink("/dev/binderfs", "./binderfs" [pid 5744] <... openat resumed>) = 4 [pid 5742] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] <... open resumed>) = 5 [pid 5084] getdents64(3, [pid 5082] close(4 [pid 5752] <... symlink resumed>) = 0 [pid 5744] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] <... close resumed>) = 0 [pid 5752] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] <... futex resumed>) = 1 [pid 5743] <... futex resumed>) = 0 [pid 5741] <... futex resumed>) = 1 [pid 5740] <... futex resumed>) = 0 [pid 5084] close(3 [pid 5082] rmdir("./24/bus" [pid 5752] <... futex resumed>) = 0 [pid 5744] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5742] <... futex resumed>) = 1 [pid 5741] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5740] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] <... futex resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 5082] <... rmdir resumed>) = 0 [pid 5752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5743] <... futex resumed>) = 0 [pid 5742] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5740] <... futex resumed>) = 0 [pid 5739] exit_group(0 [pid 5084] rmdir("./25" [pid 5082] getdents64(3, [pid 5752] <... mmap resumed>) = 0x7f5659bc2000 [pid 5749] <... futex resumed>) = ? [pid 5744] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5743] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5742] <... futex resumed>) = ? [pid 5741] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 5740] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5739] <... exit_group resumed>) = ? [pid 5084] <... rmdir resumed>) = 0 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5752] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5749] +++ exited with 0 +++ [pid 5744] <... write resumed>) = 262144 [pid 5742] +++ exited with 0 +++ [pid 5741] <... mount resumed>) = 0 [pid 5084] mkdir("./26", 0777 [pid 5752] <... mprotect resumed>) = 0 [pid 5744] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] +++ exited with 0 +++ [pid 5082] close(3 [pid 5752] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5744] <... futex resumed>) = 1 [pid 5743] <... futex resumed>) = 0 [pid 5741] <... futex resumed>) = 1 [pid 5740] <... futex resumed>) = 0 [pid 5084] <... mkdir resumed>) = 0 [pid 5082] <... close resumed>) = 0 [pid 5744] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5743] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5740] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] rmdir("./24" [pid 5752] <... clone resumed>, parent_tid=[5753], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5753 [pid 5744] <... mmap resumed>) = 0x20000000 [pid 5743] <... futex resumed>) = 0 [pid 5741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5740] <... futex resumed>) = 0 [pid 5082] <... rmdir resumed>) = 0 [pid 5752] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5743] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5741] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5740] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] mkdir("./25", 0777 [pid 5752] <... futex resumed>) = 0 [pid 5744] <... futex resumed>) = 0 [pid 5743] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5741] <... open resumed>) = 6 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5082] <... mkdir resumed>) = 0 [pid 5752] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 99.543461][ T27] audit: type=1800 audit(1678856050.945:153): pid=5741 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop4" ino=19 res=0 errno=0 [pid 5744] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5743] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... openat resumed>) = 3 [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 5753 attached [pid 5744] <... open resumed>) = 5 [pid 5743] <... futex resumed>) = 0 [pid 5741] <... futex resumed>) = 1 [pid 5740] <... futex resumed>) = 0 [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5739, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5082] <... openat resumed>) = 3 [pid 5753] set_robust_list(0x7f5659be29e0, 24 [pid 5744] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5743] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5741] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5740] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5082] ioctl(3, LOOP_CLR_FD [pid 5753] <... set_robust_list resumed>) = 0 [pid 5744] <... futex resumed>) = 0 [pid 5743] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5740] <... futex resumed>) = 0 [pid 5084] close(3 [pid 5082] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5753] memfd_create("syzkaller", 0 [pid 5744] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5740] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... close resumed>) = 0 [pid 5082] close(3 [pid 5753] <... memfd_create resumed>) = 3 [pid 5744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5743] <... futex resumed>) = 0 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5082] <... close resumed>) = 0 [pid 5753] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5744] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 5743] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5753] <... mmap resumed>) = 0x7f56517c2000 [pid 5744] <... mount resumed>) = 0 [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5754 [pid 5753] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5744] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] <... write resumed>) = 262144 [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5755 [pid 5744] <... futex resumed>) = 1 [pid 5743] <... futex resumed>) = 0 [pid 5741] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5741] <... futex resumed>) = 1 [pid 5740] <... futex resumed>) = 0 [pid 5744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5743] <... futex resumed>) = 0 [pid 5741] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5740] exit_group(0 [pid 5744] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5743] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5741] <... futex resumed>) = ? [pid 5740] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 5754 attached [pid 5744] <... open resumed>) = 6 [pid 5741] +++ exited with 0 +++ [pid 5740] +++ exited with 0 +++ [pid 5086] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5755 attached [pid 5754] set_robust_list(0x555556f1a5e0, 24 [pid 5744] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5740, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5754] <... set_robust_list resumed>) = 0 [pid 5744] <... futex resumed>) = 1 [pid 5743] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] restart_syscall(<... resuming interrupted clone ...> [pid 5754] chdir("./26" [pid 5744] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5085] <... restart_syscall resumed>) = 0 [pid 5754] <... chdir resumed>) = 0 [pid 5744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5743] <... futex resumed>) = 0 [pid 5754] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5744] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5743] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... openat resumed>) = 3 [pid 5755] set_robust_list(0x555556f1a5e0, 24 [pid 5754] <... prctl resumed>) = 0 [ 99.603201][ T27] audit: type=1800 audit(1678856051.005:154): pid=5744 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop2" ino=19 res=0 errno=0 [pid 5085] umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5755] <... set_robust_list resumed>) = 0 [pid 5754] setpgid(0, 0 [pid 5753] <... write resumed>) = 1048576 [pid 5086] fstat(3, [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5754] <... setpgid resumed>) = 0 [pid 5744] <... write resumed>) = 262144 [pid 5085] openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5744] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... openat resumed>) = 3 [pid 5755] chdir("./25" [pid 5754] <... openat resumed>) = 3 [pid 5744] <... futex resumed>) = 1 [pid 5743] <... futex resumed>) = 0 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] fstat(3, [pid 5755] <... chdir resumed>) = 0 [pid 5754] write(3, "1000", 4 [pid 5744] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5743] exit_group(0 [pid 5086] getdents64(3, [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5755] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5754] <... write resumed>) = 4 [pid 5744] <... futex resumed>) = ? [pid 5743] <... exit_group resumed>) = ? [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5085] getdents64(3, [pid 5755] <... prctl resumed>) = 0 [pid 5754] close(3 [pid 5744] +++ exited with 0 +++ [pid 5743] +++ exited with 0 +++ [pid 5086] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5755] setpgid(0, 0 [pid 5754] <... close resumed>) = 0 [pid 5753] munmap(0x7f56517c2000, 1048576 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5743, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5755] <... setpgid resumed>) = 0 [pid 5754] symlink("/dev/binderfs", "./binderfs" [pid 5753] <... munmap resumed>) = 0 [pid 5086] lstat("./25/binderfs", [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] restart_syscall(<... resuming interrupted clone ...> [pid 5755] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5754] <... symlink resumed>) = 0 [pid 5753] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] lstat("./24/binderfs", [pid 5083] <... restart_syscall resumed>) = 0 [pid 5755] <... openat resumed>) = 3 [pid 5086] unlink("./25/binderfs" [pid 5755] write(3, "1000", 4 [pid 5086] <... unlink resumed>) = 0 [pid 5755] <... write resumed>) = 4 [pid 5086] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5755] close(3) = 0 [pid 5755] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5755] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5754] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5753] <... openat resumed>) = 4 [pid 5755] <... mmap resumed>) = 0x7f5659bc2000 [pid 5754] <... futex resumed>) = 0 [pid 5753] ioctl(4, LOOP_SET_FD, 3 [pid 5085] unlink("./24/binderfs" [pid 5755] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5755] <... mprotect resumed>) = 0 [pid 5755] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5756], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5756 [pid 5755] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5755] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5756 attached [pid 5756] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 5756] memfd_create("syzkaller", 0) = 3 [pid 5085] <... unlink resumed>) = 0 [pid 5083] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5754] <... mmap resumed>) = 0x7f5659bc2000 [pid 5085] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5754] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5083] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5754] <... mprotect resumed>) = 0 [pid 5083] <... openat resumed>) = 3 [pid 5083] fstat(3, [pid 5754] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5756] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5083] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5754] <... clone resumed>, parent_tid=[5757], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5757 [pid 5083] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5754] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5754] <... futex resumed>) = 0 [pid 5083] lstat("./25/binderfs", [pid 5754] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 99.697621][ T9] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 99.713127][ T5753] loop0: detected capacity change from 0 to 2048 [ 99.723809][ T5118] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 99.733775][ T9] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5083] unlink("./25/binderfs" [pid 5753] <... ioctl resumed>) = 0 [pid 5083] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 5757 attached [pid 5083] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5757] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 5753] close(3) = 0 [pid 5753] mkdir("./bus", 0777) = 0 [pid 5753] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5757] memfd_create("syzkaller", 0) = 3 [pid 5757] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5756] <... write resumed>) = 1048576 [pid 5756] munmap(0x7f56517c2000, 1048576) = 0 [pid 5756] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 99.756353][ T5118] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 99.760267][ T9] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [ 99.779125][ T75] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5756] ioctl(4, LOOP_SET_FD, 3 [pid 5757] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5756] <... ioctl resumed>) = 0 [pid 5756] close(3) = 0 [pid 5756] mkdir("./bus", 0777) = 0 [ 99.802790][ T5756] loop1: detected capacity change from 0 to 2048 [ 99.818961][ T9] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 99.820163][ T75] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 99.837151][ T5756] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5756] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5757] <... write resumed>) = 1048576 [ 99.846767][ T5118] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [ 99.852801][ T9] EXT4-fs (loop5): This should not happen!! Data will be lost [ 99.852801][ T9] [ 99.875433][ T5756] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/25/bus supports timestamps until 2038 (0x7fffffff) [ 99.877112][ T5118] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5757] munmap(0x7f56517c2000, 1048576) = 0 [pid 5757] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 99.889542][ T5753] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 99.899772][ T5118] EXT4-fs (loop4): This should not happen!! Data will be lost [ 99.899772][ T5118] [ 99.919182][ T5757] loop3: detected capacity change from 0 to 2048 [ 99.923308][ T5118] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 99.928521][ T75] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [pid 5757] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5757] close(3) = 0 [pid 5757] mkdir("./bus", 0777) = 0 [pid 5757] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5756] <... mount resumed>) = 0 [pid 5756] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5756] chdir("./bus") = 0 [pid 5756] ioctl(4, LOOP_CLR_FD) = 0 [pid 5756] close(4) = 0 [pid 5756] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5755] <... futex resumed>) = 0 [pid 5756] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5755] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5756] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5755] <... futex resumed>) = 0 [pid 5756] chdir("./file0" [ 99.942866][ T9] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 99.969481][ T5118] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 99.986331][ T5085] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5755] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5756] <... chdir resumed>) = 0 [pid 5756] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5755] <... futex resumed>) = 0 [pid 5756] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5755] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5756] <... openat resumed>) = 4 [pid 5755] <... futex resumed>) = 0 [pid 5756] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5755] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5756] <... futex resumed>) = 0 [pid 5755] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5756] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5755] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5755] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5756] <... write resumed>) = 262144 [pid 5756] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5755] <... futex resumed>) = 0 [pid 5755] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 99.996328][ T5753] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/25/bus supports timestamps until 2038 (0x7fffffff) [ 100.020292][ T9] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 100.043029][ T75] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5755] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5756] <... futex resumed>) = 1 [pid 5756] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5085] <... umount2 resumed>) = 0 [pid 5755] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5755] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f56518a1000 [pid 5755] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5755] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5764], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 5764 [pid 5755] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5764 attached [ 100.046792][ T5086] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.059167][ T75] EXT4-fs (loop2): This should not happen!! Data will be lost [ 100.059167][ T75] [ 100.067051][ T5757] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5755] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] <... mount resumed>) = 0 [pid 5085] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5756] <... mmap resumed>) = 0x20000000 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5756] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] lstat("./24/bus", [pid 5756] <... futex resumed>) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5764] set_robust_list(0x7f56518c19e0, 24 [pid 5757] <... mount resumed>) = 0 [pid 5756] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5753] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5085] umount2("./24/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5764] <... set_robust_list resumed>) = 0 [pid 5757] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5753] <... openat resumed>) = 3 [pid 5086] <... umount2 resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 100.102149][ T5757] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/26/bus supports timestamps until 2038 (0x7fffffff) [ 100.116006][ T75] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 100.132328][ T27] audit: type=1800 audit(1678856051.535:155): pid=5764 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop1" ino=19 res=0 errno=0 [pid 5764] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5757] <... openat resumed>) = 3 [pid 5753] chdir("./bus" [pid 5085] openat(AT_FDCWD, "./24/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5764] <... open resumed>) = 5 [pid 5086] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5086] close(4 [pid 5757] chdir("./bus" [pid 5753] <... chdir resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5086] rmdir("./25/bus" [pid 5757] <... chdir resumed>) = 0 [pid 5086] <... rmdir resumed>) = 0 [pid 5086] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./25") = 0 [pid 5086] mkdir("./26", 0777) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5086] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5086] close(3 [pid 5755] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5755] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... close resumed>) = 0 [pid 5755] <... futex resumed>) = 1 [pid 5753] ioctl(4, LOOP_CLR_FD [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5755] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5757] ioctl(4, LOOP_CLR_FD [pid 5753] <... ioctl resumed>) = 0 [pid 5764] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5757] <... ioctl resumed>) = 0 [pid 5756] <... futex resumed>) = 0 [pid 5753] close(4 [pid 5085] <... openat resumed>) = 4 [pid 5764] <... futex resumed>) = 0 [pid 5757] close(4 [pid 5753] <... close resumed>) = 0 [pid 5085] fstat(4, [pid 5764] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5757] <... close resumed>) = 0 [pid 5756] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5753] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 ./strace-static-x86_64: Process 5765 attached [pid 5757] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5756] <... mount resumed>) = 0 [pid 5753] <... futex resumed>) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5765 [pid 5085] getdents64(4, [pid 5765] set_robust_list(0x555556f1a5e0, 24 [pid 5757] <... futex resumed>) = 1 [pid 5756] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5754] <... futex resumed>) = 0 [pid 5753] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5752] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5765] <... set_robust_list resumed>) = 0 [pid 5757] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5756] <... futex resumed>) = 1 [pid 5755] <... futex resumed>) = 0 [pid 5753] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] getdents64(4, [pid 5765] chdir("./26" [pid 5756] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5755] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] chdir("./file0" [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5765] <... chdir resumed>) = 0 [pid 5756] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5755] <... futex resumed>) = 0 [pid 5754] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] <... chdir resumed>) = 0 [pid 5752] <... futex resumed>) = 0 [pid 5085] close(4 [pid 5765] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5757] <... futex resumed>) = 0 [pid 5756] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5755] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5754] <... futex resumed>) = 1 [pid 5753] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5752] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... close resumed>) = 0 [pid 5765] <... prctl resumed>) = 0 [pid 5757] chdir("./file0" [pid 5756] <... open resumed>) = 6 [pid 5754] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] <... futex resumed>) = 0 [pid 5752] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] rmdir("./24/bus" [pid 5765] setpgid(0, 0 [pid 5757] <... chdir resumed>) = 0 [pid 5756] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5752] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... rmdir resumed>) = 0 [pid 5765] <... setpgid resumed>) = 0 [pid 5757] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5756] <... futex resumed>) = 1 [pid 5755] <... futex resumed>) = 0 [pid 5753] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5752] <... futex resumed>) = 0 [pid 5085] getdents64(3, [pid 5765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5757] <... futex resumed>) = 1 [pid 5756] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5755] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5754] <... futex resumed>) = 0 [pid 5753] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5752] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5765] <... openat resumed>) = 3 [pid 5757] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5756] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5755] <... futex resumed>) = 0 [pid 5754] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] <... openat resumed>) = 4 [pid 5085] close(3 [pid 5765] write(3, "1000", 4 [pid 5757] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5756] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5755] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5754] <... futex resumed>) = 0 [pid 5753] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... close resumed>) = 0 [ 100.153610][ T75] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 100.181758][ T5083] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5765] <... write resumed>) = 4 [pid 5757] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5754] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] <... futex resumed>) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5085] rmdir("./24" [pid 5765] close(3 [pid 5757] <... openat resumed>) = 4 [pid 5756] <... write resumed>) = 262144 [pid 5753] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5752] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... rmdir resumed>) = 0 [pid 5765] <... close resumed>) = 0 [pid 5757] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5756] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5752] <... futex resumed>) = 0 [pid 5085] mkdir("./25", 0777 [pid 5765] symlink("/dev/binderfs", "./binderfs" [pid 5757] <... futex resumed>) = 1 [pid 5756] <... futex resumed>) = 1 [pid 5755] <... futex resumed>) = 0 [pid 5754] <... futex resumed>) = 0 [pid 5753] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5752] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... mkdir resumed>) = 0 [pid 5083] <... umount2 resumed>) = 0 [pid 5765] <... symlink resumed>) = 0 [pid 5757] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5756] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5755] exit_group(0 [pid 5754] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5083] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5765] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5764] <... futex resumed>) = ? [pid 5757] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5756] <... futex resumed>) = ? [pid 5755] <... exit_group resumed>) = ? [pid 5754] <... futex resumed>) = 0 [pid 5753] <... write resumed>) = 262144 [pid 5085] <... openat resumed>) = 3 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5765] <... futex resumed>) = 0 [pid 5764] +++ exited with 0 +++ [pid 5757] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5756] +++ exited with 0 +++ [pid 5754] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] ioctl(3, LOOP_CLR_FD [pid 5083] lstat("./25/bus", [pid 5765] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5755] +++ exited with 0 +++ [pid 5765] <... mmap resumed>) = 0x7f5659bc2000 [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5755, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5765] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5765] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5766], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5766 [pid 5765] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5765] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5082] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5082] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] unlink("./25/binderfs") = 0 [pid 5082] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5753] <... futex resumed>) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5753] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5752] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] close(3 [pid 5083] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5753] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5752] <... futex resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5753] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5752] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5766 attached [pid 5757] <... write resumed>) = 262144 [pid 5753] <... mmap resumed>) = 0x20000000 [pid 5766] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 5083] openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5753] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] memfd_create("syzkaller", 0) = 3 [pid 5766] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5083] <... openat resumed>) = 4 [pid 5753] <... futex resumed>) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5753] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] fstat(4, [pid 5757] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5752] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5752] <... futex resumed>) = 0 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5752] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5767 attached [pid 5753] <... open resumed>) = 5 [pid 5757] <... futex resumed>) = 1 [pid 5754] <... futex resumed>) = 0 [pid 5083] getdents64(4, [pid 5757] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5767 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5757] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5754] <... futex resumed>) = 0 [pid 5083] getdents64(4, [pid 5757] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5754] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] <... futex resumed>) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5767] set_robust_list(0x555556f1a5e0, 24 [pid 5766] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5757] <... mmap resumed>) = 0x20000000 [pid 5752] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5752] <... futex resumed>) = 0 [pid 5083] close(4 [pid 5757] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5752] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... close resumed>) = 0 [pid 5767] <... set_robust_list resumed>) = 0 [pid 5757] <... futex resumed>) = 1 [pid 5754] <... futex resumed>) = 0 [pid 5753] <... mount resumed>) = 0 [pid 5083] rmdir("./25/bus" [pid 5767] chdir("./25" [pid 5757] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] <... chdir resumed>) = 0 [pid 5083] <... rmdir resumed>) = 0 [pid 5767] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5767] setpgid(0, 0) = 0 [ 100.291608][ T9] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 100.307051][ T9] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5767] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5757] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5754] <... futex resumed>) = 0 [pid 5753] <... futex resumed>) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5083] getdents64(3, [pid 5767] write(3, "1000", 4) = 4 [pid 5767] close(3) = 0 [pid 5767] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5767] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5767] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5767] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5767] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5768], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5768 [pid 5767] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5767] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5768 attached [pid 5766] <... write resumed>) = 1048576 [pid 5757] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5754] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5752] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5768] set_robust_list(0x7f5659be29e0, 24 [pid 5757] <... open resumed>) = 5 [pid 5753] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5752] <... futex resumed>) = 0 [pid 5083] close(3 [pid 5768] <... set_robust_list resumed>) = 0 [pid 5766] munmap(0x7f56517c2000, 1048576 [pid 5757] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5752] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... close resumed>) = 0 [pid 5768] memfd_create("syzkaller", 0 [pid 5766] <... munmap resumed>) = 0 [pid 5766] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5766] ioctl(4, LOOP_SET_FD, 3 [pid 5768] <... memfd_create resumed>) = 3 [pid 5757] <... futex resumed>) = 1 [pid 5754] <... futex resumed>) = 0 [pid 5753] <... open resumed>) = 6 [pid 5083] rmdir("./25" [pid 5766] <... ioctl resumed>) = 0 [pid 5766] close(3) = 0 [pid 5766] mkdir("./bus", 0777) = 0 [pid 5766] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5768] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5757] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... rmdir resumed>) = 0 [pid 5768] <... mmap resumed>) = 0x7f56517c2000 [pid 5757] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5754] <... futex resumed>) = 0 [pid 5753] <... futex resumed>) = 1 [pid 5752] <... futex resumed>) = 0 [pid 5754] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] mkdir("./26", 0777 [pid 5757] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 5768] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5752] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... mkdir resumed>) = 0 [pid 5753] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5757] <... mount resumed>) = 0 [pid 5752] <... futex resumed>) = 0 [ 100.357514][ T9] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [ 100.371054][ T9] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 100.373363][ T5766] loop5: detected capacity change from 0 to 2048 [ 100.385282][ T9] EXT4-fs (loop1): This should not happen!! Data will be lost [ 100.385282][ T9] [pid 5768] <... write resumed>) = 1048576 [pid 5757] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5752] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5757] <... futex resumed>) = 1 [pid 5083] <... openat resumed>) = 3 [pid 5768] munmap(0x7f56517c2000, 1048576 [pid 5757] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] <... futex resumed>) = 0 [pid 5753] <... write resumed>) = 262144 [pid 5083] ioctl(3, LOOP_CLR_FD [pid 5768] <... munmap resumed>) = 0 [pid 5754] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5083] close(3) = 0 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 5771 [pid 5757] <... futex resumed>) = 0 [pid 5754] <... futex resumed>) = 1 [pid 5753] <... futex resumed>) = 1 [pid 5757] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5754] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5752] <... futex resumed>) = 0 [pid 5768] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5757] <... open resumed>) = 6 [pid 5757] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5757] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5771 attached [ 100.413519][ T9] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 100.432195][ T9] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 100.449087][ T5766] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5771] set_robust_list(0x555556f1a5e0, 24 [pid 5768] <... openat resumed>) = 4 [pid 5754] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5752] exit_group(0 [pid 5771] <... set_robust_list resumed>) = 0 [pid 5771] chdir("./26") = 0 [pid 5771] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5771] setpgid(0, 0) = 0 [pid 5771] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5768] ioctl(4, LOOP_SET_FD, 3 [pid 5754] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5753] <... futex resumed>) = ? [pid 5752] <... exit_group resumed>) = ? [pid 5771] write(3, "1000", 4 [pid 5766] <... mount resumed>) = 0 [pid 5771] <... write resumed>) = 4 [pid 5771] close(3) = 0 [pid 5757] <... futex resumed>) = 0 [pid 5754] <... futex resumed>) = 1 [pid 5753] +++ exited with 0 +++ [pid 5771] symlink("/dev/binderfs", "./binderfs" [pid 5757] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5752] +++ exited with 0 +++ [pid 5771] <... symlink resumed>) = 0 [pid 5771] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5752, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5771] <... futex resumed>) = 0 [pid 5766] <... openat resumed>) = 3 [pid 5081] restart_syscall(<... resuming interrupted clone ...> [pid 5771] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5768] <... ioctl resumed>) = 0 [pid 5766] chdir("./bus" [pid 5757] <... write resumed>) = 262144 [pid 5081] <... restart_syscall resumed>) = 0 [pid 5771] <... mmap resumed>) = 0x7f5659bc2000 [pid 5766] <... chdir resumed>) = 0 [pid 5771] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5766] ioctl(4, LOOP_CLR_FD [pid 5757] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... mprotect resumed>) = 0 [pid 5768] close(3 [pid 5766] <... ioctl resumed>) = 0 [pid 5754] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5771] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5768] <... close resumed>) = 0 [pid 5766] close(4 [pid 5757] <... futex resumed>) = 0 [pid 5754] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5768] mkdir("./bus", 0777 [pid 5766] <... close resumed>) = 0 [pid 5757] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] exit_group(0 [pid 5081] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5771] <... clone resumed>, parent_tid=[5772], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5772 [pid 5768] <... mkdir resumed>) = 0 [pid 5766] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5757] <... futex resumed>) = ? [pid 5754] <... exit_group resumed>) = ? [pid 5081] <... openat resumed>) = 3 [pid 5771] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5768] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5766] <... futex resumed>) = 1 [pid 5765] <... futex resumed>) = 0 [pid 5757] +++ exited with 0 +++ [pid 5754] +++ exited with 0 +++ [pid 5081] fstat(3, [pid 5771] <... futex resumed>) = 0 [pid 5766] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5765] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5754, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5771] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5766] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5765] <... futex resumed>) = 0 [pid 5084] restart_syscall(<... resuming interrupted clone ...> [pid 5081] getdents64(3, [ 100.467915][ T5766] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/26/bus supports timestamps until 2038 (0x7fffffff) [ 100.473144][ T5082] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.490362][ T5768] loop4: detected capacity change from 0 to 2048 [pid 5766] chdir("./file0" [pid 5765] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... restart_syscall resumed>) = 0 [pid 5082] <... umount2 resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 ./strace-static-x86_64: Process 5772 attached [pid 5766] <... chdir resumed>) = 0 [pid 5082] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5772] set_robust_list(0x7f5659be29e0, 24 [pid 5766] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5772] <... set_robust_list resumed>) = 0 [pid 5766] <... futex resumed>) = 1 [pid 5765] <... futex resumed>) = 0 [pid 5084] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] lstat("./25/binderfs", [pid 5772] memfd_create("syzkaller", 0 [pid 5766] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5765] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./25/bus", [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5772] <... memfd_create resumed>) = 3 [pid 5766] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5765] <... futex resumed>) = 0 [pid 5084] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] unlink("./25/binderfs" [pid 5772] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5766] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5765] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... openat resumed>) = 3 [pid 5082] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... unlink resumed>) = 0 [pid 5084] fstat(3, [pid 5081] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5084] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5766] <... openat resumed>) = 4 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5766] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] lstat("./26/binderfs", [pid 5772] <... mmap resumed>) = 0x7f56517c2000 [pid 5766] <... futex resumed>) = 1 [pid 5765] <... futex resumed>) = 0 [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5766] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5765] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] unlink("./26/binderfs" [pid 5766] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5765] <... futex resumed>) = 0 [pid 5084] <... unlink resumed>) = 0 [pid 5082] openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5766] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5765] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... openat resumed>) = 4 [pid 5082] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5082] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] close(4) = 0 [ 100.565712][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 100.579262][ T5118] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [pid 5082] rmdir("./25/bus") = 0 [pid 5765] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5765] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5772] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5765] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5082] getdents64(3, [pid 5765] <... mmap resumed>) = 0x7f56518a1000 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] close(3 [pid 5765] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 5082] <... close resumed>) = 0 [pid 5765] <... mprotect resumed>) = 0 [pid 5082] rmdir("./25" [pid 5765] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5766] <... write resumed>) = 262144 [pid 5082] <... rmdir resumed>) = 0 [pid 5765] <... clone resumed>, parent_tid=[5775], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 5775 [pid 5082] mkdir("./26", 0777 [pid 5765] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5766] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... mkdir resumed>) = 0 [pid 5766] <... futex resumed>) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5082] ioctl(3, LOOP_CLR_FD [pid 5766] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5082] close(3./strace-static-x86_64: Process 5775 attached [ 100.611650][ T5768] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 100.625423][ T9] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 100.630522][ T5118] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 100.642555][ T9] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [pid 5772] <... write resumed>) = 1048576 [pid 5082] <... close resumed>) = 0 [pid 5775] set_robust_list(0x7f56518c19e0, 24) = 0 [pid 5775] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5775] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5772] munmap(0x7f56517c2000, 1048576 [pid 5775] <... futex resumed>) = 1 [pid 5765] <... futex resumed>) = 0 [pid 5775] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5765] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] <... futex resumed>) = 0 [pid 5765] <... futex resumed>) = 1 [pid 5766] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5765] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5776 attached [pid 5772] <... munmap resumed>) = 0 [pid 5768] <... mount resumed>) = 0 [pid 5766] <... open resumed>) = 5 [pid 5776] set_robust_list(0x555556f1a5e0, 24 [pid 5772] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5768] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5776 [pid 5776] <... set_robust_list resumed>) = 0 [pid 5772] <... openat resumed>) = 4 [pid 5768] <... openat resumed>) = 3 [pid 5776] chdir("./26" [pid 5772] ioctl(4, LOOP_SET_FD, 3 [pid 5768] chdir("./bus" [pid 5776] <... chdir resumed>) = 0 [pid 5772] <... ioctl resumed>) = 0 [pid 5768] <... chdir resumed>) = 0 [pid 5766] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5776] prctl(PR_SET_PDEATHSIG, SIGKILL [ 100.677822][ T5768] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/25/bus supports timestamps until 2038 (0x7fffffff) [ 100.695007][ T5118] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [ 100.705147][ T5772] loop2: detected capacity change from 0 to 2048 [ 100.708283][ T9] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5772] close(3 [pid 5768] ioctl(4, LOOP_CLR_FD [pid 5766] <... futex resumed>) = 1 [pid 5776] <... prctl resumed>) = 0 [pid 5772] <... close resumed>) = 0 [pid 5768] <... ioctl resumed>) = 0 [pid 5766] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5776] setpgid(0, 0 [pid 5772] mkdir("./bus", 0777 [pid 5768] close(4 [pid 5776] <... setpgid resumed>) = 0 [pid 5772] <... mkdir resumed>) = 0 [pid 5768] <... close resumed>) = 0 [pid 5765] <... futex resumed>) = 0 [pid 5776] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5772] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5768] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5776] <... openat resumed>) = 3 [pid 5765] <... futex resumed>) = 1 [pid 5765] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5776] write(3, "1000", 4 [pid 5768] <... futex resumed>) = 1 [pid 5767] <... futex resumed>) = 0 [pid 5766] <... futex resumed>) = 0 [pid 5776] <... write resumed>) = 4 [pid 5768] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5767] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5776] close(3 [pid 5768] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5767] <... futex resumed>) = 0 [pid 5767] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5766] <... mount resumed>) = 0 [pid 5776] <... close resumed>) = 0 [pid 5768] chdir("./file0" [pid 5766] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5776] symlink("/dev/binderfs", "./binderfs" [pid 5768] <... chdir resumed>) = 0 [pid 5776] <... symlink resumed>) = 0 [pid 5768] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] <... futex resumed>) = 1 [pid 5765] <... futex resumed>) = 0 [pid 5776] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5768] <... futex resumed>) = 1 [pid 5767] <... futex resumed>) = 0 [pid 5766] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5765] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5776] <... futex resumed>) = 0 [pid 5768] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5767] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] <... open resumed>) = 6 [pid 5765] <... futex resumed>) = 0 [ 100.726958][ T5118] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 100.748758][ T5118] EXT4-fs (loop3): This should not happen!! Data will be lost [ 100.748758][ T5118] [ 100.762656][ T9] EXT4-fs (loop0): This should not happen!! Data will be lost [ 100.762656][ T9] [pid 5776] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5768] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5767] <... futex resumed>) = 0 [pid 5766] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5768] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5767] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5765] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5768] <... openat resumed>) = 4 [pid 5765] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5776] <... mmap resumed>) = 0x7f5659bc2000 [pid 5768] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] <... futex resumed>) = 0 [pid 5765] <... futex resumed>) = 0 [pid 5768] <... futex resumed>) = 1 [pid 5767] <... futex resumed>) = 0 [pid 5765] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5768] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5767] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5768] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5767] <... futex resumed>) = 0 [pid 5768] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5767] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5768] <... write resumed>) = 262144 [pid 5768] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] <... futex resumed>) = 0 [pid 5767] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 100.775866][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 100.791895][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 100.793112][ T5118] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [pid 5767] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5776] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5766] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5776] <... mprotect resumed>) = 0 [pid 5768] <... futex resumed>) = 1 [pid 5776] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5779], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5779 ./strace-static-x86_64: Process 5779 attached [pid 5776] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5776] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5768] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 5768] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] set_robust_list(0x7f5659be29e0, 24 [pid 5768] <... futex resumed>) = 1 [pid 5765] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5779] <... set_robust_list resumed>) = 0 [pid 5768] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5767] <... futex resumed>) = 0 [pid 5766] <... write resumed>) = 262144 [pid 5779] memfd_create("syzkaller", 0 [pid 5768] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5767] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5768] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5766] <... futex resumed>) = 0 [pid 5768] <... open resumed>) = 5 [pid 5766] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5768] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5768] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5772] <... mount resumed>) = 0 [pid 5772] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5772] chdir("./bus" [pid 5779] <... memfd_create resumed>) = 3 [pid 5779] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5767] <... futex resumed>) = 1 [pid 5768] <... futex resumed>) = 0 [pid 5767] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5765] exit_group(0 [pid 5779] <... mmap resumed>) = 0x7f56517c2000 [pid 5767] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5775] <... futex resumed>) = ? [pid 5768] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5766] <... futex resumed>) = ? [pid 5765] <... exit_group resumed>) = ? [pid 5767] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5768] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5766] +++ exited with 0 +++ [pid 5768] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5768] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5768] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5772] <... chdir resumed>) = 0 [pid 5772] ioctl(4, LOOP_CLR_FD [pid 5779] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5775] +++ exited with 0 +++ [pid 5768] <... futex resumed>) = 0 [pid 5767] <... futex resumed>) = 1 [pid 5768] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5772] <... ioctl resumed>) = 0 [pid 5772] close(4 [pid 5767] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5772] <... close resumed>) = 0 [pid 5772] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 100.820946][ T5118] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 100.821538][ T5772] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 100.848021][ T5772] ext4 filesystem being mounted at /root/syzkaller.22hR0w/26/bus supports timestamps until 2038 (0x7fffffff) [ 100.866801][ T5081] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5772] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5771] <... futex resumed>) = 0 [pid 5767] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5771] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5771] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5767] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5765] +++ exited with 0 +++ [pid 5767] <... futex resumed>) = 1 [pid 5772] <... futex resumed>) = 0 [pid 5768] <... futex resumed>) = 0 [pid 5767] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5772] chdir("./file0" [pid 5768] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5772] <... chdir resumed>) = 0 [pid 5768] <... open resumed>) = 6 [pid 5772] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5768] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5772] <... futex resumed>) = 1 [pid 5771] <... futex resumed>) = 0 [pid 5768] <... futex resumed>) = 1 [pid 5767] <... futex resumed>) = 0 [pid 5772] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5771] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5768] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5767] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5772] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5771] <... futex resumed>) = 0 [pid 5768] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5767] <... futex resumed>) = 0 [pid 5772] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5771] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5768] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5767] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5765, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5772] <... openat resumed>) = 4 [pid 5772] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5772] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5771] <... futex resumed>) = 0 [pid 5768] <... write resumed>) = 262144 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5771] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5768] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5772] <... futex resumed>) = 0 [pid 5771] <... futex resumed>) = 1 [pid 5768] <... futex resumed>) = 1 [pid 5767] <... futex resumed>) = 0 [pid 5086] <... openat resumed>) = 3 [pid 5772] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5771] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5768] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5767] exit_group(0 [pid 5086] fstat(3, [pid 5772] <... write resumed>) = 262144 [pid 5768] <... futex resumed>) = ? [ 100.900218][ T5084] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5767] <... exit_group resumed>) = ? [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] <... umount2 resumed>) = 0 [pid 5779] <... write resumed>) = 1048576 [pid 5768] +++ exited with 0 +++ [pid 5086] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5086] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5779] munmap(0x7f56517c2000, 1048576 [pid 5767] +++ exited with 0 +++ [pid 5086] lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5767, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5086] unlink("./26/binderfs" [pid 5779] <... munmap resumed>) = 0 [pid 5086] <... unlink resumed>) = 0 [pid 5084] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... umount2 resumed>) = 0 [pid 5779] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5086] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5779] <... openat resumed>) = 4 [pid 5085] umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5772] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5772] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] lstat("./25/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5081] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5081] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5081] close(4) = 0 [pid 5081] rmdir("./25/bus") = 0 [pid 5771] <... futex resumed>) = 0 [pid 5779] ioctl(4, LOOP_SET_FD, 3 [pid 5771] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] lstat("./26/bus", [pid 5081] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5081] close(3) = 0 [pid 5081] rmdir("./25") = 0 [pid 5081] mkdir("./26", 0777) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5772] <... futex resumed>) = 0 [pid 5771] <... futex resumed>) = 1 [pid 5085] openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5772] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5081] <... openat resumed>) = 3 [pid 5779] <... ioctl resumed>) = 0 [pid 5772] <... mmap resumed>) = 0x20000000 [pid 5771] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... openat resumed>) = 3 [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5772] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] ioctl(3, LOOP_CLR_FD [pid 5772] <... futex resumed>) = 0 [pid 5772] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5081] close(3) = 0 [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 5780 ./strace-static-x86_64: Process 5780 attached [pid 5780] set_robust_list(0x555556f1a5e0, 24 [pid 5771] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] fstat(3, [pid 5779] close(3 [pid 5771] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5779] <... close resumed>) = 0 [pid 5772] <... futex resumed>) = 0 [pid 5771] <... futex resumed>) = 1 [pid 5085] getdents64(3, [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5780] <... set_robust_list resumed>) = 0 [pid 5779] mkdir("./bus", 0777 [pid 5772] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5771] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [ 100.974227][ T75] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 100.989208][ T5779] loop1: detected capacity change from 0 to 2048 [pid 5084] openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5780] chdir("./26" [pid 5779] <... mkdir resumed>) = 0 [pid 5772] <... open resumed>) = 5 [pid 5085] umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] <... openat resumed>) = 4 [pid 5780] <... chdir resumed>) = 0 [pid 5779] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5772] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] fstat(4, [pid 5780] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5772] <... futex resumed>) = 1 [pid 5771] <... futex resumed>) = 0 [pid 5085] lstat("./25/binderfs", [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5780] <... prctl resumed>) = 0 [pid 5772] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5771] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5084] getdents64(4, [pid 5780] setpgid(0, 0 [pid 5772] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5771] <... futex resumed>) = 0 [pid 5085] unlink("./25/binderfs" [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5780] <... setpgid resumed>) = 0 [pid 5772] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 5771] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... unlink resumed>) = 0 [pid 5084] getdents64(4, [pid 5780] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5772] <... mount resumed>) = 0 [pid 5085] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5780] <... openat resumed>) = 3 [pid 5772] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] close(4 [pid 5780] write(3, "1000", 4 [pid 5772] <... futex resumed>) = 1 [pid 5780] <... write resumed>) = 4 [pid 5772] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5780] close(3) = 0 [pid 5780] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5780] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5780] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5780] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5780] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5781], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5781 [pid 5780] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5780] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5771] <... futex resumed>) = 0 [pid 5084] <... close resumed>) = 0 ./strace-static-x86_64: Process 5781 attached [pid 5771] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] rmdir("./26/bus" [pid 5772] <... futex resumed>) = 0 [pid 5771] <... futex resumed>) = 1 [pid 5781] set_robust_list(0x7f5659be29e0, 24 [pid 5772] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5771] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... rmdir resumed>) = 0 [pid 5781] <... set_robust_list resumed>) = 0 [pid 5772] <... open resumed>) = 6 [pid 5084] getdents64(3, [pid 5772] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5781] memfd_create("syzkaller", 0 [pid 5772] <... futex resumed>) = 1 [pid 5771] <... futex resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5781] <... memfd_create resumed>) = 3 [pid 5772] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5771] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] close(3 [pid 5781] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5772] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 101.015675][ T75] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 101.039011][ T5118] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 101.051441][ T75] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [pid 5772] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5781] <... mmap resumed>) = 0x7f56517c2000 [pid 5771] <... futex resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 5771] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] rmdir("./26") = 0 [pid 5772] <... write resumed>) = 262144 [pid 5084] mkdir("./27", 0777 [pid 5772] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5772] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5771] <... futex resumed>) = 0 [pid 5084] <... mkdir resumed>) = 0 [pid 5771] exit_group(0 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5772] <... futex resumed>) = ? [pid 5771] <... exit_group resumed>) = ? [pid 5084] <... openat resumed>) = 3 [pid 5772] +++ exited with 0 +++ [pid 5771] +++ exited with 0 +++ [pid 5084] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5084] close(3 [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5771, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5084] <... close resumed>) = 0 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5083] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5083] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5784 [pid 5083] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5083] lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5083] unlink("./26/binderfs"./strace-static-x86_64: Process 5784 attached ) = 0 [pid 5784] set_robust_list(0x555556f1a5e0, 24 [pid 5781] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5083] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5784] <... set_robust_list resumed>) = 0 [ 101.075176][ T5779] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 101.110973][ T75] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5784] chdir("./27" [ 101.125429][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 101.125620][ T5118] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 101.148484][ T5779] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/26/bus supports timestamps until 2038 (0x7fffffff) [ 101.148634][ T5118] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [pid 5779] <... mount resumed>) = 0 [pid 5779] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5779] chdir("./bus") = 0 [pid 5779] ioctl(4, LOOP_CLR_FD) = 0 [pid 5779] close(4 [pid 5784] <... chdir resumed>) = 0 [pid 5779] <... close resumed>) = 0 [pid 5784] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5779] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... prctl resumed>) = 0 [pid 5779] <... futex resumed>) = 1 [pid 5776] <... futex resumed>) = 0 [pid 5784] setpgid(0, 0 [pid 5779] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5776] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... setpgid resumed>) = 0 [pid 5779] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5776] <... futex resumed>) = 0 [pid 5784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5779] chdir("./file0" [pid 5776] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5784] <... openat resumed>) = 3 [pid 5779] <... chdir resumed>) = 0 [pid 5784] write(3, "1000", 4 [pid 5779] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... write resumed>) = 4 [pid 5779] <... futex resumed>) = 1 [pid 5776] <... futex resumed>) = 0 [pid 5784] close(3 [pid 5779] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5776] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... close resumed>) = 0 [pid 5779] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5776] <... futex resumed>) = 0 [pid 5779] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 101.190190][ T11] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 101.220510][ T11] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 101.224704][ T75] EXT4-fs (loop5): This should not happen!! Data will be lost [pid 5776] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5784] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5779] <... openat resumed>) = 4 [pid 5784] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5784] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5779] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... mprotect resumed>) = 0 [pid 5779] <... futex resumed>) = 1 [pid 5776] <... futex resumed>) = 0 [pid 5784] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5779] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5776] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] <... clone resumed>, parent_tid=[5785], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5785 [pid 5776] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5784] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5781] <... write resumed>) = 1048576 [pid 5784] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5781] munmap(0x7f56517c2000, 1048576./strace-static-x86_64: Process 5785 attached [pid 5785] set_robust_list(0x7f5659be29e0, 24 [pid 5781] <... munmap resumed>) = 0 [ 101.224704][ T75] [pid 5785] <... set_robust_list resumed>) = 0 [pid 5781] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5779] <... write resumed>) = 262144 [pid 5779] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5776] <... futex resumed>) = 0 [pid 5779] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5776] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] <... mmap resumed>) = 0x20000000 [pid 5776] <... futex resumed>) = 0 [pid 5776] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5779] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5776] <... futex resumed>) = 0 [pid 5779] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5776] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] <... open resumed>) = 5 [pid 5776] <... futex resumed>) = 0 [pid 5776] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5779] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5776] <... futex resumed>) = 0 [pid 5779] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5776] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] <... mount resumed>) = 0 [pid 5776] <... futex resumed>) = 0 [pid 5785] memfd_create("syzkaller", 0 [pid 5781] <... openat resumed>) = 4 [pid 5779] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5776] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5779] <... futex resumed>) = 0 [pid 5776] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5785] <... memfd_create resumed>) = 3 [pid 5781] ioctl(4, LOOP_SET_FD, 3 [pid 5779] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5776] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] <... open resumed>) = 6 [pid 5776] <... futex resumed>) = 0 [pid 5779] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5776] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5779] <... futex resumed>) = 0 [pid 5776] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 101.265552][ T11] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 101.270111][ T75] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 101.278886][ T5118] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 101.306908][ T11] EXT4-fs (loop2): This should not happen!! Data will be lost [pid 5779] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5776] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5785] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5776] <... futex resumed>) = 0 [pid 5776] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... mmap resumed>) = 0x7f56517c2000 [pid 5781] <... ioctl resumed>) = 0 [pid 5785] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5781] close(3 [pid 5779] <... write resumed>) = 262144 [pid 5779] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5776] <... futex resumed>) = 0 [pid 5779] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 101.306908][ T11] [ 101.318653][ T5781] loop0: detected capacity change from 0 to 2048 [ 101.320580][ T5118] EXT4-fs (loop4): This should not happen!! Data will be lost [ 101.320580][ T5118] [ 101.330102][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 101.335728][ T75] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5776] exit_group(0 [pid 5779] <... futex resumed>) = ? [pid 5776] <... exit_group resumed>) = ? [pid 5779] +++ exited with 0 +++ [pid 5776] +++ exited with 0 +++ [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5776, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5082] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5082] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5781] <... close resumed>) = 0 [pid 5082] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5781] mkdir("./bus", 0777 [pid 5082] <... openat resumed>) = 3 [pid 5082] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5781] <... mkdir resumed>) = 0 [pid 5082] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5781] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] unlink("./26/binderfs") = 0 [ 101.356363][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 101.387584][ T46] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 101.393316][ T5118] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [pid 5082] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5785] <... write resumed>) = 1048576 [pid 5785] munmap(0x7f56517c2000, 1048576) = 0 [pid 5785] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5785] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5785] close(3) = 0 [pid 5785] mkdir("./bus", 0777) = 0 [ 101.412479][ T5785] loop3: detected capacity change from 0 to 2048 [ 101.426737][ T46] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 101.437617][ T5118] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 101.443555][ T5083] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5785] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5781] <... mount resumed>) = 0 [ 101.453843][ T5781] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 101.462136][ T5086] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.471987][ T5781] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/26/bus supports timestamps until 2038 (0x7fffffff) [ 101.494077][ T46] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:3: mark_inode_dirty error [ 101.496386][ T5085] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5781] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5781] chdir("./bus") = 0 [ 101.508236][ T46] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 101.528082][ T46] EXT4-fs (loop1): This should not happen!! Data will be lost [ 101.528082][ T46] [ 101.539941][ T46] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [pid 5781] ioctl(4, LOOP_CLR_FD) = 0 [pid 5781] close(4 [pid 5086] <... umount2 resumed>) = 0 [pid 5083] <... umount2 resumed>) = 0 [pid 5781] <... close resumed>) = 0 [pid 5086] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5781] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5781] <... futex resumed>) = 1 [pid 5781] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5780] <... futex resumed>) = 0 [pid 5086] lstat("./26/bus", [ 101.554999][ T46] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [pid 5083] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5780] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5780] <... futex resumed>) = 1 [pid 5781] <... futex resumed>) = 0 [pid 5780] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... mount resumed>) = 0 [pid 5785] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5785] chdir("./bus") = 0 [pid 5785] ioctl(4, LOOP_CLR_FD) = 0 [pid 5785] close(4) = 0 [pid 5785] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... futex resumed>) = 0 [pid 5784] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... futex resumed>) = 1 [pid 5785] chdir("./file0") = 0 [pid 5785] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... futex resumed>) = 0 [pid 5784] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... futex resumed>) = 1 [pid 5785] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5781] chdir("./file0" [pid 5785] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5784] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5784] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5781] <... chdir resumed>) = 0 [pid 5086] openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5784] <... futex resumed>) = 0 [pid 5784] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... futex resumed>) = 1 [pid 5785] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5781] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... openat resumed>) = 4 [pid 5781] <... futex resumed>) = 1 [pid 5780] <... futex resumed>) = 0 [pid 5781] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5780] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5781] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5780] <... futex resumed>) = 0 [pid 5781] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5780] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5781] <... openat resumed>) = 4 [pid 5086] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./26/bus") = 0 [pid 5781] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] getdents64(3, [pid 5780] <... futex resumed>) = 0 [pid 5781] <... futex resumed>) = 1 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5780] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5780] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5781] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5086] close(3 [pid 5785] <... write resumed>) = 262144 [pid 5785] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... futex resumed>) = 0 [pid 5784] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... futex resumed>) = 1 [pid 5785] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 5785] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... futex resumed>) = 0 [pid 5784] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... futex resumed>) = 1 [pid 5785] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5086] <... close resumed>) = 0 [pid 5086] rmdir("./26" [pid 5785] <... open resumed>) = 5 [pid 5785] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... futex resumed>) = 0 [pid 5784] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... futex resumed>) = 1 [pid 5785] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 5086] <... rmdir resumed>) = 0 [pid 5785] <... mount resumed>) = 0 [pid 5785] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... futex resumed>) = 0 [pid 5784] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] mkdir("./27", 0777 [pid 5785] <... futex resumed>) = 1 [pid 5785] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5785] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5784] <... futex resumed>) = 0 [pid 5784] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... futex resumed>) = 1 [pid 5785] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5086] <... mkdir resumed>) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5086] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5086] close(3) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5083] lstat("./26/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5083] openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5791 [pid 5083] <... openat resumed>) = 4 [pid 5083] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 ./strace-static-x86_64: Process 5791 attached [ 101.588472][ T5785] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 101.602537][ T5785] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/27/bus supports timestamps until 2038 (0x7fffffff) [ 101.611209][ T5082] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5083] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5791] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 5781] <... write resumed>) = 262144 [pid 5083] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5083] close(4) = 0 [pid 5083] rmdir("./26/bus") = 0 [pid 5791] chdir("./27" [pid 5781] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... umount2 resumed>) = 0 [pid 5781] <... futex resumed>) = 1 [pid 5780] <... futex resumed>) = 0 [pid 5780] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5791] <... chdir resumed>) = 0 [pid 5781] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5791] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5780] <... futex resumed>) = 0 [pid 5791] <... prctl resumed>) = 0 [pid 5781] <... mmap resumed>) = 0x20000000 [pid 5780] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... umount2 resumed>) = 0 [pid 5083] getdents64(3, [pid 5791] setpgid(0, 0 [pid 5781] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5791] <... setpgid resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] close(3 [pid 5085] lstat("./25/bus", [pid 5083] <... close resumed>) = 0 [pid 5791] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5781] <... futex resumed>) = 1 [pid 5780] <... futex resumed>) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] rmdir("./26" [pid 5082] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5791] <... openat resumed>) = 3 [pid 5784] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5781] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5780] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] umount2("./25/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... rmdir resumed>) = 0 [pid 5791] write(3, "1000", 4 [pid 5785] <... write resumed>) = 262144 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] mkdir("./27", 0777 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5791] <... write resumed>) = 4 [pid 5785] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5781] <... open resumed>) = 5 [pid 5780] <... futex resumed>) = 0 [pid 5085] openat(AT_FDCWD, "./25/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] <... mkdir resumed>) = 0 [pid 5082] lstat("./26/bus", [pid 5791] close(3 [pid 5785] <... futex resumed>) = 0 [pid 5784] exit_group(0 [pid 5781] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5780] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... openat resumed>) = 4 [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5082] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5791] <... close resumed>) = 0 [pid 5784] <... exit_group resumed>) = ? [pid 5781] <... futex resumed>) = 0 [pid 5780] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] fstat(4, [pid 5083] <... openat resumed>) = 3 [pid 5082] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5791] symlink("/dev/binderfs", "./binderfs" [pid 5785] +++ exited with 0 +++ [pid 5784] +++ exited with 0 +++ [pid 5781] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5780] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] ioctl(3, LOOP_CLR_FD [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5791] <... symlink resumed>) = 0 [pid 5781] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5780] <... futex resumed>) = 0 [pid 5085] getdents64(4, [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5082] openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5784, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5791] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5781] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5780] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5084] restart_syscall(<... resuming interrupted clone ...> [pid 5083] close(3 [pid 5082] <... openat resumed>) = 4 [pid 5791] <... futex resumed>) = 0 [pid 5781] <... mount resumed>) = 0 [pid 5085] getdents64(4, [pid 5084] <... restart_syscall resumed>) = 0 [pid 5791] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5781] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5083] <... close resumed>) = 0 [pid 5082] fstat(4, [pid 5791] <... mmap resumed>) = 0x7f5659bc2000 [pid 5781] <... futex resumed>) = 1 [pid 5780] <... futex resumed>) = 0 [pid 5085] close(4 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5791] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5781] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5780] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... close resumed>) = 0 [pid 5084] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] getdents64(4, ./strace-static-x86_64: Process 5792 attached [pid 5791] <... mprotect resumed>) = 0 [pid 5781] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5780] <... futex resumed>) = 0 [pid 5085] rmdir("./25/bus" [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5792 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5791] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5781] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5780] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5792] set_robust_list(0x555556f1a5e0, 24 [pid 5781] <... open resumed>) = 6 [pid 5085] <... rmdir resumed>) = 0 [pid 5084] <... openat resumed>) = 3 [pid 5082] getdents64(4, [pid 5792] <... set_robust_list resumed>) = 0 [pid 5791] <... clone resumed>, parent_tid=[5793], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5793 [pid 5781] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] getdents64(3, [pid 5084] fstat(3, [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5792] chdir("./27" [pid 5791] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5781] <... futex resumed>) = 1 [pid 5780] <... futex resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] close(4./strace-static-x86_64: Process 5793 attached [pid 5792] <... chdir resumed>) = 0 [pid 5791] <... futex resumed>) = 0 [pid 5781] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5780] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] close(3 [pid 5084] getdents64(3, [pid 5082] <... close resumed>) = 0 [pid 5793] set_robust_list(0x7f5659be29e0, 24 [pid 5792] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5791] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5781] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5780] <... futex resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] rmdir("./26/bus" [pid 5793] <... set_robust_list resumed>) = 0 [pid 5792] <... prctl resumed>) = 0 [pid 5781] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5780] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] rmdir("./25" [pid 5084] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5793] memfd_create("syzkaller", 0 [pid 5792] setpgid(0, 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... rmdir resumed>) = 0 [pid 5793] <... memfd_create resumed>) = 3 [pid 5792] <... setpgid resumed>) = 0 [pid 5781] <... write resumed>) = 262144 [pid 5085] <... rmdir resumed>) = 0 [pid 5084] lstat("./27/binderfs", [pid 5082] getdents64(3, [pid 5793] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5781] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] mkdir("./26", 0777 [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5793] <... mmap resumed>) = 0x7f56517c2000 [pid 5792] <... openat resumed>) = 3 [pid 5781] <... futex resumed>) = 1 [pid 5780] <... futex resumed>) = 0 [pid 5084] unlink("./27/binderfs" [pid 5793] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5792] write(3, "1000", 4 [pid 5781] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5780] exit_group(0 [pid 5085] <... mkdir resumed>) = 0 [pid 5082] close(3 [pid 5792] <... write resumed>) = 4 [pid 5781] <... futex resumed>) = ? [pid 5780] <... exit_group resumed>) = ? [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5084] <... unlink resumed>) = 0 [pid 5082] <... close resumed>) = 0 [pid 5792] close(3 [pid 5781] +++ exited with 0 +++ [pid 5085] <... openat resumed>) = 3 [pid 5082] rmdir("./26" [pid 5792] <... close resumed>) = 0 [pid 5780] +++ exited with 0 +++ [pid 5085] ioctl(3, LOOP_CLR_FD [pid 5084] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... rmdir resumed>) = 0 [pid 5792] symlink("/dev/binderfs", "./binderfs" [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5082] mkdir("./27", 0777 [pid 5792] <... symlink resumed>) = 0 [pid 5085] close(3 [pid 5082] <... mkdir resumed>) = 0 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5780, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5792] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... close resumed>) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5792] <... futex resumed>) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5082] <... openat resumed>) = 3 [pid 5792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5082] ioctl(3, LOOP_CLR_FD [pid 5792] <... mmap resumed>) = 0x7f5659bc2000 [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5794 [pid 5082] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5792] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5082] close(3 [pid 5792] <... mprotect resumed>) = 0 [pid 5082] <... close resumed>) = 0 [pid 5792] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5794 attached [pid 5793] <... write resumed>) = 1048576 [pid 5792] <... clone resumed>, parent_tid=[5795], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5795 [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5796 [pid 5792] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] set_robust_list(0x555556f1a5e0, 24 [pid 5793] munmap(0x7f56517c2000, 1048576 [pid 5792] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5796 attached [pid 5792] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5794] <... set_robust_list resumed>) = 0 [pid 5793] <... munmap resumed>) = 0 [pid 5796] set_robust_list(0x555556f1a5e0, 24./strace-static-x86_64: Process 5795 attached ) = 0 [pid 5794] chdir("./26" [pid 5793] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5796] chdir("./27" [pid 5795] set_robust_list(0x7f5659be29e0, 24 [pid 5794] <... chdir resumed>) = 0 [pid 5793] <... openat resumed>) = 4 [pid 5796] <... chdir resumed>) = 0 [pid 5795] <... set_robust_list resumed>) = 0 [pid 5794] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5796] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5795] memfd_create("syzkaller", 0 [pid 5794] <... prctl resumed>) = 0 [pid 5793] ioctl(4, LOOP_SET_FD, 3 [pid 5081] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5796] <... prctl resumed>) = 0 [pid 5795] <... memfd_create resumed>) = 3 [pid 5794] setpgid(0, 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5796] setpgid(0, 0 [ 101.822195][ T46] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 101.838163][ T46] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 101.852737][ T46] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:3: mark_inode_dirty error [pid 5795] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5794] <... setpgid resumed>) = 0 [pid 5081] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5796] <... setpgid resumed>) = 0 [pid 5794] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5796] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5794] <... openat resumed>) = 3 [pid 5081] <... openat resumed>) = 3 [pid 5796] <... openat resumed>) = 3 [pid 5795] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5794] write(3, "1000", 4 [pid 5081] fstat(3, [pid 5796] write(3, "1000", 4 [pid 5794] <... write resumed>) = 4 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 101.876305][ T46] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 101.883301][ T5793] loop5: detected capacity change from 0 to 2048 [ 101.891542][ T46] EXT4-fs (loop3): This should not happen!! Data will be lost [ 101.891542][ T46] [pid 5796] <... write resumed>) = 4 [pid 5795] <... write resumed>) = 1048576 [pid 5794] close(3 [pid 5793] <... ioctl resumed>) = 0 [pid 5081] getdents64(3, [pid 5796] close(3 [pid 5795] munmap(0x7f56517c2000, 1048576 [pid 5794] <... close resumed>) = 0 [pid 5793] close(3 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5795] <... munmap resumed>) = 0 [pid 5796] <... close resumed>) = 0 [pid 5793] <... close resumed>) = 0 [pid 5794] symlink("/dev/binderfs", "./binderfs" [pid 5796] symlink("/dev/binderfs", "./binderfs" [pid 5793] mkdir("./bus", 0777 [pid 5081] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5794] <... symlink resumed>) = 0 [pid 5795] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5794] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5794] <... futex resumed>) = 0 [pid 5081] lstat("./26/binderfs", [pid 5795] <... openat resumed>) = 4 [pid 5794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5796] <... symlink resumed>) = 0 [pid 5793] <... mkdir resumed>) = 0 [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5795] ioctl(4, LOOP_SET_FD, 3 [pid 5794] <... mmap resumed>) = 0x7f5659bc2000 [pid 5796] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5796] <... futex resumed>) = 0 [pid 5081] unlink("./26/binderfs") = 0 [pid 5796] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5794] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5081] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5795] <... ioctl resumed>) = 0 [pid 5796] <... mmap resumed>) = 0x7f5659bc2000 [pid 5794] <... mprotect resumed>) = 0 [ 101.915825][ T46] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 101.941580][ T46] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 101.958009][ T5795] loop2: detected capacity change from 0 to 2048 [ 101.964070][ T5084] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5796] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5795] close(3 [pid 5794] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5796] <... mprotect resumed>) = 0 [pid 5795] <... close resumed>) = 0 [pid 5796] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5795] mkdir("./bus", 0777 [pid 5794] <... clone resumed>, parent_tid=[5797], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5797 ./strace-static-x86_64: Process 5797 attached [pid 5795] <... mkdir resumed>) = 0 [pid 5794] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5797] set_robust_list(0x7f5659be29e0, 24 [pid 5794] <... futex resumed>) = 0 [pid 5796] <... clone resumed>, parent_tid=[5799], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5799 [pid 5795] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5794] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5796] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5797] <... set_robust_list resumed>) = 0 [pid 5796] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5797] memfd_create("syzkaller", 0) = 3 ./strace-static-x86_64: Process 5799 attached [pid 5797] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5799] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 5797] <... mmap resumed>) = 0x7f56517c2000 [pid 5799] memfd_create("syzkaller", 0) = 3 [pid 5797] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5084] <... umount2 resumed>) = 0 [ 101.976176][ T11] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 102.013386][ T5793] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5799] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5084] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5799] <... mmap resumed>) = 0x7f56517c2000 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5799] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5084] lstat("./27/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 102.026965][ T11] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 102.031332][ T5793] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/27/bus supports timestamps until 2038 (0x7fffffff) [ 102.060504][ T5795] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5084] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5799] <... write resumed>) = 1048576 [pid 5793] <... mount resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5799] munmap(0x7f56517c2000, 1048576 [pid 5793] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5799] <... munmap resumed>) = 0 [pid 5793] <... openat resumed>) = 3 [pid 5799] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5793] chdir("./bus" [pid 5799] <... openat resumed>) = 4 [pid 5793] <... chdir resumed>) = 0 [pid 5799] ioctl(4, LOOP_SET_FD, 3 [pid 5793] ioctl(4, LOOP_CLR_FD [pid 5799] <... ioctl resumed>) = 0 [pid 5793] <... ioctl resumed>) = 0 [pid 5797] <... write resumed>) = 1048576 [pid 5084] openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5793] close(4) = 0 [pid 5793] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5793] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5799] close(3) = 0 [pid 5799] mkdir("./bus", 0777) = 0 [pid 5799] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5797] munmap(0x7f56517c2000, 1048576 [pid 5084] <... openat resumed>) = 4 [pid 5791] <... futex resumed>) = 0 [pid 5791] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... futex resumed>) = 0 [pid 5791] <... futex resumed>) = 1 [pid 5793] chdir("./file0" [pid 5791] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5797] <... munmap resumed>) = 0 [pid 5793] <... chdir resumed>) = 0 [pid 5084] fstat(4, [pid 5797] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5793] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5797] <... openat resumed>) = 4 [pid 5793] <... futex resumed>) = 1 [pid 5791] <... futex resumed>) = 0 [pid 5084] getdents64(4, [pid 5797] ioctl(4, LOOP_SET_FD, 3 [ 102.070908][ T5799] loop1: detected capacity change from 0 to 2048 [ 102.079071][ T11] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 102.090702][ T5795] ext4 filesystem being mounted at /root/syzkaller.22hR0w/27/bus supports timestamps until 2038 (0x7fffffff) [ 102.110695][ T11] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5793] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5791] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5795] <... mount resumed>) = 0 [pid 5793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5791] <... futex resumed>) = 0 [pid 5797] <... ioctl resumed>) = 0 [pid 5795] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5793] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5791] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] getdents64(4, [pid 5797] close(3 [pid 5795] <... openat resumed>) = 3 [pid 5795] chdir("./bus") = 0 [pid 5795] ioctl(4, LOOP_CLR_FD [pid 5797] <... close resumed>) = 0 [pid 5795] <... ioctl resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5797] mkdir("./bus", 0777 [pid 5795] close(4 [pid 5793] <... openat resumed>) = 4 [pid 5084] close(4 [pid 5795] <... close resumed>) = 0 [pid 5795] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5795] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5792] <... futex resumed>) = 0 [pid 5795] chdir("./file0" [pid 5792] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5797] <... mkdir resumed>) = 0 [pid 5797] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5793] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... close resumed>) = 0 [pid 5795] <... chdir resumed>) = 0 [pid 5793] <... futex resumed>) = 1 [pid 5791] <... futex resumed>) = 0 [pid 5795] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5791] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] rmdir("./27/bus" [pid 5793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5791] <... futex resumed>) = 0 [ 102.129424][ T5797] loop4: detected capacity change from 0 to 2048 [ 102.137893][ T11] EXT4-fs (loop0): This should not happen!! Data will be lost [ 102.137893][ T11] [ 102.152076][ T11] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5793] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5791] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] <... futex resumed>) = 1 [pid 5793] <... write resumed>) = 262144 [pid 5792] <... futex resumed>) = 0 [pid 5084] <... rmdir resumed>) = 0 [pid 5795] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] getdents64(3, [pid 5795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5792] <... futex resumed>) = 0 [pid 5799] <... mount resumed>) = 0 [pid 5793] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5799] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5793] <... futex resumed>) = 1 [pid 5791] <... futex resumed>) = 0 [pid 5799] <... openat resumed>) = 3 [pid 5793] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5791] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] chdir("./bus" [pid 5793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5791] <... futex resumed>) = 0 [pid 5799] <... chdir resumed>) = 0 [pid 5795] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5793] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5792] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5791] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] close(3 [pid 5799] ioctl(4, LOOP_CLR_FD [pid 5795] <... openat resumed>) = 4 [pid 5793] <... mmap resumed>) = 0x20000000 [pid 5084] <... close resumed>) = 0 [pid 5795] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] rmdir("./27" [pid 5795] <... futex resumed>) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5084] <... rmdir resumed>) = 0 [pid 5799] <... ioctl resumed>) = 0 [pid 5795] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5793] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] mkdir("./28", 0777 [pid 5795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5793] <... futex resumed>) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5791] <... futex resumed>) = 0 [pid 5084] <... mkdir resumed>) = 0 [pid 5799] close(4 [ 102.173996][ T5799] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 102.190536][ T5799] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/27/bus supports timestamps until 2038 (0x7fffffff) [ 102.190715][ T11] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5795] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5793] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5791] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5799] <... close resumed>) = 0 [pid 5793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5791] <... futex resumed>) = 0 [pid 5799] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5791] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5799] <... futex resumed>) = 1 [pid 5796] <... futex resumed>) = 0 [pid 5793] <... open resumed>) = 5 [pid 5084] <... openat resumed>) = 3 [pid 5799] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5796] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5799] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5796] <... futex resumed>) = 0 [pid 5793] <... futex resumed>) = 1 [pid 5791] <... futex resumed>) = 0 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5799] chdir("./file0" [pid 5796] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5791] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] close(3 [pid 5799] <... chdir resumed>) = 0 [pid 5793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5791] <... futex resumed>) = 0 [ 102.236819][ T5081] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.256595][ T5797] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5795] <... write resumed>) = 262144 [pid 5084] <... close resumed>) = 0 [pid 5799] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5791] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5799] <... futex resumed>) = 1 [pid 5796] <... futex resumed>) = 0 [pid 5795] <... futex resumed>) = 1 [pid 5793] <... mount resumed>) = 0 [pid 5792] <... futex resumed>) = 0 [pid 5799] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5796] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5793] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5796] <... futex resumed>) = 0 [pid 5795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5793] <... futex resumed>) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5791] <... futex resumed>) = 0 [pid 5797] <... mount resumed>) = 0 [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5807 [pid 5081] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 5807 attached [pid 5799] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5797] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5796] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5793] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5791] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5807] set_robust_list(0x555556f1a5e0, 24 [pid 5797] <... openat resumed>) = 3 [pid 5795] <... mmap resumed>) = 0x20000000 [pid 5793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5791] <... futex resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5807] <... set_robust_list resumed>) = 0 [pid 5799] <... openat resumed>) = 4 [pid 5797] chdir("./bus" [pid 5795] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5791] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5081] lstat("./26/bus", [pid 5807] chdir("./28" [pid 5799] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5797] <... chdir resumed>) = 0 [pid 5795] <... futex resumed>) = 1 [pid 5793] <... open resumed>) = 6 [pid 5792] <... futex resumed>) = 0 [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5807] <... chdir resumed>) = 0 [pid 5799] <... futex resumed>) = 1 [pid 5797] ioctl(4, LOOP_CLR_FD [pid 5796] <... futex resumed>) = 0 [pid 5795] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5793] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [ 102.291615][ T5797] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/26/bus supports timestamps until 2038 (0x7fffffff) [pid 5081] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5807] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5799] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5797] <... ioctl resumed>) = 0 [pid 5796] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5793] <... futex resumed>) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5791] <... futex resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5807] <... prctl resumed>) = 0 [pid 5799] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5797] close(4 [pid 5796] <... futex resumed>) = 0 [pid 5795] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5793] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5791] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5807] setpgid(0, 0 [pid 5799] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5797] <... close resumed>) = 0 [pid 5795] <... open resumed>) = 5 [pid 5081] <... openat resumed>) = 4 [pid 5807] <... setpgid resumed>) = 0 [pid 5797] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] fstat(4, [pid 5807] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5797] <... futex resumed>) = 1 [pid 5795] <... futex resumed>) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5792] <... futex resumed>) = 0 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5807] <... openat resumed>) = 3 [pid 5797] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5795] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] getdents64(4, [pid 5807] write(3, "1000", 4 [pid 5797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5794] <... futex resumed>) = 0 [pid 5792] <... futex resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5807] <... write resumed>) = 4 [pid 5797] chdir("./file0" [pid 5796] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5795] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 5794] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5792] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5791] <... futex resumed>) = 0 [pid 5081] getdents64(4, [pid 5807] close(3 [pid 5797] <... chdir resumed>) = 0 [pid 5795] <... mount resumed>) = 0 [pid 5793] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5791] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5807] <... close resumed>) = 0 [pid 5797] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] close(4 [pid 5807] symlink("/dev/binderfs", "./binderfs" [pid 5797] <... futex resumed>) = 1 [pid 5795] <... futex resumed>) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5792] <... futex resumed>) = 0 [pid 5081] <... close resumed>) = 0 [pid 5807] <... symlink resumed>) = 0 [pid 5797] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5795] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] rmdir("./26/bus" [pid 5807] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5794] <... futex resumed>) = 0 [pid 5792] <... futex resumed>) = 0 [pid 5081] <... rmdir resumed>) = 0 [pid 5807] <... futex resumed>) = 0 [pid 5797] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5795] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5794] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5792] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] getdents64(3, [pid 5807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5795] <... open resumed>) = 6 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5807] <... mmap resumed>) = 0x7f5659bc2000 [pid 5795] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] close(3 [pid 5807] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5797] <... openat resumed>) = 4 [pid 5795] <... futex resumed>) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5081] <... close resumed>) = 0 [pid 5807] <... mprotect resumed>) = 0 [pid 5797] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] rmdir("./26" [pid 5807] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5797] <... futex resumed>) = 1 [pid 5795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5794] <... futex resumed>) = 0 [pid 5792] <... futex resumed>) = 0 [pid 5081] <... rmdir resumed>) = 0 [pid 5797] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5795] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5794] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] mkdir("./27", 0777./strace-static-x86_64: Process 5808 attached [pid 5807] <... clone resumed>, parent_tid=[5808], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5808 [pid 5797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5795] <... write resumed>) = 262144 [pid 5794] <... futex resumed>) = 0 [pid 5793] <... write resumed>) = 262144 [pid 5808] set_robust_list(0x7f5659be29e0, 24 [pid 5807] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] <... write resumed>) = 262144 [pid 5797] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5795] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... mkdir resumed>) = 0 [pid 5808] <... set_robust_list resumed>) = 0 [pid 5807] <... futex resumed>) = 0 [pid 5795] <... futex resumed>) = 1 [pid 5793] <... futex resumed>) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5791] <... futex resumed>) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5808] memfd_create("syzkaller", 0 [pid 5807] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5799] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... openat resumed>) = 3 [pid 5808] <... memfd_create resumed>) = 3 [pid 5799] <... futex resumed>) = 1 [pid 5796] <... futex resumed>) = 0 [pid 5793] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] exit_group(0 [pid 5791] exit_group(0 [pid 5081] ioctl(3, LOOP_CLR_FD [pid 5808] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5799] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5796] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] <... futex resumed>) = ? [pid 5793] <... futex resumed>) = ? [pid 5792] <... exit_group resumed>) = ? [pid 5791] <... exit_group resumed>) = ? [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5808] <... mmap resumed>) = 0x7f56517c2000 [pid 5799] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5796] <... futex resumed>) = 0 [pid 5795] +++ exited with 0 +++ [pid 5793] +++ exited with 0 +++ [pid 5081] close(3 [pid 5799] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5797] <... write resumed>) = 262144 [pid 5796] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5792] +++ exited with 0 +++ [pid 5791] +++ exited with 0 +++ [pid 5081] <... close resumed>) = 0 [pid 5808] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5799] <... mmap resumed>) = 0x20000000 [pid 5797] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5799] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5797] <... futex resumed>) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5791, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5792, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5799] <... futex resumed>) = 1 [pid 5797] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5796] <... futex resumed>) = 0 [pid 5794] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] restart_syscall(<... resuming interrupted clone ...> [pid 5083] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5799] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5796] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... futex resumed>) = 0 [pid 5086] <... restart_syscall resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5809 [pid 5799] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5797] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5796] <... futex resumed>) = 0 [pid 5794] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5809 attached [pid 5799] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5797] <... mmap resumed>) = 0x20000000 [pid 5796] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... openat resumed>) = 3 [pid 5809] set_robust_list(0x555556f1a5e0, 24 [pid 5799] <... open resumed>) = 5 [pid 5797] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] fstat(3, [pid 5809] <... set_robust_list resumed>) = 0 [pid 5799] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5797] <... futex resumed>) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5809] chdir("./27" [pid 5799] <... futex resumed>) = 1 [pid 5797] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5796] <... futex resumed>) = 0 [pid 5794] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] getdents64(3, [pid 5809] <... chdir resumed>) = 0 [pid 5799] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5796] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... futex resumed>) = 0 [pid 5086] <... openat resumed>) = 3 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5809] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5799] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5797] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5796] <... futex resumed>) = 0 [pid 5794] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] fstat(3, [pid 5083] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5809] <... prctl resumed>) = 0 [pid 5808] <... write resumed>) = 1048576 [pid 5799] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5797] <... open resumed>) = 5 [pid 5796] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5809] setpgid(0, 0 [pid 5808] munmap(0x7f56517c2000, 1048576 [pid 5799] <... mount resumed>) = 0 [pid 5797] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] getdents64(3, [pid 5083] lstat("./27/binderfs", [pid 5809] <... setpgid resumed>) = 0 [pid 5808] <... munmap resumed>) = 0 [pid 5799] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5797] <... futex resumed>) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5808] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5799] <... futex resumed>) = 1 [pid 5797] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5796] <... futex resumed>) = 0 [pid 5794] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] unlink("./27/binderfs" [pid 5809] <... openat resumed>) = 3 [pid 5808] <... openat resumed>) = 4 [pid 5799] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5796] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5794] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] <... unlink resumed>) = 0 [pid 5809] write(3, "1000", 4 [pid 5808] ioctl(4, LOOP_SET_FD, 3 [pid 5799] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5797] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 5796] <... futex resumed>) = 0 [pid 5794] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] lstat("./27/binderfs", [pid 5083] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5809] <... write resumed>) = 4 [pid 5808] <... ioctl resumed>) = 0 [pid 5799] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5797] <... mount resumed>) = 0 [pid 5796] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5809] close(3 [pid 5799] <... open resumed>) = 6 [pid 5799] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5799] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5808] close(3) = 0 [pid 5808] mkdir("./bus", 0777) = 0 [pid 5808] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5797] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5797] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5794] <... futex resumed>) = 0 [pid 5797] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5794] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5797] <... open resumed>) = 6 [pid 5797] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5794] <... futex resumed>) = 0 [pid 5797] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5794] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5794] <... futex resumed>) = 0 [pid 5797] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5794] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5809] <... close resumed>) = 0 [pid 5796] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] unlink("./27/binderfs" [pid 5809] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5797] <... write resumed>) = 262144 [pid 5796] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... unlink resumed>) = 0 [pid 5809] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5809] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5809] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5810], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5810 [pid 5809] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5809] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5799] <... futex resumed>) = 0 [ 102.481979][ T5808] loop3: detected capacity change from 0 to 2048 [ 102.491443][ T5118] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 102.505676][ T5118] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 102.519820][ T5118] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [pid 5797] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5796] <... futex resumed>) = 1 [pid 5086] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5810 attached [pid 5799] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5797] <... futex resumed>) = 1 [pid 5796] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5810] set_robust_list(0x7f5659be29e0, 24 [pid 5797] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] <... set_robust_list resumed>) = 0 [pid 5810] memfd_create("syzkaller", 0) = 3 [pid 5810] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5810] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5794] <... futex resumed>) = 0 [pid 5794] exit_group(0 [pid 5797] <... futex resumed>) = ? [pid 5794] <... exit_group resumed>) = ? [pid 5799] <... write resumed>) = 262144 [pid 5797] +++ exited with 0 +++ [pid 5794] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5794, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5085] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5085] umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, [pid 5799] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5799] <... futex resumed>) = 1 [pid 5796] <... futex resumed>) = 0 [pid 5085] getdents64(3, [pid 5799] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5796] exit_group(0 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5796] <... exit_group resumed>) = ? [ 102.533361][ T5118] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 102.550414][ T11] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 102.560208][ T5118] EXT4-fs (loop2): This should not happen!! Data will be lost [ 102.560208][ T5118] [pid 5085] umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5799] <... futex resumed>) = ? [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./26/binderfs" [pid 5799] +++ exited with 0 +++ [pid 5796] +++ exited with 0 +++ [pid 5085] <... unlink resumed>) = 0 [pid 5085] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5796, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5082] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5082] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] unlink("./27/binderfs") = 0 [ 102.579042][ T5118] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 102.597812][ T5808] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 102.610849][ T5808] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/28/bus supports timestamps until 2038 (0x7fffffff) [pid 5082] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5810] <... write resumed>) = 1048576 [pid 5808] <... mount resumed>) = 0 [pid 5810] munmap(0x7f56517c2000, 1048576 [pid 5808] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5810] <... munmap resumed>) = 0 [pid 5808] <... openat resumed>) = 3 [pid 5810] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5808] chdir("./bus" [pid 5810] <... openat resumed>) = 4 [pid 5808] <... chdir resumed>) = 0 [pid 5810] ioctl(4, LOOP_SET_FD, 3 [pid 5808] ioctl(4, LOOP_CLR_FD) = 0 [pid 5808] close(4) = 0 [ 102.615109][ T46] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 102.637058][ T948] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 102.644533][ T5810] loop0: detected capacity change from 0 to 2048 [ 102.650885][ T5118] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 102.656378][ T11] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5808] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5807] <... futex resumed>) = 0 [pid 5808] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5807] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5808] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5807] <... futex resumed>) = 0 [pid 5810] <... ioctl resumed>) = 0 [pid 5808] chdir("./file0" [pid 5807] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5810] close(3 [pid 5808] <... chdir resumed>) = 0 [pid 5810] <... close resumed>) = 0 [pid 5808] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] mkdir("./bus", 0777 [pid 5808] <... futex resumed>) = 1 [pid 5807] <... futex resumed>) = 0 [ 102.690101][ T46] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 102.711788][ T948] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 102.721932][ T11] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [pid 5810] <... mkdir resumed>) = 0 [pid 5808] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5807] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5807] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5810] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5808] <... openat resumed>) = 4 [pid 5808] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5807] <... futex resumed>) = 0 [pid 5807] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5807] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 102.727855][ T5083] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 102.735407][ T46] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:3: mark_inode_dirty error [ 102.744006][ T948] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [pid 5808] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 5083] <... umount2 resumed>) = 0 [pid 5807] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5807] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f56518a1000 [pid 5807] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5807] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5813], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 5813 [pid 5807] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5807] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5813 attached [pid 5813] set_robust_list(0x7f56518c19e0, 24) = 0 [pid 5813] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 5813] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5807] <... futex resumed>) = 0 [pid 5807] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5807] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5813] <... futex resumed>) = 1 [pid 5813] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5808] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5808] <... futex resumed>) = 0 [pid 5083] lstat("./27/bus", [pid 5813] <... open resumed>) = 5 [pid 5808] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5813] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5807] <... futex resumed>) = 0 [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5807] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5807] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5808] <... futex resumed>) = 0 [pid 5808] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 5083] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5813] <... futex resumed>) = 1 [pid 5813] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5808] <... mount resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 102.786046][ T46] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 102.799216][ T11] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 102.804822][ T948] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 102.815847][ T46] EXT4-fs (loop4): This should not happen!! Data will be lost [ 102.815847][ T46] [pid 5808] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5808] <... futex resumed>) = 1 [pid 5807] <... futex resumed>) = 0 [pid 5807] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5808] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5807] <... futex resumed>) = 0 [pid 5083] <... openat resumed>) = 4 [pid 5807] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5808] <... open resumed>) = 6 [pid 5083] fstat(4, [pid 5808] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5808] <... futex resumed>) = 1 [pid 5807] <... futex resumed>) = 0 [pid 5083] getdents64(4, [pid 5808] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5807] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5808] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5807] <... futex resumed>) = 0 [ 102.841960][ T948] EXT4-fs (loop1): This should not happen!! Data will be lost [ 102.841960][ T948] [ 102.843139][ T11] EXT4-fs (loop5): This should not happen!! Data will be lost [ 102.843139][ T11] [ 102.854239][ T948] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 102.865297][ T46] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [pid 5083] getdents64(4, [pid 5808] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5807] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5083] close(4) = 0 [pid 5083] rmdir("./27/bus") = 0 [pid 5083] getdents64(3, [pid 5808] <... write resumed>) = 262144 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5083] close(3) = 0 [pid 5083] rmdir("./27") = 0 [pid 5083] mkdir("./28", 0777) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5083] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5083] close(3) = 0 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 5816 [ 102.876729][ T11] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 102.907266][ T5810] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 102.919341][ T46] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [pid 5808] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5807] <... futex resumed>) = 0 [pid 5808] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5807] exit_group(0 [pid 5813] <... futex resumed>) = ? [pid 5808] <... futex resumed>) = ? [pid 5807] <... exit_group resumed>) = ? [pid 5813] +++ exited with 0 +++ [pid 5808] +++ exited with 0 +++ [pid 5807] +++ exited with 0 +++ [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5807, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5084] restart_syscall(<... resuming interrupted clone ...>) = 0 ./strace-static-x86_64: Process 5816 attached [pid 5816] set_robust_list(0x555556f1a5e0, 24 [pid 5810] <... mount resumed>) = 0 [pid 5084] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5816] <... set_robust_list resumed>) = 0 [pid 5810] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5816] chdir("./28" [pid 5810] <... openat resumed>) = 3 [pid 5816] <... chdir resumed>) = 0 [pid 5810] chdir("./bus" [pid 5816] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5810] <... chdir resumed>) = 0 [pid 5816] <... prctl resumed>) = 0 [pid 5810] ioctl(4, LOOP_CLR_FD [pid 5816] setpgid(0, 0 [pid 5810] <... ioctl resumed>) = 0 [pid 5816] <... setpgid resumed>) = 0 [ 102.937993][ T948] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 102.951573][ T5810] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/27/bus supports timestamps until 2038 (0x7fffffff) [ 102.955292][ T5085] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5810] close(4 [pid 5816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5810] <... close resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5816] <... openat resumed>) = 3 [pid 5810] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5816] write(3, "1000", 4 [pid 5810] <... futex resumed>) = 1 [pid 5809] <... futex resumed>) = 0 [pid 5816] <... write resumed>) = 4 [pid 5810] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5809] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5816] close(3 [pid 5810] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5809] <... futex resumed>) = 0 [pid 5816] <... close resumed>) = 0 [pid 5810] chdir("./file0" [pid 5809] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5816] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5084] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5816] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5810] <... chdir resumed>) = 0 [pid 5816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5084] <... openat resumed>) = 3 [pid 5816] <... mmap resumed>) = 0x7f5659bc2000 [pid 5810] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5816] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5810] <... futex resumed>) = 1 [pid 5809] <... futex resumed>) = 0 [pid 5816] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5084] fstat(3, [pid 5816] <... clone resumed>, parent_tid=[5817], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5817 [pid 5816] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5816] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5809] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5809] <... futex resumed>) = 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5809] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5084] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] lstat("./28/binderfs", [pid 5810] <... openat resumed>) = 4 [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5810] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] unlink("./28/binderfs") = 0 [pid 5810] <... futex resumed>) = 1 [pid 5809] <... futex resumed>) = 0 [pid 5084] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5809] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5809] <... futex resumed>) = 0 [ 102.980493][ T11] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 102.982953][ T5082] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.010966][ T5086] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5809] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5817 attached [pid 5817] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 5817] memfd_create("syzkaller", 0) = 3 [pid 5817] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5086] <... umount2 resumed>) = 0 [pid 5817] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5809] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5809] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f56518a1000 [pid 5809] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5809] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5818], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 5818 [pid 5809] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 103.048218][ T9] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 5809] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... umount2 resumed>) = 0 [pid 5082] <... umount2 resumed>) = 0 [pid 5810] <... write resumed>) = 262144 ./strace-static-x86_64: Process 5818 attached [pid 5086] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5818] set_robust_list(0x7f56518c19e0, 24 [pid 5817] <... write resumed>) = 1048576 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5818] <... set_robust_list resumed>) = 0 [pid 5086] lstat("./27/bus", [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] lstat("./26/bus", [pid 5818] <... mmap resumed>) = 0x20000000 [pid 5810] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] lstat("./27/bus", [pid 5818] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] umount2("./26/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5818] <... futex resumed>) = 1 [pid 5810] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5809] <... futex resumed>) = 0 [pid 5086] openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5818] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5809] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5809] <... futex resumed>) = 1 [pid 5082] openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5809] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... openat resumed>) = 4 [pid 5082] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5082] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] close(4) = 0 [pid 5082] rmdir("./27/bus" [pid 5086] <... openat resumed>) = 4 [pid 5082] <... rmdir resumed>) = 0 [pid 5817] munmap(0x7f56517c2000, 1048576 [pid 5810] <... futex resumed>) = 0 [pid 5086] fstat(4, [pid 5085] openat(AT_FDCWD, "./26/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] getdents64(3, [pid 5817] <... munmap resumed>) = 0 [pid 5810] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5085] <... openat resumed>) = 4 [pid 5082] close(3 [pid 5810] <... open resumed>) = 5 [pid 5082] <... close resumed>) = 0 [pid 5082] rmdir("./27") = 0 [pid 5082] mkdir("./28", 0777) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5082] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5082] close(3) = 0 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 5819 ./strace-static-x86_64: Process 5819 attached [pid 5819] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 5819] chdir("./28") = 0 [ 103.140719][ T9] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 103.155280][ T27] kauditd_printk_skb: 13 callbacks suppressed [ 103.155298][ T27] audit: type=1800 audit(1678856054.555:169): pid=5810 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop0" ino=19 res=0 errno=0 [pid 5819] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5817] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5810] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] getdents64(4, [pid 5085] fstat(4, [pid 5819] setpgid(0, 0) = 0 [pid 5809] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5817] <... openat resumed>) = 4 [pid 5810] <... futex resumed>) = 0 [pid 5809] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... openat resumed>) = 3 [pid 5817] ioctl(4, LOOP_SET_FD, 3 [pid 5810] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5819] write(3, "1000", 4 [pid 5809] <... futex resumed>) = 0 [pid 5819] <... write resumed>) = 4 [pid 5809] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] close(3) = 0 [pid 5819] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5819] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5819] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5817] <... ioctl resumed>) = 0 [pid 5810] <... mount resumed>) = 0 [pid 5086] getdents64(4, [pid 5085] getdents64(4, [pid 5819] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5819] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5820], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5820 [pid 5819] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5819] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5820 attached [pid 5820] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 5820] memfd_create("syzkaller", 0 [pid 5817] close(3 [pid 5810] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5817] <... close resumed>) = 0 [pid 5810] <... futex resumed>) = 1 [pid 5809] <... futex resumed>) = 0 [pid 5086] close(4 [pid 5085] getdents64(4, [pid 5820] <... memfd_create resumed>) = 3 [pid 5817] mkdir("./bus", 0777 [pid 5810] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5809] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... close resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5820] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5809] <... futex resumed>) = 0 [pid 5820] <... mmap resumed>) = 0x7f56517c2000 [ 103.183887][ T9] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [ 103.197311][ T9] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 103.199189][ T5817] loop2: detected capacity change from 0 to 2048 [ 103.218185][ T9] EXT4-fs (loop3): This should not happen!! Data will be lost [ 103.218185][ T9] [pid 5809] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5817] <... mkdir resumed>) = 0 [pid 5810] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] rmdir("./27/bus" [pid 5085] close(4 [pid 5086] <... rmdir resumed>) = 0 [pid 5810] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5086] getdents64(3, [pid 5085] <... close resumed>) = 0 [pid 5817] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5810] <... open resumed>) = 6 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5085] rmdir("./26/bus" [pid 5810] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] close(3 [pid 5085] <... rmdir resumed>) = 0 [pid 5810] <... futex resumed>) = 1 [pid 5809] <... futex resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5810] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] rmdir("./27" [pid 5085] getdents64(3, [pid 5809] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... rmdir resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5086] mkdir("./28", 0777 [pid 5085] close(3 [pid 5810] <... futex resumed>) = 0 [pid 5809] <... futex resumed>) = 1 [pid 5085] <... close resumed>) = 0 [pid 5809] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5810] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5086] <... mkdir resumed>) = 0 [pid 5085] rmdir("./26" [pid 5820] <... write resumed>) = 1048576 [pid 5820] munmap(0x7f56517c2000, 1048576) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5820] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5085] <... rmdir resumed>) = 0 [pid 5086] <... openat resumed>) = 3 [pid 5085] mkdir("./27", 0777 [pid 5086] ioctl(3, LOOP_CLR_FD [pid 5085] <... mkdir resumed>) = 0 [pid 5086] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5810] <... write resumed>) = 262144 [pid 5086] close(3 [pid 5085] <... openat resumed>) = 3 [pid 5810] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... close resumed>) = 0 [pid 5085] ioctl(3, LOOP_CLR_FD [pid 5810] <... futex resumed>) = 1 [pid 5809] <... futex resumed>) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5810] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5809] exit_group(0 [pid 5085] close(3 [pid 5818] <... futex resumed>) = ? [pid 5810] <... futex resumed>) = ? [pid 5809] <... exit_group resumed>) = ? [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5822 [pid 5085] <... close resumed>) = 0 [pid 5818] +++ exited with 0 +++ [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 5823 [pid 5810] +++ exited with 0 +++ [pid 5809] +++ exited with 0 +++ [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5809, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- ./strace-static-x86_64: Process 5823 attached [pid 5084] <... umount2 resumed>) = 0 [ 103.231462][ T9] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 103.250536][ T9] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 103.271151][ T5084] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.281432][ T5820] loop1: detected capacity change from 0 to 2048 [pid 5820] close(3 [pid 5081] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5820] <... close resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] mkdir("./bus", 0777 [pid 5081] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... mkdir resumed>) = 0 [pid 5081] <... openat resumed>) = 3 [pid 5820] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5081] fstat(3, [pid 5823] set_robust_list(0x555556f1a5e0, 24 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 ./strace-static-x86_64: Process 5822 attached [pid 5081] getdents64(3, [pid 5822] set_robust_list(0x555556f1a5e0, 24 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5822] <... set_robust_list resumed>) = 0 [pid 5081] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5822] chdir("./28" [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... chdir resumed>) = 0 [pid 5081] lstat("./27/binderfs", [pid 5822] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5822] <... prctl resumed>) = 0 [pid 5081] unlink("./27/binderfs" [pid 5822] setpgid(0, 0 [pid 5081] <... unlink resumed>) = 0 [pid 5822] <... setpgid resumed>) = 0 [pid 5081] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5822] write(3, "1000", 4) = 4 [pid 5822] close(3) = 0 [pid 5822] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5822] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5822] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5822] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5825], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5825 [pid 5822] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5825 attached [pid 5825] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 5825] memfd_create("syzkaller", 0) = 3 [pid 5825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5823] <... set_robust_list resumed>) = 0 [ 103.329236][ T5817] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 103.343146][ T46] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 103.358505][ T5817] ext4 filesystem being mounted at /root/syzkaller.22hR0w/28/bus supports timestamps until 2038 (0x7fffffff) [pid 5084] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5823] chdir("./27" [pid 5825] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5823] <... chdir resumed>) = 0 [pid 5817] <... mount resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5823] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5084] lstat("./28/bus", [pid 5823] <... prctl resumed>) = 0 [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5823] setpgid(0, 0 [pid 5084] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5823] <... setpgid resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5823] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5084] openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5823] <... openat resumed>) = 3 [pid 5823] write(3, "1000", 4 [pid 5084] <... openat resumed>) = 4 [pid 5823] <... write resumed>) = 4 [pid 5817] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5084] fstat(4, [pid 5823] close(3 [pid 5817] <... openat resumed>) = 3 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5823] <... close resumed>) = 0 [pid 5817] chdir("./bus" [ 103.370357][ T46] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 103.381491][ T46] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:3: mark_inode_dirty error [ 103.417810][ T5820] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5084] getdents64(4, [pid 5823] symlink("/dev/binderfs", "./binderfs" [pid 5817] <... chdir resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5825] <... write resumed>) = 1048576 [pid 5825] munmap(0x7f56517c2000, 1048576 [pid 5823] <... symlink resumed>) = 0 [pid 5817] ioctl(4, LOOP_CLR_FD [pid 5084] getdents64(4, [pid 5820] <... mount resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5825] <... munmap resumed>) = 0 [pid 5823] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... ioctl resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5825] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5823] <... futex resumed>) = 0 [pid 5817] close(4 [pid 5084] close(4 [pid 5825] <... openat resumed>) = 4 [pid 5823] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5817] <... close resumed>) = 0 [pid 5084] <... close resumed>) = 0 [ 103.421176][ T46] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 103.434678][ T5820] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/28/bus supports timestamps until 2038 (0x7fffffff) [ 103.448555][ T46] EXT4-fs (loop0): This should not happen!! Data will be lost [ 103.448555][ T46] [ 103.466617][ T46] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [pid 5825] ioctl(4, LOOP_SET_FD, 3 [pid 5823] <... mmap resumed>) = 0x7f5659bc2000 [pid 5817] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] rmdir("./28/bus" [pid 5825] <... ioctl resumed>) = 0 [pid 5823] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5820] chdir("./bus" [pid 5817] <... futex resumed>) = 1 [pid 5816] <... futex resumed>) = 0 [pid 5084] <... rmdir resumed>) = 0 [pid 5820] <... chdir resumed>) = 0 [pid 5820] ioctl(4, LOOP_CLR_FD) = 0 [pid 5820] close(4) = 0 [pid 5820] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5819] <... futex resumed>) = 0 [pid 5820] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5819] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5819] <... futex resumed>) = 0 [pid 5820] chdir("./file0" [pid 5819] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5825] close(3) = 0 [pid 5825] mkdir("./bus", 0777) = 0 [pid 5825] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5816] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... chdir resumed>) = 0 [pid 5816] <... futex resumed>) = 0 [pid 5820] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5816] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] <... futex resumed>) = 1 [pid 5823] <... mprotect resumed>) = 0 [pid 5820] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5819] <... futex resumed>) = 0 [pid 5817] chdir("./file0" [pid 5819] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... chdir resumed>) = 0 [pid 5820] <... futex resumed>) = 0 [pid 5819] <... futex resumed>) = 1 [pid 5823] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5820] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5819] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5817] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] getdents64(3, [pid 5817] <... futex resumed>) = 1 [pid 5816] <... futex resumed>) = 0 [pid 5816] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5817] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5816] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5828 attached [pid 5823] <... clone resumed>, parent_tid=[5828], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5828 [pid 5820] <... openat resumed>) = 4 [pid 5817] <... openat resumed>) = 4 [ 103.473961][ T5825] loop5: detected capacity change from 0 to 2048 [ 103.489922][ T46] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5823] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] close(3 [pid 5823] <... futex resumed>) = 0 [pid 5820] <... futex resumed>) = 1 [pid 5817] <... futex resumed>) = 1 [pid 5816] <... futex resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 5823] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5820] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5817] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5816] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] rmdir("./28" [pid 5817] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5816] <... futex resumed>) = 0 [pid 5084] <... rmdir resumed>) = 0 [pid 5817] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5816] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] mkdir("./29", 0777 [pid 5828] set_robust_list(0x7f5659be29e0, 24 [pid 5819] <... futex resumed>) = 0 [pid 5084] <... mkdir resumed>) = 0 [pid 5828] <... set_robust_list resumed>) = 0 [pid 5819] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... write resumed>) = 262144 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] memfd_create("syzkaller", 0 [pid 5825] <... mount resumed>) = 0 [pid 5820] <... futex resumed>) = 0 [pid 5819] <... futex resumed>) = 1 [pid 5817] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] <... memfd_create resumed>) = 3 [pid 5825] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5819] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... openat resumed>) = 3 [pid 5828] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5820] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5817] <... futex resumed>) = 1 [pid 5816] <... futex resumed>) = 0 [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5828] <... mmap resumed>) = 0x7f56517c2000 [pid 5825] <... openat resumed>) = 3 [pid 5825] chdir("./bus" [pid 5817] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5825] <... chdir resumed>) = 0 [pid 5825] ioctl(4, LOOP_CLR_FD) = 0 [pid 5825] close(4) = 0 [pid 5825] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5828] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5822] <... futex resumed>) = 0 [pid 5820] <... write resumed>) = 262144 [pid 5816] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5828] <... write resumed>) = 1048576 [pid 5822] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... futex resumed>) = 0 [pid 5816] <... futex resumed>) = 1 [pid 5084] close(3 [pid 5081] <... umount2 resumed>) = 0 [pid 5825] <... futex resumed>) = 0 [pid 5822] <... futex resumed>) = 1 [pid 5820] <... futex resumed>) = 1 [pid 5819] <... futex resumed>) = 0 [pid 5817] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5816] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... close resumed>) = 0 [pid 5081] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5825] chdir("./file0" [pid 5822] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5819] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... mmap resumed>) = 0x20000000 [ 103.528274][ T5081] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.540303][ T5825] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 103.552263][ T5825] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/28/bus supports timestamps until 2038 (0x7fffffff) [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5825] <... chdir resumed>) = 0 [pid 5820] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5819] <... futex resumed>) = 0 [pid 5817] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5817] <... futex resumed>) = 1 [pid 5825] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... mmap resumed>) = 0x20000000 [pid 5819] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5817] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5816] <... futex resumed>) = 0 [pid 5081] lstat("./27/bus", [pid 5825] <... futex resumed>) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5820] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5816] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5831 [pid 5825] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... futex resumed>) = 0 [pid 5819] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... futex resumed>) = 0 [pid 5816] <... futex resumed>) = 1 [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5825] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5822] <... futex resumed>) = 0 [pid 5820] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5819] <... futex resumed>) = 0 [pid 5817] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5816] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5825] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5822] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] <... open resumed>) = 5 [pid 5817] <... open resumed>) = 5 [pid 5820] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... futex resumed>) = 0 [pid 5817] <... futex resumed>) = 0 [pid 5820] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5817] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5828] munmap(0x7f56517c2000, 1048576) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5828] ioctl(4, LOOP_SET_FD, 3 [pid 5819] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5816] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... ioctl resumed>) = 0 [pid 5828] close(3) = 0 [pid 5828] mkdir("./bus", 0777) = 0 [pid 5828] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue"./strace-static-x86_64: Process 5831 attached [pid 5819] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5819] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5816] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... futex resumed>) = 1 [pid 5816] <... futex resumed>) = 1 [pid 5081] openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... futex resumed>) = 0 [pid 5817] <... futex resumed>) = 0 [pid 5820] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5817] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 5819] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5816] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... openat resumed>) = 4 [pid 5081] fstat(4, [pid 5825] <... openat resumed>) = 4 [pid 5820] <... mount resumed>) = 0 [pid 5817] <... mount resumed>) = 0 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5825] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] getdents64(4, [pid 5825] <... futex resumed>) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5820] <... futex resumed>) = 1 [pid 5819] <... futex resumed>) = 0 [pid 5817] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5825] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5822] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5819] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... futex resumed>) = 1 [pid 5816] <... futex resumed>) = 0 [pid 5081] getdents64(4, [pid 5822] <... futex resumed>) = 0 [pid 5820] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5819] <... futex resumed>) = 0 [pid 5817] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5816] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5819] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5817] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5816] <... futex resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5831] set_robust_list(0x555556f1a5e0, 24 [pid 5820] <... open resumed>) = 6 [pid 5817] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5816] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] close(4 [pid 5831] <... set_robust_list resumed>) = 0 [pid 5820] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... open resumed>) = 6 [pid 5081] <... close resumed>) = 0 [pid 5831] chdir("./29" [pid 5820] <... futex resumed>) = 1 [pid 5819] <... futex resumed>) = 0 [pid 5817] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... chdir resumed>) = 0 [pid 5820] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5819] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... futex resumed>) = 1 [pid 5816] <... futex resumed>) = 0 [pid 5081] rmdir("./27/bus" [pid 5831] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5819] <... futex resumed>) = 0 [pid 5817] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5816] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... prctl resumed>) = 0 [pid 5820] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5817] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5831] setpgid(0, 0 [pid 5819] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5817] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5816] <... futex resumed>) = 0 [pid 5081] <... rmdir resumed>) = 0 [pid 5831] <... setpgid resumed>) = 0 [pid 5820] <... write resumed>) = 262144 [pid 5816] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] getdents64(3, [pid 5831] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5820] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... write resumed>) = 262144 [pid 5831] <... openat resumed>) = 3 [pid 5820] <... futex resumed>) = 1 [pid 5819] <... futex resumed>) = 0 [ 103.615475][ T27] audit: type=1800 audit(1678856055.015:170): pid=5820 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop1" ino=19 res=0 errno=0 [ 103.636375][ T5828] loop4: detected capacity change from 0 to 2048 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5831] write(3, "1000", 4 [pid 5820] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5819] exit_group(0 [pid 5817] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] close(3 [pid 5820] <... futex resumed>) = ? [pid 5819] <... exit_group resumed>) = ? [pid 5831] <... write resumed>) = 4 [pid 5820] +++ exited with 0 +++ [pid 5817] <... futex resumed>) = 1 [pid 5816] <... futex resumed>) = 0 [pid 5831] close(3 [pid 5817] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] <... close resumed>) = 0 [pid 5831] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5831] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5819] +++ exited with 0 +++ [pid 5816] exit_group(0 [pid 5831] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5831] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5834], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5834 [pid 5831] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5816] <... exit_group resumed>) = ? [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5819, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5081] <... close resumed>) = 0 [pid 5822] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5834 attached [pid 5825] <... write resumed>) = 262144 [pid 5822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5817] <... futex resumed>) = ? [pid 5081] rmdir("./27" [pid 5834] set_robust_list(0x7f5659be29e0, 24 [pid 5822] <... mmap resumed>) = 0x7f56518a1000 [pid 5082] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... rmdir resumed>) = 0 [pid 5834] <... set_robust_list resumed>) = 0 [ 103.681493][ T27] audit: type=1800 audit(1678856055.015:171): pid=5817 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop2" ino=19 res=0 errno=0 [ 103.711966][ T5828] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5822] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 5817] +++ exited with 0 +++ [pid 5816] +++ exited with 0 +++ [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] mkdir("./28", 0777 [pid 5834] memfd_create("syzkaller", 0 [pid 5822] <... mprotect resumed>) = 0 [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5816, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5082] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5825] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] <... mkdir resumed>) = 0 [pid 5834] <... memfd_create resumed>) = 3 [pid 5082] <... openat resumed>) = 3 [pid 5834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5828] <... mount resumed>) = 0 [pid 5822] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5082] fstat(3, [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5834] <... mmap resumed>) = 0x7f56517c2000 [pid 5825] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5822] <... clone resumed>, parent_tid=[5835], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 5835 [pid 5082] getdents64(3, [pid 5081] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5835 attached [pid 5835] set_robust_list(0x7f56518c19e0, 24) = 0 [pid 5835] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [ 103.730433][ T5828] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/27/bus supports timestamps until 2038 (0x7fffffff) [pid 5834] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5828] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5822] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] ioctl(3, LOOP_CLR_FD [pid 5828] <... openat resumed>) = 3 [pid 5822] <... futex resumed>) = 1 [pid 5083] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5828] chdir("./bus" [pid 5822] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5828] <... chdir resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./28/binderfs", [pid 5081] close(3 [pid 5828] ioctl(4, LOOP_CLR_FD [pid 5083] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5834] <... write resumed>) = 1048576 [pid 5828] <... ioctl resumed>) = 0 [pid 5083] <... openat resumed>) = 3 [pid 5081] <... close resumed>) = 0 [pid 5834] munmap(0x7f56517c2000, 1048576 [pid 5828] close(4 [pid 5083] fstat(3, [pid 5082] unlink("./28/binderfs" [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5834] <... munmap resumed>) = 0 [pid 5828] <... close resumed>) = 0 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... unlink resumed>) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5828] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] getdents64(3, [pid 5082] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5836 [pid 5834] <... openat resumed>) = 4 [pid 5828] <... futex resumed>) = 1 [pid 5823] <... futex resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5834] ioctl(4, LOOP_SET_FD, 3 [pid 5828] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5823] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5835] <... futex resumed>) = 0 [pid 5835] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 5835] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... futex resumed>) = 0 [pid 5822] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = 0 [pid 5822] <... futex resumed>) = 1 [pid 5825] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5822] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... futex resumed>) = 1 [pid 5828] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5825] <... open resumed>) = 5 [pid 5823] <... futex resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5835] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5825] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5825] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5822] <... futex resumed>) = 0 [pid 5825] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5822] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5825] <... mount resumed>) = 0 [pid 5825] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5825] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5822] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5836 attached [pid 5825] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5822] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5836] set_robust_list(0x555556f1a5e0, 24 [pid 5825] <... open resumed>) = 6 [pid 5836] <... set_robust_list resumed>) = 0 [pid 5825] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] chdir("./28" [pid 5825] <... futex resumed>) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5836] <... chdir resumed>) = 0 [pid 5825] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 103.777352][ T9] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 103.778790][ T5834] loop3: detected capacity change from 0 to 2048 [ 103.797597][ T27] audit: type=1800 audit(1678856055.195:172): pid=5825 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop5" ino=19 res=0 errno=0 [pid 5823] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5834] <... ioctl resumed>) = 0 [pid 5828] chdir("./file0" [pid 5825] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5822] <... futex resumed>) = 0 [pid 5083] lstat("./28/binderfs", [pid 5836] <... prctl resumed>) = 0 [pid 5834] close(3 [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5834] <... close resumed>) = 0 [pid 5083] unlink("./28/binderfs" [pid 5836] setpgid(0, 0 [pid 5834] mkdir("./bus", 0777 [pid 5828] <... chdir resumed>) = 0 [pid 5825] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5822] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... unlink resumed>) = 0 [pid 5836] <... setpgid resumed>) = 0 [pid 5834] <... mkdir resumed>) = 0 [pid 5828] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5834] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5828] <... futex resumed>) = 1 [pid 5823] <... futex resumed>) = 0 [pid 5836] <... openat resumed>) = 3 [pid 5828] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5823] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] write(3, "1000", 4 [pid 5823] <... futex resumed>) = 0 [pid 5836] <... write resumed>) = 4 [pid 5823] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5836] close(3 [pid 5828] <... openat resumed>) = 4 [pid 5836] <... close resumed>) = 0 [pid 5828] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] symlink("/dev/binderfs", "./binderfs" [pid 5828] <... futex resumed>) = 1 [pid 5823] <... futex resumed>) = 0 [pid 5836] <... symlink resumed>) = 0 [pid 5828] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 103.820960][ T9] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5823] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5836] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5836] <... futex resumed>) = 0 [pid 5828] <... write resumed>) = 262144 [pid 5825] <... write resumed>) = 262144 [pid 5822] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5834] <... mount resumed>) = 0 [ 103.855946][ T948] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 103.870382][ T9] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [ 103.885445][ T5834] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/29/bus supports timestamps until 2038 (0x7fffffff) [pid 5836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5828] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... mmap resumed>) = 0x7f5659bc2000 [pid 5828] <... futex resumed>) = 1 [pid 5825] <... futex resumed>) = 0 [pid 5823] <... futex resumed>) = 0 [pid 5822] exit_group(0) = ? [pid 5834] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5834] chdir("./bus") = 0 [pid 5834] ioctl(4, LOOP_CLR_FD [pid 5836] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5835] <... futex resumed>) = ? [pid 5828] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5823] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... ioctl resumed>) = 0 [pid 5834] close(4) = 0 [pid 5834] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] <... mprotect resumed>) = 0 [pid 5835] +++ exited with 0 +++ [pid 5831] <... futex resumed>) = 0 [pid 5828] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5825] +++ exited with 0 +++ [pid 5823] <... futex resumed>) = 0 [pid 5822] +++ exited with 0 +++ [pid 5836] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5831] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5823] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5822, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5834] <... futex resumed>) = 0 [pid 5831] <... futex resumed>) = 1 [pid 5836] <... clone resumed>, parent_tid=[5839], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5839 [pid 5834] chdir("./file0" [pid 5831] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5828] <... mmap resumed>) = 0x20000000 [pid 5836] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] <... chdir resumed>) = 0 [pid 5828] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5834] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] <... futex resumed>) = 1 [pid 5823] <... futex resumed>) = 0 [pid 5834] <... futex resumed>) = 1 [pid 5831] <... futex resumed>) = 0 [pid 5828] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5823] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5823] <... futex resumed>) = 0 [pid 5834] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5831] <... futex resumed>) = 0 [pid 5828] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5834] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5831] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 103.887421][ T948] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 103.907945][ T9] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 103.921183][ T948] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [ 103.931273][ T9] EXT4-fs (loop1): This should not happen!! Data will be lost [ 103.931273][ T9] [pid 5823] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5839 attached [pid 5834] <... openat resumed>) = 4 [pid 5828] <... open resumed>) = 5 [pid 5086] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5086] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5839] set_robust_list(0x7f5659be29e0, 24 [pid 5834] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 103.952529][ T27] audit: type=1800 audit(1678856055.355:173): pid=5828 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop4" ino=19 res=0 errno=0 [ 103.970048][ T948] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 103.985756][ T9] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 103.988418][ T948] EXT4-fs (loop2): This should not happen!! Data will be lost [pid 5086] lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./28/binderfs" [pid 5839] <... set_robust_list resumed>) = 0 [pid 5834] <... futex resumed>) = 1 [pid 5831] <... futex resumed>) = 0 [pid 5828] <... futex resumed>) = 1 [pid 5823] <... futex resumed>) = 0 [pid 5086] <... unlink resumed>) = 0 [pid 5086] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5839] memfd_create("syzkaller", 0 [pid 5834] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5823] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] <... memfd_create resumed>) = 3 [pid 5834] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5831] <... futex resumed>) = 0 [pid 5828] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5823] <... futex resumed>) = 0 [pid 5839] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5834] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5831] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5828] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 5823] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] <... mmap resumed>) = 0x7f56517c2000 [pid 5828] <... mount resumed>) = 0 [ 103.988418][ T948] [ 104.012635][ T948] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 104.027232][ T948] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 104.031943][ T9] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 5828] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5823] <... futex resumed>) = 0 [pid 5828] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5823] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] <... open resumed>) = 6 [pid 5823] <... futex resumed>) = 0 [pid 5828] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5828] <... futex resumed>) = 0 [pid 5823] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5828] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5823] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5828] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5823] <... futex resumed>) = 0 [pid 5828] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5823] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5828] <... write resumed>) = 262144 [pid 5828] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] <... futex resumed>) = 0 [pid 5823] exit_group(0) = ? [pid 5828] <... futex resumed>) = ? [pid 5083] <... umount2 resumed>) = 0 [pid 5831] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5828] +++ exited with 0 +++ [pid 5823] +++ exited with 0 +++ [pid 5831] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5823, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5831] <... futex resumed>) = 0 [pid 5834] <... write resumed>) = 262144 [pid 5831] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f56518a1000 [pid 5085] umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5831] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5834] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... mprotect resumed>) = 0 [pid 5085] openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5834] <... futex resumed>) = 0 [pid 5831] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5085] <... openat resumed>) = 3 [pid 5083] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5834] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] fstat(3, [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... clone resumed>, parent_tid=[5840], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 5840 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] lstat("./28/bus", [pid 5831] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] getdents64(3, [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5831] <... futex resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5831] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./27/binderfs", [pid 5083] openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5840 attached [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 104.054796][ T46] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [pid 5083] <... openat resumed>) = 4 [pid 5840] set_robust_list(0x7f56518c19e0, 24 [pid 5085] unlink("./27/binderfs" [pid 5083] fstat(4, [pid 5840] <... set_robust_list resumed>) = 0 [pid 5085] <... unlink resumed>) = 0 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5840] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5085] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] getdents64(4, [pid 5840] <... mmap resumed>) = 0x20000000 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5840] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] getdents64(4, [pid 5840] <... futex resumed>) = 1 [pid 5831] <... futex resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5840] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5831] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] close(4 [pid 5834] <... futex resumed>) = 0 [pid 5831] <... futex resumed>) = 1 [pid 5083] <... close resumed>) = 0 [pid 5834] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5831] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] rmdir("./28/bus" [pid 5839] <... write resumed>) = 1048576 [pid 5834] <... open resumed>) = 5 [pid 5839] munmap(0x7f56517c2000, 1048576 [pid 5083] <... rmdir resumed>) = 0 [pid 5839] <... munmap resumed>) = 0 [pid 5083] getdents64(3, [pid 5839] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5839] <... openat resumed>) = 4 [pid 5083] close(3 [pid 5839] ioctl(4, LOOP_SET_FD, 3 [pid 5083] <... close resumed>) = 0 [ 104.116457][ T27] audit: type=1800 audit(1678856055.515:174): pid=5834 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop3" ino=19 res=0 errno=0 [ 104.138128][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 104.147519][ T5839] loop0: detected capacity change from 0 to 2048 [pid 5839] <... ioctl resumed>) = 0 [pid 5834] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] rmdir("./28" [pid 5839] close(3 [pid 5834] <... futex resumed>) = 1 [pid 5831] <... futex resumed>) = 0 [pid 5083] <... rmdir resumed>) = 0 [pid 5839] <... close resumed>) = 0 [pid 5083] mkdir("./29", 0777 [pid 5839] mkdir("./bus", 0777 [pid 5083] <... mkdir resumed>) = 0 [pid 5839] <... mkdir resumed>) = 0 [pid 5834] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 5831] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5839] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5834] <... mount resumed>) = 0 [pid 5831] <... futex resumed>) = 0 [pid 5083] <... openat resumed>) = 3 [pid 5834] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... futex resumed>) = 0 [pid 5831] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 104.159099][ T46] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 104.160957][ T11] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 104.192493][ T11] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [pid 5083] close(3 [pid 5834] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5831] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... close resumed>) = 0 [pid 5082] <... umount2 resumed>) = 0 [pid 5831] <... futex resumed>) = 0 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5831] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5842 [pid 5834] <... open resumed>) = 6 [pid 5834] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5834] <... futex resumed>) = 1 [pid 5831] <... futex resumed>) = 0 [pid 5834] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5831] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5831] <... futex resumed>) = 0 [ 104.210852][ T46] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:3: mark_inode_dirty error [ 104.223126][ T11] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 104.236879][ T46] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 104.252172][ T5839] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/28/bus supports timestamps until 2038 (0x7fffffff) [pid 5831] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] lstat("./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5082] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5082] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] close(4) = 0 [pid 5082] rmdir("./28/bus") = 0 [pid 5082] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] close(3) = 0 [pid 5082] rmdir("./28") = 0 [pid 5082] mkdir("./29", 0777) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 ./strace-static-x86_64: Process 5842 attached [pid 5842] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 5842] chdir("./29") = 0 [pid 5842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5842] setpgid(0, 0) = 0 [pid 5842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5082] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5842] <... openat resumed>) = 3 [pid 5082] close(3 [pid 5842] write(3, "1000", 4) = 4 [pid 5842] close(3) = 0 [pid 5831] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5082] <... close resumed>) = 0 [pid 5842] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5842] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5842] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5842] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5842] <... clone resumed>, parent_tid=[5844], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5844 [pid 5842] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5845 [ 104.259375][ T11] EXT4-fs (loop4): This should not happen!! Data will be lost [ 104.259375][ T11] [ 104.298853][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5842] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5834] <... write resumed>) = 262144 ./strace-static-x86_64: Process 5845 attached [pid 5834] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] set_robust_list(0x555556f1a5e0, 24./strace-static-x86_64: Process 5844 attached ) = 0 [pid 5839] <... mount resumed>) = 0 [pid 5834] <... futex resumed>) = 0 [pid 5831] exit_group(0) = ? [pid 5845] chdir("./29") = 0 [pid 5845] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5845] setpgid(0, 0) = 0 [pid 5845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5845] write(3, "1000", 4) = 4 [pid 5845] close(3) = 0 [pid 5845] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5845] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5845] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5845] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5844] set_robust_list(0x7f5659be29e0, 24 [pid 5839] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5840] <... futex resumed>) = ? [pid 5844] <... set_robust_list resumed>) = 0 [pid 5839] <... openat resumed>) = 3 [pid 5834] +++ exited with 0 +++ [pid 5844] memfd_create("syzkaller", 0 [pid 5845] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5846], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5846 [pid 5845] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5845] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5846 attached [pid 5846] set_robust_list(0x7f5659be29e0, 24) = 0 [ 104.320426][ T46] EXT4-fs (loop5): This should not happen!! Data will be lost [ 104.320426][ T46] [ 104.333993][ T46] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 104.337541][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5844] <... memfd_create resumed>) = 3 [pid 5840] +++ exited with 0 +++ [pid 5839] chdir("./bus" [pid 5831] +++ exited with 0 +++ [pid 5844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5839] <... chdir resumed>) = 0 [pid 5844] <... mmap resumed>) = 0x7f56517c2000 [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5831, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 5839] ioctl(4, LOOP_CLR_FD [pid 5846] memfd_create("syzkaller", 0) = 3 [pid 5846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5084] restart_syscall(<... resuming interrupted clone ...> [pid 5839] <... ioctl resumed>) = 0 [pid 5084] <... restart_syscall resumed>) = 0 [pid 5839] close(4 [pid 5084] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5839] <... close resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5839] <... futex resumed>) = 1 [pid 5836] <... futex resumed>) = 0 [pid 5839] chdir("./file0" [pid 5836] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... openat resumed>) = 3 [pid 5836] <... futex resumed>) = 0 [pid 5839] <... chdir resumed>) = 0 [pid 5836] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] fstat(3, [pid 5836] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5839] <... futex resumed>) = 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5836] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5084] getdents64(3, [pid 5836] <... futex resumed>) = 0 [pid 5836] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5084] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5839] <... openat resumed>) = 4 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] lstat("./29/binderfs", [pid 5839] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5836] <... futex resumed>) = 0 [pid 5084] unlink("./29/binderfs" [pid 5839] <... futex resumed>) = 1 [pid 5836] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5839] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5836] <... futex resumed>) = 0 [pid 5084] <... unlink resumed>) = 0 [pid 5844] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5836] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 104.370019][ T46] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [pid 5084] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5846] <... write resumed>) = 1048576 [pid 5846] munmap(0x7f56517c2000, 1048576) = 0 [pid 5846] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5846] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5846] close(3) = 0 [pid 5846] mkdir("./bus", 0777) = 0 [pid 5846] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5836] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5836] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f56518a1000 [pid 5836] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5085] <... umount2 resumed>) = 0 [pid 5836] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5085] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5839] <... write resumed>) = 262144 [pid 5836] <... clone resumed>, parent_tid=[5848], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 5848 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5848 attached [pid 5839] <... futex resumed>) = 0 [pid 5836] <... futex resumed>) = 0 [ 104.422904][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 104.433057][ T5846] loop1: detected capacity change from 0 to 2048 [pid 5085] lstat("./27/bus", [pid 5839] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] <... write resumed>) = 1048576 [pid 5844] munmap(0x7f56517c2000, 1048576) = 0 [pid 5848] set_robust_list(0x7f56518c19e0, 24 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5844] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5844] ioctl(4, LOOP_SET_FD, 3 [pid 5848] <... set_robust_list resumed>) = 0 [pid 5844] <... ioctl resumed>) = 0 [pid 5085] umount2("./27/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5848] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5848] <... mmap resumed>) = 0x20000000 [pid 5085] openat(AT_FDCWD, "./27/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5848] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... openat resumed>) = 4 [pid 5848] <... futex resumed>) = 1 [pid 5836] <... futex resumed>) = 0 [pid 5085] fstat(4, [pid 5848] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5839] <... futex resumed>) = 0 [pid 5836] <... futex resumed>) = 1 [pid 5085] getdents64(4, [ 104.480359][ T11] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 104.498387][ T5844] loop2: detected capacity change from 0 to 2048 [ 104.510445][ T5846] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/29/bus supports timestamps until 2038 (0x7fffffff) [pid 5839] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5836] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5846] <... mount resumed>) = 0 [pid 5839] <... open resumed>) = 5 [pid 5085] getdents64(4, [pid 5846] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5839] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5846] <... openat resumed>) = 3 [pid 5839] <... futex resumed>) = 1 [pid 5836] <... futex resumed>) = 0 [pid 5085] close(4 [pid 5846] chdir("./bus" [pid 5839] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... close resumed>) = 0 [pid 5846] <... chdir resumed>) = 0 [pid 5839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5836] <... futex resumed>) = 0 [pid 5085] rmdir("./27/bus" [pid 5846] ioctl(4, LOOP_CLR_FD [pid 5086] <... umount2 resumed>) = 0 [pid 5844] close(3) = 0 [ 104.525031][ T27] audit: type=1800 audit(1678856055.925:175): pid=5839 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop0" ino=19 res=0 errno=0 [ 104.525299][ T11] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [pid 5844] mkdir("./bus", 0777) = 0 [pid 5839] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5836] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5846] <... ioctl resumed>) = 0 [pid 5844] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5085] <... rmdir resumed>) = 0 [pid 5086] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5839] <... mount resumed>) = 0 [pid 5846] close(4 [pid 5839] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] getdents64(3, [pid 5846] <... close resumed>) = 0 [pid 5086] lstat("./28/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [ 104.570149][ T11] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 104.584542][ T11] EXT4-fs (loop3): This should not happen!! Data will be lost [ 104.584542][ T11] [ 104.597099][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5086] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5839] <... futex resumed>) = 1 [pid 5086] close(4 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5846] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... futex resumed>) = 0 [pid 5846] <... futex resumed>) = 1 [pid 5845] <... futex resumed>) = 0 [pid 5839] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... close resumed>) = 0 [pid 5085] close(3 [pid 5845] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] rmdir("./28/bus" [pid 5846] chdir("./file0" [pid 5845] <... futex resumed>) = 0 [pid 5839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5836] <... futex resumed>) = 0 [pid 5086] <... rmdir resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5846] <... chdir resumed>) = 0 [pid 5845] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5839] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5836] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] getdents64(3, [pid 5085] rmdir("./27" [pid 5846] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5839] <... open resumed>) = 6 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [ 104.619579][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5846] <... futex resumed>) = 0 [pid 5845] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5839] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] close(3 [pid 5085] <... rmdir resumed>) = 0 [pid 5084] <... umount2 resumed>) = 0 [pid 5846] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5839] <... futex resumed>) = 1 [pid 5836] <... futex resumed>) = 0 [pid 5085] mkdir("./28", 0777 [pid 5084] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5839] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... mkdir resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5839] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5836] <... futex resumed>) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5084] lstat("./29/bus", [pid 5839] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5836] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... openat resumed>) = 3 [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5845] <... futex resumed>) = 0 [pid 5844] <... mount resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5085] ioctl(3, LOOP_CLR_FD [pid 5084] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5846] <... openat resumed>) = 4 [pid 5845] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5086] rmdir("./28" [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5846] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... openat resumed>) = 3 [pid 5839] <... write resumed>) = 262144 [pid 5086] <... rmdir resumed>) = 0 [pid 5085] close(3 [pid 5084] openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5846] <... futex resumed>) = 1 [pid 5845] <... futex resumed>) = 0 [pid 5844] chdir("./bus" [pid 5839] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] mkdir("./29", 0777 [pid 5085] <... close resumed>) = 0 [pid 5084] <... openat resumed>) = 4 [pid 5846] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5845] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... chdir resumed>) = 0 [pid 5839] <... futex resumed>) = 1 [pid 5836] <... futex resumed>) = 0 [pid 5086] <... mkdir resumed>) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5084] fstat(4, [pid 5846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5845] <... futex resumed>) = 0 [pid 5844] ioctl(4, LOOP_CLR_FD [pid 5839] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] exit_group(0 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5848] <... futex resumed>) = ? [pid 5846] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5845] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] <... ioctl resumed>) = 0 [pid 5839] <... futex resumed>) = ? [pid 5836] <... exit_group resumed>) = ? [pid 5086] <... openat resumed>) = 3 [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5852 [pid 5084] getdents64(4, [pid 5848] +++ exited with 0 +++ [pid 5844] close(4 [pid 5839] +++ exited with 0 +++ [pid 5836] +++ exited with 0 +++ [pid 5086] ioctl(3, LOOP_CLR_FD [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5844] <... close resumed>) = 0 [pid 5086] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5084] getdents64(4, [pid 5844] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] close(3 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5836, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- ./strace-static-x86_64: Process 5852 attached [pid 5846] <... write resumed>) = 262144 [pid 5844] <... futex resumed>) = 1 [pid 5842] <... futex resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5084] close(4 [pid 5081] restart_syscall(<... resuming interrupted clone ...> [pid 5852] set_robust_list(0x555556f1a5e0, 24 [pid 5844] chdir("./file0" [pid 5842] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5084] <... close resumed>) = 0 [pid 5081] <... restart_syscall resumed>) = 0 [pid 5852] <... set_robust_list resumed>) = 0 [pid 5844] <... chdir resumed>) = 0 [pid 5842] <... futex resumed>) = 0 [pid 5844] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] rmdir("./29/bus" [pid 5852] chdir("./28" [pid 5844] <... futex resumed>) = 0 [pid 5842] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 104.658677][ T5844] ext4 filesystem being mounted at /root/syzkaller.22hR0w/29/bus supports timestamps until 2038 (0x7fffffff) [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5853 [pid 5852] <... chdir resumed>) = 0 [pid 5844] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5842] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 5853 attached [pid 5852] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5842] <... futex resumed>) = 0 [pid 5084] getdents64(3, [pid 5081] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5853] set_robust_list(0x555556f1a5e0, 24 [pid 5852] <... prctl resumed>) = 0 [pid 5846] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5842] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5853] <... set_robust_list resumed>) = 0 [pid 5852] setpgid(0, 0 [pid 5846] <... futex resumed>) = 1 [pid 5845] <... futex resumed>) = 0 [pid 5844] <... openat resumed>) = 4 [pid 5084] close(3 [pid 5081] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5853] chdir("./29" [pid 5852] <... setpgid resumed>) = 0 [pid 5846] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5845] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... close resumed>) = 0 [pid 5081] <... openat resumed>) = 3 [pid 5853] <... chdir resumed>) = 0 [pid 5852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5845] <... futex resumed>) = 0 [pid 5844] <... futex resumed>) = 1 [pid 5842] <... futex resumed>) = 0 [pid 5084] rmdir("./29" [pid 5081] fstat(3, [pid 5853] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5852] <... openat resumed>) = 3 [pid 5846] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5845] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5842] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... prctl resumed>) = 0 [pid 5852] write(3, "1000", 4 [pid 5846] <... mmap resumed>) = 0x20000000 [pid 5844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5842] <... futex resumed>) = 0 [pid 5084] <... rmdir resumed>) = 0 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5853] setpgid(0, 0 [pid 5852] <... write resumed>) = 4 [pid 5846] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5842] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] mkdir("./30", 0777 [pid 5081] getdents64(3, [pid 5853] <... setpgid resumed>) = 0 [pid 5852] close(3 [pid 5846] <... futex resumed>) = 1 [pid 5845] <... futex resumed>) = 0 [pid 5084] <... mkdir resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5853] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5852] <... close resumed>) = 0 [pid 5846] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5845] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5081] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5853] <... openat resumed>) = 3 [pid 5852] symlink("/dev/binderfs", "./binderfs" [pid 5846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5845] <... futex resumed>) = 0 [pid 5084] <... openat resumed>) = 3 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5853] write(3, "1000", 4 [pid 5852] <... symlink resumed>) = 0 [pid 5846] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5845] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5081] lstat("./28/binderfs", [pid 5853] <... write resumed>) = 4 [pid 5852] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... open resumed>) = 5 [pid 5844] <... write resumed>) = 262144 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5852] <... futex resumed>) = 0 [pid 5084] close(3 [pid 5081] unlink("./28/binderfs" [pid 5852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5084] <... close resumed>) = 0 [pid 5853] close(3 [pid 5081] <... unlink resumed>) = 0 [pid 5846] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... mmap resumed>) = 0x7f5659bc2000 [pid 5844] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5081] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5854 attached [pid 5853] <... close resumed>) = 0 [pid 5852] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5846] <... futex resumed>) = 1 [pid 5845] <... futex resumed>) = 0 [pid 5844] <... futex resumed>) = 1 [pid 5842] <... futex resumed>) = 0 [pid 5854] set_robust_list(0x555556f1a5e0, 24 [pid 5853] symlink("/dev/binderfs", "./binderfs" [pid 5852] <... mprotect resumed>) = 0 [pid 5846] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5844] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5854 [pid 5854] <... set_robust_list resumed>) = 0 [pid 5853] <... symlink resumed>) = 0 [pid 5852] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5854] chdir("./30" [pid 5853] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... chdir resumed>) = 0 [pid 5853] <... futex resumed>) = 0 [pid 5852] <... clone resumed>, parent_tid=[5855], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5855 [pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5853] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5852] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... prctl resumed>) = 0 [pid 5853] <... mmap resumed>) = 0x7f5659bc2000 [pid 5852] <... futex resumed>) = 0 [pid 5845] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] setpgid(0, 0 [pid 5853] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5852] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5846] <... futex resumed>) = 0 [pid 5845] <... futex resumed>) = 1 [pid 5844] <... futex resumed>) = 0 [pid 5842] <... futex resumed>) = 1 ./strace-static-x86_64: Process 5855 attached [pid 5854] <... setpgid resumed>) = 0 [pid 5853] <... mprotect resumed>) = 0 [pid 5846] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5845] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5842] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5853] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5846] <... mount resumed>) = 0 [pid 5855] set_robust_list(0x7f5659be29e0, 24 [pid 5854] <... openat resumed>) = 3 [pid 5844] <... mmap resumed>) = 0x20000000 [pid 5854] write(3, "1000", 4 [pid 5853] <... clone resumed>, parent_tid=[5856], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5856 [pid 5854] <... write resumed>) = 4 [pid 5853] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] close(3 [pid 5853] <... futex resumed>) = 0 [pid 5854] <... close resumed>) = 0 [pid 5853] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5854] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5846] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... set_robust_list resumed>) = 0 [pid 5854] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... futex resumed>) = 1 [pid 5845] <... futex resumed>) = 0 [pid 5844] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] memfd_create("syzkaller", 0 [pid 5854] <... futex resumed>) = 0 [pid 5846] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5845] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... futex resumed>) = 1 [pid 5842] <... futex resumed>) = 0 [ 104.764361][ T27] audit: type=1800 audit(1678856056.165:176): pid=5846 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop1" ino=19 res=0 errno=0 [ 104.794066][ T948] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 5854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5854] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5854] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5857], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5857 [pid 5854] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5845] <... futex resumed>) = 0 [pid 5844] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5842] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5856 attached [pid 5855] <... memfd_create resumed>) = 3 [pid 5846] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5845] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5842] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5857 attached [pid 5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5846] <... open resumed>) = 6 [pid 5856] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 5856] memfd_create("syzkaller", 0) = 3 [pid 5856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5857] set_robust_list(0x7f5659be29e0, 24 [pid 5855] <... mmap resumed>) = 0x7f56517c2000 [pid 5846] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5842] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] <... set_robust_list resumed>) = 0 [pid 5856] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5855] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5846] <... futex resumed>) = 1 [pid 5845] <... futex resumed>) = 0 [pid 5844] <... open resumed>) = 5 [pid 5857] memfd_create("syzkaller", 0 [pid 5845] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 104.831119][ T948] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 104.843294][ T948] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [ 104.857224][ T948] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5845] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] <... write resumed>) = 1048576 [pid 5856] munmap(0x7f56517c2000, 1048576) = 0 [pid 5856] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5856] ioctl(4, LOOP_SET_FD, 3 [pid 5857] <... memfd_create resumed>) = 3 [pid 5846] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5844] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5844] <... futex resumed>) = 1 [pid 5842] <... futex resumed>) = 0 [pid 5856] <... ioctl resumed>) = 0 [pid 5856] close(3) = 0 [pid 5856] mkdir("./bus", 0777 [pid 5857] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5844] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 5842] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5844] <... mount resumed>) = 0 [pid 5842] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5845] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5844] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5846] <... write resumed>) = 262144 [pid 5844] <... futex resumed>) = 0 [pid 5842] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5842] <... futex resumed>) = 0 [pid 5856] <... mkdir resumed>) = 0 [pid 5855] <... write resumed>) = 1048576 [pid 5846] <... futex resumed>) = 0 [pid 5845] exit_group(0 [pid 5844] <... open resumed>) = 6 [pid 5842] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5855] munmap(0x7f56517c2000, 1048576 [pid 5845] <... exit_group resumed>) = ? [pid 5844] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5855] <... munmap resumed>) = 0 [pid 5844] <... futex resumed>) = 0 [pid 5842] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] +++ exited with 0 +++ [pid 5845] +++ exited with 0 +++ [pid 5855] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5844] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5842] <... futex resumed>) = 0 [pid 5855] <... openat resumed>) = 4 [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5845, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5082] restart_syscall(<... resuming interrupted clone ...>) = 0 [ 104.879273][ T27] audit: type=1800 audit(1678856056.275:177): pid=5844 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop2" ino=19 res=0 errno=0 [ 104.895018][ T5856] loop5: detected capacity change from 0 to 2048 [ 104.910155][ T948] EXT4-fs (loop0): This should not happen!! Data will be lost [ 104.910155][ T948] [pid 5082] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5855] ioctl(4, LOOP_SET_FD, 3 [pid 5844] <... write resumed>) = 262144 [pid 5842] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5082] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5844] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] lstat("./29/binderfs", [pid 5844] <... futex resumed>) = 1 [pid 5842] <... futex resumed>) = 0 [pid 5082] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 104.963312][ T948] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 104.977688][ T5855] loop4: detected capacity change from 0 to 2048 [ 104.991547][ T5856] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/29/bus supports timestamps until 2038 (0x7fffffff) [pid 5844] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5842] exit_group(0 [pid 5082] unlink("./29/binderfs" [pid 5857] <... write resumed>) = 1048576 [pid 5855] <... ioctl resumed>) = 0 [pid 5844] <... futex resumed>) = ? [pid 5842] <... exit_group resumed>) = ? [pid 5857] munmap(0x7f56517c2000, 1048576 [pid 5855] close(3 [pid 5844] +++ exited with 0 +++ [pid 5842] +++ exited with 0 +++ [pid 5082] <... unlink resumed>) = 0 [pid 5857] <... munmap resumed>) = 0 [pid 5855] <... close resumed>) = 0 [pid 5857] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5855] mkdir("./bus", 0777 [pid 5857] <... openat resumed>) = 4 [pid 5855] <... mkdir resumed>) = 0 [pid 5857] ioctl(4, LOOP_SET_FD, 3 [pid 5855] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5842, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5082] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5857] <... ioctl resumed>) = 0 [pid 5857] close(3) = 0 [pid 5857] mkdir("./bus", 0777) = 0 [pid 5857] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5083] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5856] <... mount resumed>) = 0 [pid 5856] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5856] chdir("./bus" [pid 5083] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5856] <... chdir resumed>) = 0 [pid 5083] <... openat resumed>) = 3 [pid 5856] ioctl(4, LOOP_CLR_FD [pid 5083] fstat(3, [pid 5856] <... ioctl resumed>) = 0 [pid 5856] close(4) = 0 [pid 5856] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5856] <... futex resumed>) = 1 [pid 5853] <... futex resumed>) = 0 [pid 5083] getdents64(3, [pid 5853] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5853] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5856] chdir("./file0" [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] lstat("./29/binderfs", [pid 5856] <... chdir resumed>) = 0 [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5856] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] unlink("./29/binderfs" [pid 5856] <... futex resumed>) = 1 [pid 5853] <... futex resumed>) = 0 [pid 5856] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5853] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... unlink resumed>) = 0 [ 105.004974][ T948] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 105.016245][ T5857] loop3: detected capacity change from 0 to 2048 [ 105.039349][ T11] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 105.053684][ T11] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5853] <... futex resumed>) = 0 [pid 5853] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] <... openat resumed>) = 4 [pid 5083] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5856] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = 0 [pid 5856] <... futex resumed>) = 1 [pid 5853] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5853] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 105.066917][ T11] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 105.080754][ T11] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 105.095963][ T9] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 105.096604][ T11] EXT4-fs (loop1): This should not happen!! Data will be lost [pid 5856] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 5853] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5853] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5853] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f56518a1000 [pid 5853] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5853] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5864], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 5864 [pid 5853] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5853] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5864 attached [pid 5856] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... mount resumed>) = 0 [pid 5856] <... futex resumed>) = 0 [pid 5856] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5855] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [ 105.096604][ T11] [ 105.112147][ T5855] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/28/bus supports timestamps until 2038 (0x7fffffff) [ 105.120655][ T11] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 105.138822][ T5857] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/30/bus supports timestamps until 2038 (0x7fffffff) [pid 5864] set_robust_list(0x7f56518c19e0, 24) = 0 [pid 5857] <... mount resumed>) = 0 [pid 5855] <... openat resumed>) = 3 [pid 5081] <... umount2 resumed>) = 0 [pid 5857] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5853] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5081] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5857] <... openat resumed>) = 3 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5857] chdir("./bus" [pid 5081] lstat("./28/bus", [pid 5857] <... chdir resumed>) = 0 [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5857] ioctl(4, LOOP_CLR_FD [pid 5081] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5857] <... ioctl resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5857] close(4 [pid 5853] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5857] <... close resumed>) = 0 [pid 5081] <... openat resumed>) = 4 [pid 5857] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] fstat(4, [pid 5857] <... futex resumed>) = 1 [pid 5856] <... futex resumed>) = 0 [pid 5854] <... futex resumed>) = 0 [pid 5853] <... futex resumed>) = 1 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5864] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5857] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5856] open("", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5855] chdir("./bus" [pid 5854] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] getdents64(4, [pid 5864] <... mmap resumed>) = 0x20000000 [pid 5857] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5856] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5855] <... chdir resumed>) = 0 [pid 5854] <... futex resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [ 105.155794][ T11] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 105.168788][ T9] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 105.186829][ T9] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [pid 5857] chdir("./file0" [pid 5081] getdents64(4, [pid 5864] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] <... chdir resumed>) = 0 [pid 5856] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] ioctl(4, LOOP_CLR_FD [pid 5854] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5864] <... futex resumed>) = 0 [pid 5857] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... futex resumed>) = 1 [pid 5855] <... ioctl resumed>) = 0 [pid 5854] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5853] <... futex resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5864] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5857] <... futex resumed>) = 0 [pid 5856] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5855] close(4 [pid 5854] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] close(4 [pid 5857] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5856] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5855] <... close resumed>) = 0 [pid 5854] <... futex resumed>) = 0 [pid 5853] <... futex resumed>) = 0 [pid 5081] <... close resumed>) = 0 [pid 5857] <... openat resumed>) = 4 [pid 5856] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5855] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5857] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 5855] <... futex resumed>) = 1 [pid 5854] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5852] <... futex resumed>) = 0 [pid 5082] <... umount2 resumed>) = 0 [pid 5857] <... futex resumed>) = 0 [pid 5856] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [ 105.212730][ T9] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5857] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5856] <... futex resumed>) = 1 [pid 5855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] <... futex resumed>) = 0 [pid 5853] <... futex resumed>) = 0 [pid 5852] <... futex resumed>) = 0 [pid 5856] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5855] chdir("./file0" [pid 5854] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] rmdir("./28/bus" [pid 5856] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5855] <... chdir resumed>) = 0 [pid 5853] <... futex resumed>) = 0 [pid 5082] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5856] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5855] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5855] <... futex resumed>) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5856] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] lstat("./29/bus", [pid 5856] <... futex resumed>) = 1 [pid 5855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5853] <... futex resumed>) = 0 [pid 5852] <... futex resumed>) = 0 [pid 5082] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5857] <... write resumed>) = 262144 [pid 5081] <... rmdir resumed>) = 0 [pid 5857] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] getdents64(3, [pid 5857] <... futex resumed>) = 1 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5857] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] close(3) = 0 [pid 5081] rmdir("./28") = 0 [pid 5081] mkdir("./29", 0777 [pid 5856] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5855] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5854] <... futex resumed>) = 0 [pid 5853] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... mkdir resumed>) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5081] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5081] close(3 [pid 5856] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = 0 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] <... close resumed>) = 0 [pid 5857] <... futex resumed>) = 0 [pid 5856] write(-1, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5854] <... futex resumed>) = 1 [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5857] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5856] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 5855] <... openat resumed>) = 4 [pid 5854] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5857] <... mmap resumed>) = 0x20000000 [pid 5856] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] <... openat resumed>) = 4 [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5865 [pid 5857] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... futex resumed>) = 0 [pid 5855] <... futex resumed>) = 1 [pid 5853] exit_group(0 [pid 5852] <... futex resumed>) = 0 [pid 5082] fstat(4, ./strace-static-x86_64: Process 5865 attached [pid 5864] <... futex resumed>) = ? [pid 5857] <... futex resumed>) = 1 [pid 5855] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] <... futex resumed>) = 0 [pid 5853] <... exit_group resumed>) = ? [pid 5852] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 105.267047][ T9] EXT4-fs (loop2): This should not happen!! Data will be lost [ 105.267047][ T9] [ 105.289950][ T9] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 105.304281][ T9] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 5865] set_robust_list(0x555556f1a5e0, 24 [pid 5864] +++ exited with 0 +++ [pid 5857] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5856] +++ exited with 0 +++ [pid 5855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] <... set_robust_list resumed>) = 0 [pid 5857] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5855] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5854] <... futex resumed>) = 0 [pid 5853] +++ exited with 0 +++ [pid 5852] <... futex resumed>) = 0 [pid 5083] <... umount2 resumed>) = 0 [pid 5082] getdents64(4, [pid 5865] chdir("./29" [pid 5857] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5854] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5865] <... chdir resumed>) = 0 [pid 5857] <... open resumed>) = 5 [pid 5083] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5865] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5857] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5865] <... prctl resumed>) = 0 [pid 5857] <... futex resumed>) = 1 [pid 5854] <... futex resumed>) = 0 [pid 5083] lstat("./29/bus", [pid 5865] setpgid(0, 0 [pid 5857] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5865] <... setpgid resumed>) = 0 [pid 5857] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] <... futex resumed>) = 0 [pid 5083] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5857] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 5854] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5865] <... openat resumed>) = 3 [pid 5857] <... mount resumed>) = 0 [pid 5083] openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5865] write(3, "1000", 4 [pid 5857] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... openat resumed>) = 4 [pid 5865] <... write resumed>) = 4 [pid 5857] <... futex resumed>) = 1 [pid 5854] <... futex resumed>) = 0 [pid 5083] fstat(4, [pid 5865] close(3 [pid 5857] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5865] <... close resumed>) = 0 [pid 5857] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] <... futex resumed>) = 0 [pid 5083] getdents64(4, [pid 5865] symlink("/dev/binderfs", "./binderfs" [pid 5857] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5854] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5865] <... symlink resumed>) = 0 [pid 5857] <... open resumed>) = 6 [pid 5852] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5853, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5083] getdents64(4, [pid 5082] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5865] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] getdents64(4, [pid 5865] <... futex resumed>) = 0 [pid 5857] <... futex resumed>) = 1 [pid 5854] <... futex resumed>) = 0 [pid 5083] close(4 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5865] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5857] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... close resumed>) = 0 [pid 5082] close(4 [pid 5865] <... mmap resumed>) = 0x7f5659bc2000 [pid 5857] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5854] <... futex resumed>) = 0 [pid 5083] rmdir("./29/bus" [pid 5082] <... close resumed>) = 0 [pid 5865] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5857] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5854] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... rmdir resumed>) = 0 [pid 5082] rmdir("./29/bus" [pid 5865] <... mprotect resumed>) = 0 [pid 5855] <... write resumed>) = 262144 [pid 5086] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] getdents64(3, [pid 5082] <... rmdir resumed>) = 0 [pid 5865] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5855] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] getdents64(3, [pid 5855] <... futex resumed>) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5086] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] close(3 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5865] <... clone resumed>, parent_tid=[5866], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5866 [pid 5855] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... openat resumed>) = 3 [pid 5083] <... close resumed>) = 0 [pid 5082] close(3 [pid 5865] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5852] <... futex resumed>) = 0 [pid 5086] fstat(3, [pid 5083] rmdir("./29" [pid 5082] <... close resumed>) = 0 [pid 5865] <... futex resumed>) = 0 [pid 5855] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5852] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] rmdir("./29" [pid 5865] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5855] <... mmap resumed>) = 0x20000000 [pid 5086] getdents64(3, [pid 5083] <... rmdir resumed>) = 0 [pid 5082] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 5866 attached [pid 5855] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] mkdir("./30", 0777 [pid 5082] mkdir("./30", 0777 [pid 5866] set_robust_list(0x7f5659be29e0, 24 [pid 5855] <... futex resumed>) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5086] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... mkdir resumed>) = 0 [pid 5082] <... mkdir resumed>) = 0 [pid 5866] <... set_robust_list resumed>) = 0 [pid 5857] <... write resumed>) = 262144 [pid 5855] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5866] memfd_create("syzkaller", 0 [pid 5855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5852] <... futex resumed>) = 0 [pid 5086] lstat("./29/binderfs", [pid 5083] <... openat resumed>) = 3 [pid 5857] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... openat resumed>) = 3 [pid 5866] <... memfd_create resumed>) = 3 [pid 5855] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5852] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5854] <... futex resumed>) = 0 [pid 5857] <... futex resumed>) = 1 [pid 5083] ioctl(3, LOOP_CLR_FD [pid 5082] ioctl(3, LOOP_CLR_FD [pid 5866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5857] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5855] <... open resumed>) = 5 [pid 5854] exit_group(0 [pid 5086] unlink("./29/binderfs" [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5082] <... ioctl resumed>) = -1 ENXIO (No such device or address) [ 105.354179][ T27] audit: type=1800 audit(1678856056.755:178): pid=5857 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop3" ino=19 res=0 errno=0 [pid 5866] <... mmap resumed>) = 0x7f56517c2000 [pid 5857] <... futex resumed>) = ? [pid 5855] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... exit_group resumed>) = ? [pid 5086] <... unlink resumed>) = 0 [pid 5083] close(3 [pid 5082] close(3 [pid 5857] +++ exited with 0 +++ [pid 5855] <... futex resumed>) = 1 [pid 5854] +++ exited with 0 +++ [pid 5852] <... futex resumed>) = 0 [pid 5083] <... close resumed>) = 0 [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5854, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5084] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5867 [pid 5084] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5855] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 5852] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] fstat(3, [pid 5082] <... close resumed>) = 0 ./strace-static-x86_64: Process 5867 attached [pid 5866] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5855] <... mount resumed>) = 0 [pid 5852] <... futex resumed>) = 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5867] set_robust_list(0x555556f1a5e0, 24 [pid 5084] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5084] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] lstat("./30/binderfs", [pid 5855] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... set_robust_list resumed>) = 0 [pid 5855] <... futex resumed>) = 0 [pid 5852] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5867] chdir("./30" [pid 5084] unlink("./30/binderfs") = 0 [pid 5084] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5855] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5852] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... chdir resumed>) = 0 [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5868 [pid 5855] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5867] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5852] <... futex resumed>) = 0 [pid 5867] <... prctl resumed>) = 0 [pid 5855] <... open resumed>) = 6 [pid 5852] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 5868 attached [pid 5867] setpgid(0, 0 [pid 5866] <... write resumed>) = 1048576 [pid 5855] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5868] set_robust_list(0x555556f1a5e0, 24 [pid 5867] <... setpgid resumed>) = 0 [pid 5866] munmap(0x7f56517c2000, 1048576 [pid 5855] <... futex resumed>) = 0 [pid 5852] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5866] <... munmap resumed>) = 0 [pid 5855] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5852] <... futex resumed>) = 0 [pid 5868] <... set_robust_list resumed>) = 0 [pid 5867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5852] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] lstat("./29/bus", [pid 5868] chdir("./30" [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5867] <... openat resumed>) = 3 [pid 5086] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5868] <... chdir resumed>) = 0 [pid 5867] write(3, "1000", 4 [pid 5866] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5867] <... write resumed>) = 4 [pid 5866] <... openat resumed>) = 4 [pid 5086] openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] <... prctl resumed>) = 0 [pid 5867] close(3 [pid 5866] ioctl(4, LOOP_SET_FD, 3 [pid 5855] <... write resumed>) = 262144 [pid 5086] <... openat resumed>) = 4 [ 105.469524][ T9] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 105.486740][ T9] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 105.496850][ T9] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [pid 5855] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] setpgid(0, 0 [pid 5867] <... close resumed>) = 0 [pid 5855] <... futex resumed>) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5855] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] exit_group(0 [pid 5855] <... futex resumed>) = ? [pid 5852] <... exit_group resumed>) = ? [pid 5868] <... setpgid resumed>) = 0 [pid 5867] symlink("/dev/binderfs", "./binderfs" [pid 5866] <... ioctl resumed>) = 0 [pid 5855] +++ exited with 0 +++ [pid 5852] +++ exited with 0 +++ [pid 5086] fstat(4, [pid 5868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5867] <... symlink resumed>) = 0 [pid 5866] close(3 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5852, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5868] <... openat resumed>) = 3 [pid 5867] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] <... close resumed>) = 0 [pid 5086] getdents64(4, [pid 5868] write(3, "1000", 4 [pid 5867] <... futex resumed>) = 0 [pid 5866] mkdir("./bus", 0777 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5868] <... write resumed>) = 4 [pid 5867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5866] <... mkdir resumed>) = 0 [pid 5086] getdents64(4, [pid 5085] umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5868] close(3 [pid 5867] <... mmap resumed>) = 0x7f5659bc2000 [pid 5866] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5086] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... close resumed>) = 0 [pid 5867] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5086] close(4 [pid 5085] openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5868] symlink("/dev/binderfs", "./binderfs" [pid 5867] <... mprotect resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5085] <... openat resumed>) = 3 [pid 5868] <... symlink resumed>) = 0 [pid 5867] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5086] rmdir("./29/bus" [pid 5085] fstat(3, [pid 5868] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... rmdir resumed>) = 0 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5868] <... futex resumed>) = 0 [pid 5867] <... clone resumed>, parent_tid=[5869], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5869 [pid 5086] getdents64(3, [pid 5085] getdents64(3, [pid 5868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5867] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5868] <... mmap resumed>) = 0x7f5659bc2000 [pid 5867] <... futex resumed>) = 0 [pid 5086] close(3 [pid 5085] umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5868] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5867] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5086] <... close resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5868] <... mprotect resumed>) = 0 [pid 5086] rmdir("./29" [pid 5085] lstat("./28/binderfs", [pid 5868] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5086] <... rmdir resumed>) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] mkdir("./30", 0777 [pid 5085] unlink("./28/binderfs" [pid 5868] <... clone resumed>, parent_tid=[5871], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5871 [pid 5086] <... mkdir resumed>) = 0 [pid 5085] <... unlink resumed>) = 0 [pid 5868] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [ 105.532279][ T5866] loop0: detected capacity change from 0 to 2048 [ 105.539835][ T9] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 105.568590][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5085] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5871 attached ./strace-static-x86_64: Process 5869 attached [pid 5868] <... futex resumed>) = 0 [pid 5086] <... openat resumed>) = 3 [pid 5868] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5086] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5086] close(3) = 0 [ 105.583827][ T9] EXT4-fs (loop3): This should not happen!! Data will be lost [ 105.583827][ T9] [ 105.584016][ T5866] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/29/bus supports timestamps until 2038 (0x7fffffff) [ 105.595027][ T9] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 105.620966][ T11] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5873 attached , child_tidptr=0x555556f1a5d0) = 5873 [pid 5871] set_robust_list(0x7f5659be29e0, 24 [pid 5869] set_robust_list(0x7f5659be29e0, 24 [pid 5866] <... mount resumed>) = 0 [pid 5873] set_robust_list(0x555556f1a5e0, 24 [pid 5866] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5873] <... set_robust_list resumed>) = 0 [pid 5871] <... set_robust_list resumed>) = 0 [pid 5869] <... set_robust_list resumed>) = 0 [pid 5866] <... openat resumed>) = 3 [pid 5873] chdir("./30" [pid 5866] chdir("./bus" [pid 5873] <... chdir resumed>) = 0 [pid 5871] memfd_create("syzkaller", 0 [pid 5866] <... chdir resumed>) = 0 [pid 5873] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5869] memfd_create("syzkaller", 0 [pid 5866] ioctl(4, LOOP_CLR_FD [pid 5873] <... prctl resumed>) = 0 [pid 5866] <... ioctl resumed>) = 0 [pid 5873] setpgid(0, 0 [pid 5866] close(4 [pid 5873] <... setpgid resumed>) = 0 [pid 5871] <... memfd_create resumed>) = 3 [pid 5869] <... memfd_create resumed>) = 3 [pid 5866] <... close resumed>) = 0 [pid 5873] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5866] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... openat resumed>) = 3 [pid 5866] <... futex resumed>) = 1 [pid 5865] <... futex resumed>) = 0 [pid 5873] write(3, "1000", 4 [pid 5866] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5865] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... write resumed>) = 4 [pid 5866] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5865] <... futex resumed>) = 0 [pid 5873] close(3 [pid 5866] chdir("./file0" [pid 5865] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... close resumed>) = 0 [pid 5871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5866] <... chdir resumed>) = 0 [pid 5871] <... mmap resumed>) = 0x7f56517c2000 [pid 5869] <... mmap resumed>) = 0x7f56517c2000 [ 105.620999][ T9] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 105.646776][ T11] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 105.665283][ T11] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5873] symlink("/dev/binderfs", "./binderfs" [pid 5871] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5866] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... symlink resumed>) = 0 [pid 5866] <... futex resumed>) = 1 [pid 5865] <... futex resumed>) = 0 [pid 5873] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5866] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5865] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... futex resumed>) = 0 [pid 5866] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5865] <... futex resumed>) = 0 [pid 5873] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5866] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5865] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... mmap resumed>) = 0x7f5659bc2000 [pid 5873] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5873] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5866] <... openat resumed>) = 4 [pid 5873] <... clone resumed>, parent_tid=[5874], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5874 [pid 5873] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5874 attached [pid 5866] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] set_robust_list(0x7f5659be29e0, 24 [pid 5866] <... futex resumed>) = 1 [pid 5865] <... futex resumed>) = 0 [pid 5866] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5865] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... set_robust_list resumed>) = 0 [pid 5874] memfd_create("syzkaller", 0) = 3 [pid 5874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5865] <... futex resumed>) = 0 [pid 5865] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 105.679745][ T11] EXT4-fs (loop4): This should not happen!! Data will be lost [ 105.679745][ T11] [ 105.691551][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5874] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5874] munmap(0x7f56517c2000, 1048576) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5874] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5874] close(3) = 0 [pid 5874] mkdir("./bus", 0777) = 0 [pid 5874] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5865] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5865] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5865] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f56518a1000 [pid 5865] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5865] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5875], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 5875 [pid 5865] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5865] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5875 attached [pid 5871] <... write resumed>) = 1048576 [pid 5866] <... write resumed>) = 262144 [pid 5084] <... umount2 resumed>) = 0 [pid 5875] set_robust_list(0x7f56518c19e0, 24 [pid 5871] munmap(0x7f56517c2000, 1048576 [pid 5866] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5875] <... set_robust_list resumed>) = 0 [pid 5875] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5866] <... futex resumed>) = 0 [pid 5875] <... mmap resumed>) = 0x20000000 [pid 5871] <... munmap resumed>) = 0 [pid 5869] <... write resumed>) = 1048576 [pid 5866] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5875] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5875] <... futex resumed>) = 1 [pid 5865] <... futex resumed>) = 0 [pid 5871] <... openat resumed>) = 4 [pid 5869] munmap(0x7f56517c2000, 1048576 [pid 5865] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5875] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5865] <... futex resumed>) = 1 [pid 5866] <... futex resumed>) = 0 [pid 5865] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] ioctl(4, LOOP_SET_FD, 3 [pid 5869] <... munmap resumed>) = 0 [ 105.764235][ T5874] loop5: detected capacity change from 0 to 2048 [ 105.784317][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5866] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5869] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5869] ioctl(4, LOOP_SET_FD, 3 [pid 5871] <... ioctl resumed>) = 0 [pid 5866] <... open resumed>) = 5 [pid 5084] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5871] close(3 [pid 5866] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5869] <... ioctl resumed>) = 0 [pid 5869] close(3) = 0 [pid 5869] mkdir("./bus", 0777 [pid 5871] <... close resumed>) = 0 [pid 5866] <... futex resumed>) = 1 [pid 5084] lstat("./30/bus", [pid 5865] <... futex resumed>) = 0 [pid 5871] mkdir("./bus", 0777 [pid 5866] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5871] <... mkdir resumed>) = 0 [pid 5866] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5865] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5869] <... mkdir resumed>) = 0 [pid 5869] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5871] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5865] <... futex resumed>) = 0 [pid 5866] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5865] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5866] <... mount resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5866] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5874] <... mount resumed>) = 0 [pid 5874] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5084] <... openat resumed>) = 4 [pid 5866] <... futex resumed>) = 1 [pid 5865] <... futex resumed>) = 0 [pid 5084] fstat(4, [pid 5865] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5865] <... futex resumed>) = 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5874] <... openat resumed>) = 3 [pid 5874] chdir("./bus" [pid 5865] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] getdents64(4, [pid 5866] <... open resumed>) = 6 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5874] <... chdir resumed>) = 0 [pid 5866] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... umount2 resumed>) = 0 [pid 5084] getdents64(4, [pid 5874] ioctl(4, LOOP_CLR_FD [pid 5866] <... futex resumed>) = 1 [pid 5865] <... futex resumed>) = 0 [pid 5085] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5865] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] close(4 [pid 5865] <... futex resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 5865] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] rmdir("./30/bus") = 0 [pid 5874] <... ioctl resumed>) = 0 [pid 5866] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5084] getdents64(3, [pid 5874] close(4 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5084] close(3) = 0 [pid 5084] rmdir("./30") = 0 [pid 5084] mkdir("./31", 0777) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5874] <... close resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] <... write resumed>) = 262144 [pid 5085] lstat("./28/bus", [pid 5084] <... openat resumed>) = 3 [pid 5874] <... futex resumed>) = 1 [pid 5873] <... futex resumed>) = 0 [ 105.812417][ T5871] loop1: detected capacity change from 0 to 2048 [ 105.813574][ T5869] loop2: detected capacity change from 0 to 2048 [ 105.833176][ T5874] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/30/bus supports timestamps until 2038 (0x7fffffff) [pid 5866] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5874] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] <... futex resumed>) = 1 [pid 5085] umount2("./28/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5874] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5873] <... futex resumed>) = 0 [pid 5866] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] chdir("./file0" [pid 5873] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] openat(AT_FDCWD, "./28/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5874] <... chdir resumed>) = 0 [pid 5865] <... futex resumed>) = 0 [pid 5085] <... openat resumed>) = 4 [pid 5085] fstat(4, [pid 5874] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] exit_group(0 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./28/bus") = 0 [pid 5085] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./28" [pid 5875] <... futex resumed>) = ? [pid 5874] <... futex resumed>) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5866] <... futex resumed>) = ? [pid 5865] <... exit_group resumed>) = ? [pid 5085] <... rmdir resumed>) = 0 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5875] +++ exited with 0 +++ [pid 5874] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] +++ exited with 0 +++ [pid 5085] mkdir("./29", 0777 [pid 5874] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5873] <... futex resumed>) = 0 [pid 5871] <... mount resumed>) = 0 [pid 5869] <... mount resumed>) = 0 [pid 5865] +++ exited with 0 +++ [pid 5084] close(3 [pid 5874] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5871] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5869] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5873] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... mkdir resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5865, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5874] <... openat resumed>) = 4 [pid 5871] <... openat resumed>) = 3 [pid 5869] <... openat resumed>) = 3 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5874] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] chdir("./bus" [pid 5869] chdir("./bus" [pid 5085] <... openat resumed>) = 3 [pid 5874] <... futex resumed>) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5871] <... chdir resumed>) = 0 [pid 5869] <... chdir resumed>) = 0 [pid 5085] ioctl(3, LOOP_CLR_FD [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5882 [pid 5081] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5874] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] ioctl(4, LOOP_CLR_FD [pid 5869] ioctl(4, LOOP_CLR_FD [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5874] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5873] <... futex resumed>) = 0 [pid 5871] <... ioctl resumed>) = 0 [pid 5869] <... ioctl resumed>) = 0 [pid 5085] close(3 [pid 5081] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5874] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5873] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] close(4 [pid 5869] close(4 [pid 5085] <... close resumed>) = 0 [pid 5081] <... openat resumed>) = 3 [pid 5874] <... write resumed>) = 262144 [pid 5871] <... close resumed>) = 0 [pid 5869] <... close resumed>) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5081] fstat(3, [pid 5871] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5871] <... futex resumed>) = 1 [pid 5869] <... futex resumed>) = 1 [pid 5868] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 0 [pid 5081] getdents64(3, [pid 5871] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 0 [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5883 [pid 5081] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5874] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] chdir("./file0" [pid 5869] chdir("./file0" [pid 5868] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5883 attached [pid 5874] <... futex resumed>) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5871] <... chdir resumed>) = 0 [pid 5869] <... chdir resumed>) = 0 [pid 5081] lstat("./29/binderfs", [pid 5883] set_robust_list(0x555556f1a5e0, 24 [pid 5874] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [ 105.893829][ T5869] ext4 filesystem being mounted at /root/syzkaller.22hR0w/30/bus supports timestamps until 2038 (0x7fffffff) [ 105.910647][ T5871] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/30/bus supports timestamps until 2038 (0x7fffffff) [pid 5873] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 ./strace-static-x86_64: Process 5882 attached [pid 5883] <... set_robust_list resumed>) = 0 [pid 5874] <... mmap resumed>) = 0x20000000 [pid 5873] <... futex resumed>) = 0 [pid 5871] <... futex resumed>) = 1 [pid 5869] <... futex resumed>) = 1 [pid 5868] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 0 [pid 5081] unlink("./29/binderfs" [pid 5883] chdir("./29" [pid 5882] set_robust_list(0x555556f1a5e0, 24 [pid 5874] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... unlink resumed>) = 0 [pid 5883] <... chdir resumed>) = 0 [pid 5882] <... set_robust_list resumed>) = 0 [pid 5874] <... futex resumed>) = 0 [pid 5873] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 0 [pid 5081] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5883] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5882] chdir("./31" [pid 5874] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5869] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5868] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] <... prctl resumed>) = 0 [pid 5882] <... chdir resumed>) = 0 [pid 5874] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5873] <... futex resumed>) = 0 [pid 5871] <... openat resumed>) = 4 [pid 5869] <... openat resumed>) = 4 [pid 5874] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5873] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... open resumed>) = 5 [pid 5871] <... futex resumed>) = 1 [pid 5869] <... futex resumed>) = 1 [pid 5868] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 0 [pid 5874] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... futex resumed>) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 0 [pid 5874] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5869] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5868] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] setpgid(0, 0 [pid 5882] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5874] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5873] <... futex resumed>) = 0 [pid 5871] <... write resumed>) = 262144 [pid 5869] <... write resumed>) = 262144 [pid 5874] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5873] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] <... setpgid resumed>) = 0 [pid 5882] <... prctl resumed>) = 0 [pid 5874] <... mount resumed>) = 0 [pid 5874] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5874] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] setpgid(0, 0 [pid 5874] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5873] <... futex resumed>) = 0 [ 105.983289][ T75] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5882] <... setpgid resumed>) = 0 [pid 5874] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5873] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] <... open resumed>) = 6 [pid 5871] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... futex resumed>) = 1 [pid 5868] <... futex resumed>) = 0 [pid 5874] <... futex resumed>) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5871] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5869] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... openat resumed>) = 3 [pid 5882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5874] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... mmap resumed>) = 0x20000000 [pid 5869] <... futex resumed>) = 1 [pid 5868] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 0 [pid 5883] write(3, "1000", 4 [pid 5882] <... openat resumed>) = 3 [pid 5874] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5873] <... futex resumed>) = 0 [pid 5871] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... write resumed>) = 4 [pid 5882] write(3, "1000", 4 [pid 5874] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5873] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... futex resumed>) = 0 [pid 5869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5867] <... futex resumed>) = 0 [pid 5883] close(3 [pid 5882] <... write resumed>) = 4 [pid 5874] <... write resumed>) = 262144 [pid 5871] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5868] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] <... mmap resumed>) = 0x20000000 [pid 5868] <... futex resumed>) = 0 [pid 5874] <... futex resumed>) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5871] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5869] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] <... close resumed>) = 0 [pid 5882] close(3 [pid 5874] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] exit_group(0 [pid 5871] <... open resumed>) = 5 [pid 5869] <... futex resumed>) = 1 [pid 5867] <... futex resumed>) = 0 [pid 5883] symlink("/dev/binderfs", "./binderfs" [pid 5874] <... futex resumed>) = ? [pid 5873] <... exit_group resumed>) = ? [pid 5871] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5867] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] <... symlink resumed>) = 0 [pid 5882] <... close resumed>) = 0 [pid 5874] +++ exited with 0 +++ [pid 5873] +++ exited with 0 +++ [pid 5871] <... futex resumed>) = 1 [pid 5869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 0 [pid 5871] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5868] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] <... open resumed>) = 5 [pid 5868] <... futex resumed>) = 0 [pid 5871] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5869] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... mount resumed>) = 0 [pid 5869] <... futex resumed>) = 1 [pid 5867] <... futex resumed>) = 0 [pid 5871] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5867] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... futex resumed>) = 1 [pid 5869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 0 [pid 5871] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 5868] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] <... mount resumed>) = 0 [pid 5868] <... futex resumed>) = 0 [pid 5883] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] symlink("/dev/binderfs", "./binderfs" [pid 5871] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5869] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] <... futex resumed>) = 0 [pid 5871] <... open resumed>) = 6 [pid 5869] <... futex resumed>) = 1 [pid 5867] <... futex resumed>) = 0 [pid 5883] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5882] <... symlink resumed>) = 0 [pid 5871] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5867] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5873, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5883] <... mmap resumed>) = 0x7f5659bc2000 [pid 5882] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... futex resumed>) = 1 [pid 5869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5868] <... futex resumed>) = 0 [pid 5867] <... futex resumed>) = 0 [pid 5086] restart_syscall(<... resuming interrupted clone ...> [pid 5883] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5882] <... futex resumed>) = 0 [pid 5871] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5868] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... restart_syscall resumed>) = 0 [pid 5883] <... mprotect resumed>) = 0 [pid 5882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5871] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5869] <... open resumed>) = 6 [pid 5868] <... futex resumed>) = 0 [pid 5883] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5882] <... mmap resumed>) = 0x7f5659bc2000 [ 106.033473][ T75] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 106.067776][ T75] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [pid 5871] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5869] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5869] <... futex resumed>) = 1 [pid 5867] <... futex resumed>) = 0 [pid 5871] <... write resumed>) = 262144 [pid 5869] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5867] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5867] <... futex resumed>) = 0 [pid 5871] <... futex resumed>) = 1 [pid 5869] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5868] <... futex resumed>) = 0 [pid 5867] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5884 attached [pid 5883] <... clone resumed>, parent_tid=[5884], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5884 [pid 5882] <... mprotect resumed>) = 0 [pid 5871] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5868] exit_group(0 [pid 5086] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5884] set_robust_list(0x7f5659be29e0, 24 [pid 5883] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5871] <... futex resumed>) = ? [pid 5869] <... write resumed>) = 262144 [pid 5868] <... exit_group resumed>) = ? [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5884] <... set_robust_list resumed>) = 0 [pid 5883] <... futex resumed>) = 0 [pid 5871] +++ exited with 0 +++ [pid 5869] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5868] +++ exited with 0 +++ [pid 5086] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5884] memfd_create("syzkaller", 0 [pid 5883] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5882] <... clone resumed>, parent_tid=[5885], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5885 [pid 5869] <... futex resumed>) = 1 [pid 5867] <... futex resumed>) = 0 [pid 5086] <... openat resumed>) = 3 [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5868, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5884] <... memfd_create resumed>) = 3 [pid 5882] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5869] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5867] exit_group(0 [pid 5086] fstat(3, [pid 5082] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 5885 attached [pid 5884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5882] <... futex resumed>) = 0 [pid 5869] <... futex resumed>) = ? [pid 5867] <... exit_group resumed>) = ? [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... restart_syscall resumed>) = 0 [pid 5885] set_robust_list(0x7f5659be29e0, 24 [pid 5884] <... mmap resumed>) = 0x7f56517c2000 [pid 5882] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 106.114602][ T75] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5086] getdents64(3, [pid 5885] <... set_robust_list resumed>) = 0 [pid 5869] +++ exited with 0 +++ [pid 5867] +++ exited with 0 +++ [pid 5885] memfd_create("syzkaller", 0 [pid 5082] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5885] <... memfd_create resumed>) = 3 [pid 5884] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5082] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5885] <... mmap resumed>) = 0x7f56517c2000 [pid 5082] <... openat resumed>) = 3 [pid 5885] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5867, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5082] fstat(3, [pid 5086] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] getdents64(3, [pid 5086] lstat("./30/binderfs", [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] unlink("./30/binderfs" [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] <... unlink resumed>) = 0 [pid 5083] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] lstat("./30/binderfs", [pid 5086] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] unlink("./30/binderfs" [pid 5083] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] <... unlink resumed>) = 0 [ 106.159567][ T75] EXT4-fs (loop0): This should not happen!! Data will be lost [ 106.159567][ T75] [ 106.193195][ T11] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5082] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... openat resumed>) = 3 [pid 5884] <... write resumed>) = 1048576 [pid 5884] munmap(0x7f56517c2000, 1048576) = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5884] ioctl(4, LOOP_SET_FD, 3 [pid 5083] fstat(3, [pid 5884] <... ioctl resumed>) = 0 [pid 5884] close(3) = 0 [pid 5884] mkdir("./bus", 0777) = 0 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] getdents64(3, [ 106.206943][ T46] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 106.221011][ T75] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 106.233547][ T5884] loop4: detected capacity change from 0 to 2048 [ 106.240949][ T75] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5884] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5885] <... write resumed>) = 1048576 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5885] munmap(0x7f56517c2000, 1048576 [pid 5083] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5885] <... munmap resumed>) = 0 [pid 5885] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5885] ioctl(4, LOOP_SET_FD, 3 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5083] unlink("./30/binderfs") = 0 [ 106.254743][ T46] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 106.267620][ T46] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:3: mark_inode_dirty error [ 106.273884][ T11] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 106.280755][ T46] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 106.300325][ T5885] loop3: detected capacity change from 0 to 2048 [pid 5083] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5885] <... ioctl resumed>) = 0 [pid 5885] close(3) = 0 [pid 5885] mkdir("./bus", 0777) = 0 [pid 5885] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5081] <... umount2 resumed>) = 0 [pid 5081] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] lstat("./29/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 106.310908][ T11] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 106.311804][ T75] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 106.345630][ T46] EXT4-fs (loop1): This should not happen!! Data will be lost [ 106.345630][ T46] [pid 5081] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 106.359154][ T5884] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/29/bus supports timestamps until 2038 (0x7fffffff) [ 106.371963][ T11] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 106.372458][ T75] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 106.385139][ T46] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [pid 5081] openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5884] <... mount resumed>) = 0 [pid 5081] <... openat resumed>) = 4 [pid 5884] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [ 106.395645][ T75] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [ 106.408935][ T11] EXT4-fs (loop5): This should not happen!! Data will be lost [ 106.408935][ T11] [ 106.422712][ T5885] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/31/bus supports timestamps until 2038 (0x7fffffff) [ 106.430988][ T11] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5081] fstat(4, [pid 5884] <... openat resumed>) = 3 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5884] chdir("./bus" [pid 5081] getdents64(4, [pid 5885] <... mount resumed>) = 0 [pid 5885] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5885] chdir("./bus") = 0 [pid 5885] ioctl(4, LOOP_CLR_FD) = 0 [pid 5885] close(4) = 0 [pid 5885] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 0 [pid 5884] <... chdir resumed>) = 0 [pid 5882] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5882] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] ioctl(4, LOOP_CLR_FD [pid 5081] getdents64(4, [pid 5884] <... ioctl resumed>) = 0 [pid 5884] close(4 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5884] <... close resumed>) = 0 [pid 5081] close(4 [pid 5884] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... close resumed>) = 0 [pid 5884] <... futex resumed>) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5081] rmdir("./29/bus" [pid 5884] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... rmdir resumed>) = 0 [pid 5884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5883] <... futex resumed>) = 0 [pid 5884] chdir("./file0" [pid 5883] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] getdents64(3, [pid 5884] <... chdir resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5884] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] close(3 [pid 5884] <... futex resumed>) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5884] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... close resumed>) = 0 [pid 5884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5883] <... futex resumed>) = 0 [pid 5081] rmdir("./29" [pid 5884] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5883] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] <... openat resumed>) = 4 [pid 5086] <... umount2 resumed>) = 0 [pid 5081] <... rmdir resumed>) = 0 [pid 5884] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5885] <... futex resumed>) = 1 [pid 5884] <... futex resumed>) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] mkdir("./30", 0777 [pid 5885] chdir("./file0" [pid 5884] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] lstat("./30/bus", [pid 5885] <... chdir resumed>) = 0 [pid 5884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5883] <... futex resumed>) = 0 [ 106.453821][ T46] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 106.467773][ T11] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 106.487548][ T75] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5081] <... mkdir resumed>) = 0 [pid 5885] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5883] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5885] <... futex resumed>) = 0 [pid 5884] <... write resumed>) = 262144 [pid 5882] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... umount2 resumed>) = 0 [pid 5885] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5882] <... futex resumed>) = 0 [pid 5885] <... openat resumed>) = 4 [pid 5882] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... openat resumed>) = 3 [pid 5885] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5882] <... futex resumed>) = 0 [pid 5885] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5882] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5882] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] ioctl(3, LOOP_CLR_FD [pid 5086] openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] lstat("./30/bus", [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5884] <... futex resumed>) = 1 [pid 5086] <... openat resumed>) = 4 [pid 5885] <... write resumed>) = 262144 [pid 5884] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] <... futex resumed>) = 0 [pid 5086] fstat(4, [pid 5082] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] close(3 [pid 5885] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5883] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... close resumed>) = 0 [pid 5885] <... futex resumed>) = 1 [pid 5884] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5883] <... futex resumed>) = 0 [pid 5882] <... futex resumed>) = 0 [pid 5086] getdents64(4, [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5885] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] <... mmap resumed>) = 0x20000000 [pid 5883] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5083] <... umount2 resumed>) = 0 [pid 5082] openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5890 attached [pid 5885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5884] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 0 [pid 5086] getdents64(4, [pid 5082] <... openat resumed>) = 4 [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5890 [pid 5885] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5884] <... futex resumed>) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5882] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] fstat(4, [pid 5890] set_robust_list(0x555556f1a5e0, 24 [pid 5885] <... mmap resumed>) = 0x20000000 [pid 5884] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] close(4 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 106.555558][ T75] EXT4-fs (loop2): This should not happen!! Data will be lost [ 106.555558][ T75] [ 106.568138][ T75] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 106.582794][ T75] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5885] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5883] <... futex resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5082] getdents64(4, [pid 5890] <... set_robust_list resumed>) = 0 [pid 5885] <... futex resumed>) = 1 [pid 5884] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5883] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] <... futex resumed>) = 0 [pid 5086] rmdir("./30/bus" [pid 5082] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5890] chdir("./30" [pid 5885] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] <... open resumed>) = 5 [pid 5882] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... rmdir resumed>) = 0 [pid 5082] getdents64(4, [pid 5890] <... chdir resumed>) = 0 [pid 5885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5884] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 0 [pid 5086] getdents64(3, [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5890] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5885] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5884] <... futex resumed>) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5882] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] close(4 [pid 5083] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5890] <... prctl resumed>) = 0 [pid 5885] <... open resumed>) = 5 [pid 5884] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] close(3 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... close resumed>) = 0 [pid 5890] setpgid(0, 0 [pid 5885] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5883] <... futex resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5083] lstat("./30/bus", [pid 5082] rmdir("./30/bus" [pid 5890] <... setpgid resumed>) = 0 [pid 5885] <... futex resumed>) = 1 [pid 5884] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 5883] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] <... futex resumed>) = 0 [pid 5086] rmdir("./30" [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... rmdir resumed>) = 0 [pid 5890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5885] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] <... mount resumed>) = 0 [pid 5882] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5890] <... openat resumed>) = 3 [pid 5885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5884] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 0 [pid 5086] <... rmdir resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] getdents64(3, [pid 5890] write(3, "1000", 4 [pid 5885] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 5884] <... futex resumed>) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5882] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] mkdir("./31", 0777 [pid 5083] openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5890] <... write resumed>) = 4 [pid 5885] <... mount resumed>) = 0 [pid 5884] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... openat resumed>) = 4 [pid 5890] close(3 [pid 5083] fstat(4, [pid 5890] <... close resumed>) = 0 [pid 5086] <... mkdir resumed>) = 0 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5890] symlink("/dev/binderfs", "./binderfs" [pid 5885] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5883] <... futex resumed>) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5083] getdents64(4, [pid 5082] close(3 [pid 5890] <... symlink resumed>) = 0 [pid 5885] <... futex resumed>) = 1 [pid 5884] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5883] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] <... futex resumed>) = 0 [pid 5086] <... openat resumed>) = 3 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5082] <... close resumed>) = 0 [pid 5890] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] <... open resumed>) = 6 [pid 5882] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] ioctl(3, LOOP_CLR_FD [pid 5083] getdents64(4, [pid 5082] rmdir("./30" [pid 5890] <... futex resumed>) = 0 [pid 5885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5884] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 0 [pid 5086] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5890] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5885] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5884] <... futex resumed>) = 1 [pid 5882] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] close(3 [pid 5883] <... futex resumed>) = 0 [pid 5083] close(4 [pid 5082] <... rmdir resumed>) = 0 [pid 5890] <... mmap resumed>) = 0x7f5659bc2000 [pid 5885] <... open resumed>) = 6 [pid 5884] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... close resumed>) = 0 [pid 5082] mkdir("./31", 0777 [pid 5885] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5883] <... futex resumed>) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5082] <... mkdir resumed>) = 0 [pid 5083] <... close resumed>) = 0 [pid 5890] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5885] <... futex resumed>) = 1 [pid 5884] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5883] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] <... futex resumed>) = 0 [pid 5083] rmdir("./30/bus" [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 5891 attached [pid 5890] <... mprotect resumed>) = 0 [pid 5885] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5884] <... write resumed>) = 262144 [pid 5882] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5891 [pid 5082] <... openat resumed>) = 3 [pid 5890] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5885] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5884] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 0 [pid 5083] <... rmdir resumed>) = 0 [pid 5082] ioctl(3, LOOP_CLR_FD [pid 5885] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5884] <... futex resumed>) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5882] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] getdents64(3, [pid 5082] <... ioctl resumed>) = -1 ENXIO (No such device or address) ./strace-static-x86_64: Process 5892 attached [pid 5891] set_robust_list(0x555556f1a5e0, 24 [pid 5890] <... clone resumed>, parent_tid=[5892], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5892 [pid 5884] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] exit_group(0 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] close(3 [pid 5892] set_robust_list(0x7f5659be29e0, 24 [pid 5891] <... set_robust_list resumed>) = 0 [pid 5890] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = ? [pid 5883] <... exit_group resumed>) = ? [pid 5083] close(3 [pid 5082] <... close resumed>) = 0 [pid 5892] <... set_robust_list resumed>) = 0 [pid 5891] chdir("./31" [pid 5890] <... futex resumed>) = 0 [pid 5083] <... close resumed>) = 0 [pid 5892] memfd_create("syzkaller", 0 [pid 5891] <... chdir resumed>) = 0 [pid 5890] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5083] rmdir("./30" [pid 5892] <... memfd_create resumed>) = 3 [pid 5891] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5083] <... rmdir resumed>) = 0 [pid 5892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5891] <... prctl resumed>) = 0 [pid 5083] mkdir("./31", 0777 [pid 5892] <... mmap resumed>) = 0x7f56517c2000 [pid 5891] setpgid(0, 0 [pid 5083] <... mkdir resumed>) = 0 [pid 5892] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5891] <... setpgid resumed>) = 0 [pid 5885] <... write resumed>) = 262144 [pid 5884] +++ exited with 0 +++ [pid 5883] +++ exited with 0 +++ [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5885] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5883, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5083] <... openat resumed>) = 3 [pid 5891] <... openat resumed>) = 3 [pid 5885] <... futex resumed>) = 1 [pid 5882] <... futex resumed>) = 0 [pid 5083] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5893 attached [pid 5891] write(3, "1000", 4 [pid 5885] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5882] exit_group(0 [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5893 [pid 5893] set_robust_list(0x555556f1a5e0, 24 [pid 5891] <... write resumed>) = 4 [pid 5885] <... futex resumed>) = ? [pid 5882] <... exit_group resumed>) = ? [pid 5083] close(3 [pid 5893] <... set_robust_list resumed>) = 0 [pid 5892] <... write resumed>) = 1048576 [pid 5891] close(3 [pid 5885] +++ exited with 0 +++ [pid 5882] +++ exited with 0 +++ [pid 5083] <... close resumed>) = 0 [pid 5893] chdir("./31" [pid 5892] munmap(0x7f56517c2000, 1048576 [pid 5891] <... close resumed>) = 0 [pid 5085] umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5882, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5893] <... chdir resumed>) = 0 [pid 5892] <... munmap resumed>) = 0 [pid 5891] symlink("/dev/binderfs", "./binderfs" [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5893] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5892] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5891] <... symlink resumed>) = 0 [pid 5085] openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5894 ./strace-static-x86_64: Process 5894 attached [pid 5893] <... prctl resumed>) = 0 [pid 5892] <... openat resumed>) = 4 [pid 5891] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... openat resumed>) = 3 [pid 5894] set_robust_list(0x555556f1a5e0, 24 [pid 5893] setpgid(0, 0 [pid 5892] ioctl(4, LOOP_SET_FD, 3 [pid 5085] fstat(3, [pid 5894] <... set_robust_list resumed>) = 0 [pid 5893] <... setpgid resumed>) = 0 [pid 5892] <... ioctl resumed>) = 0 [pid 5891] <... futex resumed>) = 0 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5894] chdir("./31" [pid 5893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5892] close(3 [pid 5891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5085] getdents64(3, [pid 5084] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5894] <... chdir resumed>) = 0 [pid 5893] <... openat resumed>) = 3 [pid 5892] <... close resumed>) = 0 [pid 5891] <... mmap resumed>) = 0x7f5659bc2000 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5894] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5893] write(3, "1000", 4 [pid 5892] mkdir("./bus", 0777 [pid 5891] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5085] umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5894] <... prctl resumed>) = 0 [pid 5893] <... write resumed>) = 4 [pid 5892] <... mkdir resumed>) = 0 [pid 5891] <... mprotect resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] <... openat resumed>) = 3 [pid 5894] setpgid(0, 0 [pid 5893] close(3 [pid 5892] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5891] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5085] lstat("./29/binderfs", [pid 5084] fstat(3, [pid 5894] <... setpgid resumed>) = 0 [pid 5893] <... close resumed>) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5893] symlink("/dev/binderfs", "./binderfs" [pid 5891] <... clone resumed>, parent_tid=[5895], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5895 [pid 5085] unlink("./29/binderfs" [pid 5084] getdents64(3, [pid 5894] <... openat resumed>) = 3 [pid 5891] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... symlink resumed>) = 0 [pid 5891] <... futex resumed>) = 0 [pid 5891] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5085] <... unlink resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 ./strace-static-x86_64: Process 5895 attached [pid 5894] write(3, "1000", 4 [pid 5893] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5895] set_robust_list(0x7f5659be29e0, 24 [pid 5894] <... write resumed>) = 4 [pid 5893] <... futex resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5894] close(3 [pid 5893] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5084] lstat("./31/binderfs", [pid 5894] <... close resumed>) = 0 [pid 5893] <... mmap resumed>) = 0x7f5659bc2000 [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5894] symlink("/dev/binderfs", "./binderfs" [pid 5893] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5084] unlink("./31/binderfs" [pid 5894] <... symlink resumed>) = 0 [pid 5893] <... mprotect resumed>) = 0 [pid 5084] <... unlink resumed>) = 0 [pid 5894] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5084] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5895] <... set_robust_list resumed>) = 0 [pid 5894] <... futex resumed>) = 0 [ 106.761429][ T5892] loop0: detected capacity change from 0 to 2048 [ 106.792099][ T948] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 5894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5893] <... clone resumed>, parent_tid=[5898], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5898 [pid 5894] <... mmap resumed>) = 0x7f5659bc2000 [pid 5893] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5893] <... futex resumed>) = 0 [pid 5894] <... mprotect resumed>) = 0 [pid 5893] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5894] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5899], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5899 ./strace-static-x86_64: Process 5898 attached [pid 5894] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] set_robust_list(0x7f5659be29e0, 24 [pid 5894] <... futex resumed>) = 0 [pid 5898] <... set_robust_list resumed>) = 0 [pid 5894] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5898] memfd_create("syzkaller", 0) = 3 [pid 5898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 ./strace-static-x86_64: Process 5899 attached [pid 5895] memfd_create("syzkaller", 0 [ 106.812827][ T75] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 106.832093][ T948] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 106.833713][ T5892] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/30/bus supports timestamps until 2038 (0x7fffffff) [ 106.854059][ T75] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5898] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5899] set_robust_list(0x7f5659be29e0, 24 [pid 5895] <... memfd_create resumed>) = 3 [pid 5899] <... set_robust_list resumed>) = 0 [pid 5895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5892] <... mount resumed>) = 0 [pid 5899] memfd_create("syzkaller", 0 [pid 5895] <... mmap resumed>) = 0x7f56517c2000 [pid 5899] <... memfd_create resumed>) = 3 [pid 5899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5899] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5892] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5892] chdir("./bus") = 0 [pid 5892] ioctl(4, LOOP_CLR_FD) = 0 [pid 5892] close(4 [pid 5898] <... write resumed>) = 1048576 [pid 5898] munmap(0x7f56517c2000, 1048576) = 0 [pid 5898] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5898] ioctl(4, LOOP_SET_FD, 3 [pid 5892] <... close resumed>) = 0 [pid 5892] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5892] <... futex resumed>) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5898] <... ioctl resumed>) = 0 [pid 5898] close(3) = 0 [pid 5892] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] mkdir("./bus", 0777 [pid 5892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5890] <... futex resumed>) = 0 [pid 5892] chdir("./file0" [pid 5890] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] <... chdir resumed>) = 0 [pid 5892] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5892] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5890] <... futex resumed>) = 0 [pid 5892] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5890] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5898] <... mkdir resumed>) = 0 [pid 5898] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5892] <... openat resumed>) = 4 [pid 5892] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5892] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5890] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 106.882442][ T948] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [ 106.895059][ T5898] loop1: detected capacity change from 0 to 2048 [ 106.903434][ T75] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [pid 5890] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5899] <... write resumed>) = 1048576 [pid 5895] <... write resumed>) = 1048576 [pid 5892] <... write resumed>) = 262144 [pid 5899] munmap(0x7f56517c2000, 1048576 [pid 5895] munmap(0x7f56517c2000, 1048576 [ 106.946138][ T75] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 106.956182][ T948] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 106.971522][ T948] EXT4-fs (loop4): This should not happen!! Data will be lost [ 106.971522][ T948] [ 106.974328][ T75] EXT4-fs (loop3): This should not happen!! Data will be lost [ 106.974328][ T75] [pid 5892] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] <... munmap resumed>) = 0 [pid 5895] <... munmap resumed>) = 0 [pid 5892] <... futex resumed>) = 0 [pid 5890] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5899] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5899] ioctl(4, LOOP_SET_FD, 3 [pid 5895] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5892] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 106.983942][ T948] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 106.997415][ T75] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 107.007130][ T948] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 107.023835][ T5899] loop2: detected capacity change from 0 to 2048 [pid 5890] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... openat resumed>) = 4 [pid 5892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5890] <... futex resumed>) = 0 [pid 5895] ioctl(4, LOOP_SET_FD, 3 [pid 5892] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5890] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5899] <... ioctl resumed>) = 0 [pid 5899] close(3) = 0 [pid 5899] mkdir("./bus", 0777 [pid 5892] <... mmap resumed>) = 0x20000000 [pid 5892] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... ioctl resumed>) = 0 [pid 5892] <... futex resumed>) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5895] close(3 [pid 5892] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... umount2 resumed>) = 0 [pid 5899] <... mkdir resumed>) = 0 [pid 5895] <... close resumed>) = 0 [pid 5892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5890] <... futex resumed>) = 0 [pid 5085] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5899] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5895] mkdir("./bus", 0777 [pid 5892] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5890] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5895] <... mkdir resumed>) = 0 [pid 5892] <... open resumed>) = 5 [pid 5085] lstat("./29/bus", [pid 5895] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5892] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5892] <... futex resumed>) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5085] umount2("./29/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5892] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5890] <... futex resumed>) = 0 [pid 5085] openat(AT_FDCWD, "./29/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5892] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5890] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... openat resumed>) = 4 [pid 5892] <... mount resumed>) = 0 [pid 5085] fstat(4, [pid 5892] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5892] <... futex resumed>) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5085] getdents64(4, [pid 5892] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5890] <... futex resumed>) = 0 [ 107.038608][ T75] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 107.053108][ T5895] loop5: detected capacity change from 0 to 2048 [pid 5085] getdents64(4, [pid 5892] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5890] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5892] <... open resumed>) = 6 [pid 5085] close(4 [pid 5892] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... close resumed>) = 0 [pid 5892] <... futex resumed>) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5085] rmdir("./29/bus" [pid 5892] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... rmdir resumed>) = 0 [pid 5892] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5890] <... futex resumed>) = 0 [pid 5085] getdents64(3, [pid 5892] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5890] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./29") = 0 [pid 5085] mkdir("./30", 0777) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5892] <... write resumed>) = 262144 [pid 5085] <... openat resumed>) = 3 [pid 5892] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5892] <... futex resumed>) = 1 [pid 5890] <... futex resumed>) = 0 [pid 5892] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5890] exit_group(0 [pid 5085] close(3 [pid 5892] <... futex resumed>) = ? [pid 5890] <... exit_group resumed>) = ? [pid 5085] <... close resumed>) = 0 [pid 5892] +++ exited with 0 +++ [pid 5890] +++ exited with 0 +++ [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 5904 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5890, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5081] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5081] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5081] unlink("./30/binderfs") = 0 [pid 5081] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5898] <... mount resumed>) = 0 [pid 5898] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5898] chdir("./bus") = 0 [pid 5898] ioctl(4, LOOP_CLR_FD) = 0 [pid 5898] close(4) = 0 [pid 5898] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5898] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5904 attached [pid 5904] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 5904] chdir("./30") = 0 [pid 5893] <... futex resumed>) = 0 [pid 5904] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5893] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5898] <... futex resumed>) = 0 [pid 5893] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5898] chdir("./file0") = 0 [pid 5898] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5893] <... futex resumed>) = 0 [pid 5898] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5893] <... futex resumed>) = 0 [pid 5904] <... prctl resumed>) = 0 [pid 5898] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 107.101878][ T5898] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/31/bus supports timestamps until 2038 (0x7fffffff) [ 107.135513][ T75] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5893] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5898] <... openat resumed>) = 4 [pid 5904] setpgid(0, 0 [pid 5898] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5893] <... futex resumed>) = 0 [pid 5904] <... setpgid resumed>) = 0 [pid 5898] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5893] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5904] write(3, "1000", 4) = 4 [pid 5904] close(3) = 0 [pid 5904] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5904] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5904] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5904] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5907], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5907 [pid 5904] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 107.156239][ T75] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 107.169054][ T75] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [ 107.182917][ T5899] ext4 filesystem being mounted at /root/syzkaller.22hR0w/31/bus supports timestamps until 2038 (0x7fffffff) [pid 5898] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651./strace-static-x86_64: Process 5907 attached [pid 5899] <... mount resumed>) = 0 [pid 5895] <... mount resumed>) = 0 [pid 5893] <... futex resumed>) = 0 [pid 5084] <... umount2 resumed>) = 0 [pid 5907] set_robust_list(0x7f5659be29e0, 24 [pid 5899] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5895] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5893] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5907] <... set_robust_list resumed>) = 0 [pid 5899] <... openat resumed>) = 3 [pid 5895] <... openat resumed>) = 3 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5907] memfd_create("syzkaller", 0 [pid 5899] chdir("./bus" [pid 5895] chdir("./bus" [pid 5084] lstat("./31/bus", [pid 5907] <... memfd_create resumed>) = 3 [pid 5899] <... chdir resumed>) = 0 [pid 5898] <... write resumed>) = 262144 [pid 5895] <... chdir resumed>) = 0 [pid 5898] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5893] <... futex resumed>) = 0 [pid 5907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5899] ioctl(4, LOOP_CLR_FD [pid 5898] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5895] ioctl(4, LOOP_CLR_FD [pid 5893] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5907] <... mmap resumed>) = 0x7f56517c2000 [pid 5899] <... ioctl resumed>) = 0 [pid 5898] <... mmap resumed>) = 0x20000000 [pid 5895] <... ioctl resumed>) = 0 [pid 5893] <... futex resumed>) = 0 [pid 5084] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5898] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 107.197748][ T5895] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/31/bus supports timestamps until 2038 (0x7fffffff) [ 107.219602][ T75] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5898] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5907] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5899] close(4 [pid 5895] close(4 [pid 5893] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5899] <... close resumed>) = 0 [pid 5895] <... close resumed>) = 0 [pid 5893] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5899] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] <... futex resumed>) = 1 [pid 5898] <... futex resumed>) = 0 [pid 5895] <... futex resumed>) = 1 [pid 5894] <... futex resumed>) = 0 [pid 5893] <... futex resumed>) = 1 [pid 5891] <... futex resumed>) = 0 [pid 5084] <... openat resumed>) = 4 [pid 5899] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5898] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5895] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] fstat(4, [pid 5899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5898] <... open resumed>) = 5 [pid 5895] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5894] <... futex resumed>) = 0 [pid 5891] <... futex resumed>) = 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5899] chdir("./file0" [pid 5898] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] chdir("./file0" [pid 5894] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] getdents64(4, [pid 5899] <... chdir resumed>) = 0 [pid 5898] <... futex resumed>) = 1 [pid 5893] <... futex resumed>) = 0 [pid 5899] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5895] <... chdir resumed>) = 0 [pid 5893] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5899] <... futex resumed>) = 1 [pid 5898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5895] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... futex resumed>) = 0 [pid 5893] <... futex resumed>) = 0 [pid 5084] getdents64(4, [pid 5899] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5898] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5895] <... futex resumed>) = 1 [pid 5894] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] <... futex resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5898] <... mount resumed>) = 0 [pid 5895] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] <... futex resumed>) = 0 [ 107.251319][ T75] EXT4-fs (loop0): This should not happen!! Data will be lost [ 107.251319][ T75] [pid 5891] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] close(4 [pid 5899] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5898] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5894] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] <... futex resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 5898] <... futex resumed>) = 1 [pid 5895] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5893] <... futex resumed>) = 0 [pid 5891] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5898] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] rmdir("./31/bus" [pid 5893] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... rmdir resumed>) = 0 [pid 5898] <... futex resumed>) = 0 [pid 5893] <... futex resumed>) = 1 [pid 5898] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5084] getdents64(3, [pid 5899] <... openat resumed>) = 4 [pid 5898] <... open resumed>) = 6 [pid 5895] <... openat resumed>) = 4 [pid 5893] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5899] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] close(3 [pid 5899] <... futex resumed>) = 1 [pid 5898] <... futex resumed>) = 0 [pid 5895] <... futex resumed>) = 1 [pid 5894] <... futex resumed>) = 0 [pid 5893] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 5907] <... write resumed>) = 1048576 [pid 5899] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5898] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5895] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... futex resumed>) = 0 [pid 5891] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] rmdir("./31" [pid 5907] munmap(0x7f56517c2000, 1048576 [pid 5899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5895] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5894] <... futex resumed>) = 0 [pid 5893] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] <... futex resumed>) = 0 [pid 5084] <... rmdir resumed>) = 0 [pid 5907] <... munmap resumed>) = 0 [pid 5899] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5894] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5895] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5891] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] mkdir("./32", 0777) = 0 [pid 5907] <... openat resumed>) = 4 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5907] ioctl(4, LOOP_SET_FD, 3 [pid 5084] <... openat resumed>) = 3 [ 107.316435][ T75] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 107.352385][ T5907] loop4: detected capacity change from 0 to 2048 [pid 5907] <... ioctl resumed>) = 0 [pid 5895] <... write resumed>) = 262144 [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5899] <... write resumed>) = 262144 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5084] close(3) = 0 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5908 attached [pid 5907] close(3 [pid 5899] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] <... write resumed>) = 262144 [pid 5895] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5908 [pid 5908] set_robust_list(0x555556f1a5e0, 24 [pid 5907] <... close resumed>) = 0 [pid 5899] <... futex resumed>) = 1 [pid 5898] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... futex resumed>) = 0 [pid 5908] <... set_robust_list resumed>) = 0 [pid 5907] mkdir("./bus", 0777 [pid 5899] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5898] <... futex resumed>) = 1 [pid 5895] <... futex resumed>) = 1 [pid 5894] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5893] <... futex resumed>) = 0 [pid 5891] <... futex resumed>) = 0 [pid 5908] chdir("./32" [pid 5898] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] <... futex resumed>) = 0 [pid 5893] exit_group(0 [pid 5891] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] <... chdir resumed>) = 0 [pid 5907] <... mkdir resumed>) = 0 [pid 5899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5898] <... futex resumed>) = ? [pid 5895] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5894] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5893] <... exit_group resumed>) = ? [pid 5891] <... futex resumed>) = 0 [pid 5908] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5907] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5899] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5898] +++ exited with 0 +++ [pid 5908] <... prctl resumed>) = 0 [pid 5891] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5908] setpgid(0, 0) = 0 [pid 5893] +++ exited with 0 +++ [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5893, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5908] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5908] write(3, "1000", 4) = 4 [pid 5895] <... mmap resumed>) = 0x20000000 [pid 5908] close(3 [pid 5899] <... mmap resumed>) = 0x20000000 [pid 5895] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] <... close resumed>) = 0 [pid 5899] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] symlink("/dev/binderfs", "./binderfs" [pid 5899] <... futex resumed>) = 1 [pid 5895] <... futex resumed>) = 1 [pid 5894] <... futex resumed>) = 0 [pid 5891] <... futex resumed>) = 0 [pid 5908] <... symlink resumed>) = 0 [pid 5899] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5895] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5894] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5908] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5899] <... open resumed>) = 5 [pid 5894] <... futex resumed>) = 0 [pid 5891] <... futex resumed>) = 0 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5908] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5894] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 107.353669][ T75] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5891] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5908] <... mmap resumed>) = 0x7f5659bc2000 [pid 5899] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... open resumed>) = 5 [pid 5082] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5908] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5899] <... futex resumed>) = 1 [pid 5895] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... futex resumed>) = 0 [pid 5908] <... mprotect resumed>) = 0 [pid 5899] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 5895] <... futex resumed>) = 1 [pid 5894] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = 0 [pid 5082] <... openat resumed>) = 3 [pid 5908] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5894] <... futex resumed>) = 0 [pid 5891] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] <... futex resumed>) = 0 [pid 5082] fstat(3, [pid 5891] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5908] <... clone resumed>, parent_tid=[5912], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5912 [pid 5899] <... mount resumed>) = 0 [pid 5895] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5082] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5908] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... mount resumed>) = 0 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5912 attached [pid 5908] <... futex resumed>) = 0 [pid 5907] <... mount resumed>) = 0 [pid 5899] <... futex resumed>) = 1 [pid 5895] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... futex resumed>) = 0 [pid 5082] lstat("./31/binderfs", [pid 5912] set_robust_list(0x7f5659be29e0, 24 [pid 5908] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5907] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5899] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5895] <... futex resumed>) = 1 [pid 5894] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = 0 [pid 5082] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5912] <... set_robust_list resumed>) = 0 [pid 5907] <... openat resumed>) = 3 [pid 5899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5895] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] <... futex resumed>) = 0 [pid 5891] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] unlink("./31/binderfs" [pid 5081] <... umount2 resumed>) = 0 [pid 5912] memfd_create("syzkaller", 0 [pid 5907] chdir("./bus" [ 107.418745][ T5907] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/30/bus supports timestamps until 2038 (0x7fffffff) [pid 5899] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5895] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5894] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] <... futex resumed>) = 0 [pid 5912] <... memfd_create resumed>) = 3 [pid 5907] <... chdir resumed>) = 0 [pid 5899] <... open resumed>) = 6 [pid 5895] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5891] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... unlink resumed>) = 0 [pid 5912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5907] ioctl(4, LOOP_CLR_FD [pid 5899] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... open resumed>) = 6 [pid 5082] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5912] <... mmap resumed>) = 0x7f56517c2000 [pid 5907] <... ioctl resumed>) = 0 [pid 5899] <... futex resumed>) = 1 [pid 5895] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5894] <... futex resumed>) = 0 [pid 5912] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5907] close(4) = 0 [pid 5907] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5899] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5895] <... futex resumed>) = 1 [pid 5894] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = 0 [pid 5899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5895] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] <... futex resumed>) = 0 [pid 5891] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5895] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5894] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] <... futex resumed>) = 0 [pid 5081] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5912] <... write resumed>) = 1048576 [pid 5907] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5891] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 107.490802][ T11] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 107.523154][ T11] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5912] munmap(0x7f56517c2000, 1048576 [pid 5907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5904] <... futex resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5912] <... munmap resumed>) = 0 [pid 5907] chdir("./file0" [pid 5899] <... write resumed>) = 262144 [pid 5912] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5904] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5899] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... chdir resumed>) = 0 [pid 5912] <... openat resumed>) = 4 [pid 5907] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] <... futex resumed>) = 1 [pid 5894] <... futex resumed>) = 0 [pid 5081] lstat("./30/bus", [pid 5912] ioctl(4, LOOP_SET_FD, 3 [pid 5907] <... futex resumed>) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5899] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] exit_group(0 [pid 5912] <... ioctl resumed>) = 0 [pid 5907] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] <... futex resumed>) = ? [pid 5894] <... exit_group resumed>) = ? [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5912] close(3 [pid 5907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5904] <... futex resumed>) = 0 [pid 5912] <... close resumed>) = 0 [pid 5907] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5912] mkdir("./bus", 0777 [pid 5899] +++ exited with 0 +++ [pid 5894] +++ exited with 0 +++ [pid 5904] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5912] <... mkdir resumed>) = 0 [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5894, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 107.534862][ T11] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 107.551010][ T5912] loop3: detected capacity change from 0 to 2048 [ 107.566762][ T11] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5912] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5081] openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5083] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5083] fstat(3, [pid 5081] <... openat resumed>) = 4 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5083] lstat("./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5083] unlink("./31/binderfs") = 0 [pid 5083] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5891] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5081] fstat(4, [pid 5895] <... write resumed>) = 262144 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5895] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] getdents64(4, [pid 5891] exit_group(0) = ? [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5895] <... futex resumed>) = ? [pid 5081] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5081] close(4) = 0 [pid 5081] rmdir("./30/bus") = 0 [pid 5081] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5081] close(3) = 0 [pid 5907] <... openat resumed>) = 4 [pid 5895] +++ exited with 0 +++ [pid 5891] +++ exited with 0 +++ [pid 5907] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5891, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5907] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5904] <... futex resumed>) = 0 [pid 5086] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] rmdir("./30" [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, [pid 5904] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] <... rmdir resumed>) = 0 [pid 5086] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./31/binderfs", [pid 5907] <... futex resumed>) = 0 [pid 5904] <... futex resumed>) = 1 [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5907] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5086] unlink("./31/binderfs" [pid 5081] mkdir("./31", 0777 [pid 5904] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... unlink resumed>) = 0 [ 107.580201][ T75] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 107.608923][ T75] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 107.622152][ T11] EXT4-fs (loop1): This should not happen!! Data will be lost [ 107.622152][ T11] [pid 5086] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... mkdir resumed>) = 0 [pid 5907] <... write resumed>) = 262144 [pid 5907] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] <... futex resumed>) = 0 [pid 5904] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] <... futex resumed>) = 1 [pid 5907] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 5907] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] <... futex resumed>) = 0 [pid 5904] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] <... futex resumed>) = 1 [pid 5907] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5907] <... open resumed>) = 5 [pid 5907] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] <... futex resumed>) = 0 [pid 5904] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] <... futex resumed>) = 1 [pid 5907] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL) = 0 [pid 5907] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] <... futex resumed>) = 0 [pid 5907] <... futex resumed>) = 1 [pid 5904] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5904] <... futex resumed>) = 0 [pid 5907] <... open resumed>) = 6 [pid 5904] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5907] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5904] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] <... mount resumed>) = 0 [pid 5081] <... openat resumed>) = 3 [pid 5912] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5081] ioctl(3, LOOP_CLR_FD [pid 5912] <... openat resumed>) = 3 [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [ 107.634519][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 107.650973][ T5912] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/32/bus supports timestamps until 2038 (0x7fffffff) [ 107.665464][ T1062] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5912] chdir("./bus" [pid 5081] close(3 [pid 5907] <... write resumed>) = 262144 [pid 5907] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] <... futex resumed>) = 0 [pid 5904] exit_group(0) = ? [pid 5907] <... futex resumed>) = ? [pid 5912] <... chdir resumed>) = 0 [pid 5912] ioctl(4, LOOP_CLR_FD [pid 5081] <... close resumed>) = 0 [pid 5912] <... ioctl resumed>) = 0 [pid 5907] +++ exited with 0 +++ [pid 5904] +++ exited with 0 +++ [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5912] close(4) = 0 [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5915 [pid 5912] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5912] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5908] <... futex resumed>) = 0 [ 107.682397][ T75] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [ 107.683044][ T11] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 107.709417][ T11] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 107.723068][ T1062] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:6: mark_inode_dirty error [pid 5912] chdir("./file0" [pid 5908] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5904, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5085] umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5912] <... chdir resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5912] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5085] openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5912] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... openat resumed>) = 3 [pid 5912] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5908] <... futex resumed>) = 0 [pid 5085] fstat(3, ./strace-static-x86_64: Process 5915 attached [pid 5912] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5908] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5915] set_robust_list(0x555556f1a5e0, 24 [pid 5912] <... openat resumed>) = 4 [pid 5085] umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5915] <... set_robust_list resumed>) = 0 [pid 5912] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5915] chdir("./31" [pid 5912] <... futex resumed>) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5085] lstat("./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./30/binderfs" [pid 5915] <... chdir resumed>) = 0 [pid 5912] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5908] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... unlink resumed>) = 0 [pid 5915] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5085] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5908] <... futex resumed>) = 0 [pid 5908] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] <... prctl resumed>) = 0 [pid 5912] <... write resumed>) = 262144 [pid 5915] setpgid(0, 0) = 0 [pid 5915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5915] write(3, "1000", 4) = 4 [pid 5915] close(3) = 0 [ 107.723141][ T75] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 107.758763][ T1062] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 107.782384][ T1062] EXT4-fs (loop5): This should not happen!! Data will be lost [ 107.782384][ T1062] [pid 5915] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5915] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5082] <... umount2 resumed>) = 0 [ 107.799702][ T75] EXT4-fs (loop2): This should not happen!! Data will be lost [ 107.799702][ T75] [ 107.803437][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 107.813434][ T75] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5915] <... futex resumed>) = 0 [pid 5912] <... futex resumed>) = 0 [pid 5908] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5915] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5908] <... futex resumed>) = 0 [pid 5908] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] <... mmap resumed>) = 0x7f5659bc2000 [pid 5915] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5912] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5915] <... mprotect resumed>) = 0 [pid 5912] <... mmap resumed>) = 0x20000000 [pid 5082] lstat("./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5915] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5082] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5912] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] <... clone resumed>, parent_tid=[5916], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5916 [pid 5912] <... futex resumed>) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5082] <... openat resumed>) = 4 [pid 5915] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] fstat(4, [pid 5915] <... futex resumed>) = 0 [pid 5912] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5915] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5908] <... futex resumed>) = 0 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5908] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] <... open resumed>) = 5 [pid 5082] getdents64(4, [pid 5912] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5912] <... futex resumed>) = 1 [pid 5908] <... futex resumed>) = 0 [pid 5082] getdents64(4, [pid 5908] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 5908] <... futex resumed>) = 0 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5908] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] close(4) = 0 [pid 5912] <... mount resumed>) = 0 [pid 5082] rmdir("./31/bus" [pid 5912] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... rmdir resumed>) = 0 [pid 5912] <... futex resumed>) = 1 [pid 5908] <... futex resumed>) = 0 [ 107.837608][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 107.851829][ T75] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 107.851875][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 107.873192][ T11] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5908] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5082] getdents64(3, ./strace-static-x86_64: Process 5916 attached [pid 5916] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 5916] memfd_create("syzkaller", 0) = 3 [pid 5916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5908] <... futex resumed>) = 0 [pid 5912] <... open resumed>) = 6 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5912] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] close(3 [pid 5912] <... futex resumed>) = 0 [pid 5908] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] <... close resumed>) = 0 [pid 5912] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5908] <... futex resumed>) = 0 [pid 5082] rmdir("./31" [pid 5912] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5908] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... rmdir resumed>) = 0 [pid 5082] mkdir("./32", 0777) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5082] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5082] close(3 [pid 5912] <... write resumed>) = 262144 [pid 5082] <... close resumed>) = 0 [ 107.901180][ T11] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 107.915491][ T11] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 107.929118][ T11] EXT4-fs (loop4): This should not happen!! Data will be lost [ 107.929118][ T11] [pid 5912] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5916] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5912] <... futex resumed>) = 1 [pid 5912] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5908] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5917 attached [pid 5908] exit_group(0 [pid 5083] <... umount2 resumed>) = 0 [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5917 [pid 5083] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5083] lstat("./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5917] set_robust_list(0x555556f1a5e0, 24 [pid 5908] <... exit_group resumed>) = ? [pid 5912] <... futex resumed>) = ? [pid 5083] openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5083] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5912] +++ exited with 0 +++ [pid 5917] <... set_robust_list resumed>) = 0 [pid 5908] +++ exited with 0 +++ [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5908, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5917] chdir("./32") = 0 [pid 5917] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5084] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5917] <... prctl resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] getdents64(4, [pid 5917] setpgid(0, 0 [pid 5916] <... write resumed>) = 1048576 [pid 5084] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5917] <... setpgid resumed>) = 0 [pid 5084] <... openat resumed>) = 3 [pid 5083] getdents64(4, [pid 5084] fstat(3, [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] close(4 [pid 5084] getdents64(3, [pid 5917] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] <... close resumed>) = 0 [pid 5917] <... openat resumed>) = 3 [pid 5916] munmap(0x7f56517c2000, 1048576 [pid 5086] <... umount2 resumed>) = 0 [pid 5084] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] rmdir("./31/bus" [pid 5917] write(3, "1000", 4 [pid 5916] <... munmap resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] <... rmdir resumed>) = 0 [pid 5917] <... write resumed>) = 4 [pid 5916] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5084] lstat("./32/binderfs", [pid 5083] getdents64(3, [pid 5916] <... openat resumed>) = 4 [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5916] ioctl(4, LOOP_SET_FD, 3 [ 107.986691][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 108.011278][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5084] unlink("./32/binderfs" [pid 5083] close(3 [pid 5917] close(3 [pid 5086] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] <... unlink resumed>) = 0 [pid 5083] <... close resumed>) = 0 [pid 5917] <... close resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] rmdir("./31" [pid 5917] symlink("/dev/binderfs", "./binderfs" [pid 5086] lstat("./31/bus", [pid 5083] <... rmdir resumed>) = 0 [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] mkdir("./32", 0777 [pid 5086] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... mkdir resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5086] openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] <... openat resumed>) = 3 [pid 5086] <... openat resumed>) = 4 [pid 5083] ioctl(3, LOOP_CLR_FD [pid 5086] fstat(4, [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] close(3 [pid 5086] getdents64(4, [pid 5083] <... close resumed>) = 0 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5086] getdents64(4, [pid 5917] <... symlink resumed>) = 0 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5918 [pid 5917] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] close(4 [pid 5917] <... futex resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5917] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5086] rmdir("./31/bus" [pid 5917] <... mmap resumed>) = 0x7f5659bc2000 [pid 5086] <... rmdir resumed>) = 0 [pid 5917] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5916] <... ioctl resumed>) = 0 [pid 5086] getdents64(3, [pid 5917] <... mprotect resumed>) = 0 [pid 5916] close(3 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5917] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5916] <... close resumed>) = 0 [pid 5086] close(3./strace-static-x86_64: Process 5918 attached [pid 5916] mkdir("./bus", 0777 [pid 5086] <... close resumed>) = 0 [pid 5918] set_robust_list(0x555556f1a5e0, 24 [pid 5916] <... mkdir resumed>) = 0 [pid 5086] rmdir("./31" [pid 5918] <... set_robust_list resumed>) = 0 [pid 5916] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5086] <... rmdir resumed>) = 0 [pid 5918] chdir("./32" [pid 5917] <... clone resumed>, parent_tid=[5919], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5919 [pid 5086] mkdir("./32", 0777 [pid 5918] <... chdir resumed>) = 0 [pid 5917] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... mkdir resumed>) = 0 [pid 5918] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5917] <... futex resumed>) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5918] <... prctl resumed>) = 0 [pid 5086] <... openat resumed>) = 3 [pid 5918] setpgid(0, 0 [pid 5917] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5086] ioctl(3, LOOP_CLR_FD [pid 5918] <... setpgid resumed>) = 0 [pid 5086] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5086] close(3 [pid 5918] <... openat resumed>) = 3 [pid 5086] <... close resumed>) = 0 [pid 5918] write(3, "1000", 4 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5918] <... write resumed>) = 4 [pid 5918] close(3 [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5920 [pid 5918] <... close resumed>) = 0 [pid 5918] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 5919 attached ) = 0 [pid 5918] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] set_robust_list(0x7f5659be29e0, 24 [pid 5918] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5920 attached [pid 5918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5920] set_robust_list(0x555556f1a5e0, 24 [pid 5919] <... set_robust_list resumed>) = 0 [pid 5918] <... mmap resumed>) = 0x7f5659bc2000 [pid 5920] <... set_robust_list resumed>) = 0 [pid 5918] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5920] chdir("./32" [pid 5919] memfd_create("syzkaller", 0 [pid 5918] <... mprotect resumed>) = 0 [pid 5085] <... umount2 resumed>) = 0 [pid 5920] <... chdir resumed>) = 0 [pid 5919] <... memfd_create resumed>) = 3 [pid 5918] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5920] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5920] <... prctl resumed>) = 0 [pid 5919] <... mmap resumed>) = 0x7f56517c2000 [pid 5918] <... clone resumed>, parent_tid=[5921], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5921 [pid 5920] setpgid(0, 0 [pid 5918] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5920] <... setpgid resumed>) = 0 [pid 5918] <... futex resumed>) = 0 [pid 5920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5918] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5921 attached [pid 5920] <... openat resumed>) = 3 [pid 5921] set_robust_list(0x7f5659be29e0, 24 [pid 5920] write(3, "1000", 4 [pid 5921] <... set_robust_list resumed>) = 0 [pid 5920] <... write resumed>) = 4 [pid 5921] memfd_create("syzkaller", 0 [pid 5920] close(3 [pid 5921] <... memfd_create resumed>) = 3 [pid 5920] <... close resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5920] symlink("/dev/binderfs", "./binderfs" [pid 5921] <... mmap resumed>) = 0x7f56517c2000 [pid 5920] <... symlink resumed>) = 0 [ 108.059044][ T5916] loop0: detected capacity change from 0 to 2048 [ 108.083066][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5085] lstat("./30/bus", [pid 5920] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [ 108.141058][ T11] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 108.153175][ T5916] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/31/bus supports timestamps until 2038 (0x7fffffff) [pid 5919] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5920] <... futex resumed>) = 0 [pid 5919] <... write resumed>) = 1048576 [pid 5085] umount2("./30/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./30/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, [pid 5920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5920] <... mmap resumed>) = 0x7f5659bc2000 [pid 5085] close(4 [pid 5920] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5085] <... close resumed>) = 0 [pid 5920] <... mprotect resumed>) = 0 [pid 5085] rmdir("./30/bus" [pid 5921] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5920] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5919] munmap(0x7f56517c2000, 1048576 [pid 5916] <... mount resumed>) = 0 [pid 5085] <... rmdir resumed>) = 0 [pid 5920] <... clone resumed>, parent_tid=[5925], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5925 [pid 5085] getdents64(3, [pid 5920] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5919] <... munmap resumed>) = 0 [pid 5916] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 5925 attached [pid 5919] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5916] <... openat resumed>) = 3 [ 108.181498][ T11] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 108.204897][ T11] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5925] set_robust_list(0x7f5659be29e0, 24 [pid 5919] <... openat resumed>) = 4 [pid 5916] chdir("./bus" [pid 5925] <... set_robust_list resumed>) = 0 [pid 5925] memfd_create("syzkaller", 0) = 3 [pid 5925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5925] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5921] <... write resumed>) = 1048576 [pid 5919] ioctl(4, LOOP_SET_FD, 3 [pid 5916] <... chdir resumed>) = 0 [pid 5085] close(3 [pid 5921] munmap(0x7f56517c2000, 1048576) = 0 [pid 5921] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5921] ioctl(4, LOOP_SET_FD, 3 [pid 5916] ioctl(4, LOOP_CLR_FD [pid 5085] <... close resumed>) = 0 [pid 5916] <... ioctl resumed>) = 0 [pid 5085] rmdir("./30" [pid 5919] <... ioctl resumed>) = 0 [pid 5916] close(4 [pid 5085] <... rmdir resumed>) = 0 [pid 5916] <... close resumed>) = 0 [pid 5085] mkdir("./31", 0777 [pid 5916] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... mkdir resumed>) = 0 [pid 5919] close(3 [pid 5916] <... futex resumed>) = 1 [pid 5915] <... futex resumed>) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5919] <... close resumed>) = 0 [pid 5916] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5915] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... openat resumed>) = 3 [pid 5919] mkdir("./bus", 0777 [pid 5916] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5915] <... futex resumed>) = 0 [pid 5085] ioctl(3, LOOP_CLR_FD [pid 5919] <... mkdir resumed>) = 0 [pid 5916] chdir("./file0" [pid 5915] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5919] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5916] <... chdir resumed>) = 0 [pid 5085] close(3 [pid 5916] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... close resumed>) = 0 [pid 5916] <... futex resumed>) = 1 [ 108.231053][ T11] EXT4-fs (loop3): This should not happen!! Data will be lost [ 108.231053][ T11] [ 108.244201][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 108.255008][ T5921] loop2: detected capacity change from 0 to 2048 [ 108.257854][ T5919] loop1: detected capacity change from 0 to 2048 [pid 5915] <... futex resumed>) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5925] <... write resumed>) = 1048576 [pid 5921] <... ioctl resumed>) = 0 [pid 5916] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5915] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] munmap(0x7f56517c2000, 1048576 [pid 5921] close(3 [pid 5915] <... futex resumed>) = 0 [pid 5925] <... munmap resumed>) = 0 [pid 5921] <... close resumed>) = 0 [pid 5915] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5921] mkdir("./bus", 0777 [pid 5925] <... openat resumed>) = 4 [pid 5921] <... mkdir resumed>) = 0 [pid 5925] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5926 attached [pid 5921] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5916] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5916] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5926 [pid 5925] <... ioctl resumed>) = 0 [pid 5925] close(3) = 0 [pid 5925] mkdir("./bus", 0777) = 0 [pid 5925] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5916] <... openat resumed>) = 4 [pid 5926] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 5916] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] chdir("./31" [pid 5916] <... futex resumed>) = 1 [pid 5926] <... chdir resumed>) = 0 [pid 5916] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5915] <... futex resumed>) = 0 [pid 5926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5926] setpgid(0, 0) = 0 [pid 5926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5926] write(3, "1000", 4 [pid 5915] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... write resumed>) = 4 [pid 5916] <... futex resumed>) = 0 [pid 5915] <... futex resumed>) = 1 [pid 5926] close(3 [ 108.297962][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 108.302365][ T5925] loop5: detected capacity change from 0 to 2048 [pid 5916] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5915] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5926] <... close resumed>) = 0 [pid 5916] <... write resumed>) = 262144 [pid 5926] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5926] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5926] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5084] <... umount2 resumed>) = 0 [pid 5926] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5933], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5933 [pid 5926] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5926] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5084] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5916] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] lstat("./32/bus", [pid 5916] <... futex resumed>) = 1 [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5916] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5919] <... mount resumed>) = 0 [pid 5084] <... openat resumed>) = 4 [pid 5919] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5084] fstat(4, [pid 5919] <... openat resumed>) = 3 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5919] chdir("./bus" [pid 5084] getdents64(4, [pid 5919] <... chdir resumed>) = 0 [pid 5915] <... futex resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5919] ioctl(4, LOOP_CLR_FD [pid 5915] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] getdents64(4, [pid 5919] <... ioctl resumed>) = 0 [pid 5916] <... futex resumed>) = 0 [pid 5915] <... futex resumed>) = 1 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 5933 attached [pid 5919] close(4 [pid 5916] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5915] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] close(4 [pid 5933] set_robust_list(0x7f5659be29e0, 24 [pid 5919] <... close resumed>) = 0 [pid 5916] <... mmap resumed>) = 0x20000000 [pid 5084] <... close resumed>) = 0 [pid 5919] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] rmdir("./32/bus" [pid 5919] <... futex resumed>) = 1 [pid 5917] <... futex resumed>) = 0 [pid 5916] <... futex resumed>) = 0 [pid 5915] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] <... rmdir resumed>) = 0 [pid 5919] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5917] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5915] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] getdents64(3, [pid 5919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5917] <... futex resumed>) = 0 [pid 5916] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5915] <... futex resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5933] <... set_robust_list resumed>) = 0 [pid 5919] chdir("./file0" [pid 5917] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 108.353866][ T5919] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/32/bus supports timestamps until 2038 (0x7fffffff) [ 108.355638][ T5921] ext4 filesystem being mounted at /root/syzkaller.22hR0w/32/bus supports timestamps until 2038 (0x7fffffff) [ 108.386193][ T5925] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/32/bus supports timestamps until 2038 (0x7fffffff) [pid 5916] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5915] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] close(3 [pid 5933] memfd_create("syzkaller", 0 [pid 5919] <... chdir resumed>) = 0 [pid 5916] <... open resumed>) = 5 [pid 5084] <... close resumed>) = 0 [pid 5921] <... mount resumed>) = 0 [pid 5919] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] rmdir("./32" [pid 5921] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5919] <... futex resumed>) = 1 [pid 5916] <... futex resumed>) = 0 [pid 5084] <... rmdir resumed>) = 0 [pid 5921] <... openat resumed>) = 3 [pid 5919] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5916] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] mkdir("./33", 0777 [pid 5921] chdir("./bus" [pid 5084] <... mkdir resumed>) = 0 [pid 5921] <... chdir resumed>) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5921] ioctl(4, LOOP_CLR_FD [pid 5084] <... openat resumed>) = 3 [pid 5921] <... ioctl resumed>) = 0 [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5921] close(4 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5921] <... close resumed>) = 0 [pid 5084] close(3 [pid 5921] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... close resumed>) = 0 [pid 5921] <... futex resumed>) = 1 [pid 5918] <... futex resumed>) = 0 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5921] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] <... futex resumed>) = 0 [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5934 [pid 5921] chdir("./file0" [pid 5918] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] <... mount resumed>) = 0 [pid 5925] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5925] chdir("./bus") = 0 [pid 5925] ioctl(4, LOOP_CLR_FD [pid 5917] <... futex resumed>) = 0 [pid 5915] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5921] <... chdir resumed>) = 0 [pid 5917] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] <... memfd_create resumed>) = 3 [pid 5921] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... futex resumed>) = 0 [pid 5917] <... futex resumed>) = 1 [pid 5916] <... futex resumed>) = 0 [pid 5915] <... futex resumed>) = 1 [pid 5921] <... futex resumed>) = 1 [pid 5919] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5918] <... futex resumed>) = 0 [pid 5917] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5916] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5915] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5921] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] <... mount resumed>) = 0 [pid 5921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] <... futex resumed>) = 0 [pid 5916] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] <... mmap resumed>) = 0x7f56517c2000 [pid 5921] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5919] <... openat resumed>) = 4 [pid 5918] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5916] <... futex resumed>) = 1 [pid 5915] <... futex resumed>) = 0 [pid 5916] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5915] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5915] <... futex resumed>) = 0 [pid 5916] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5921] <... openat resumed>) = 4 [pid 5919] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] <... open resumed>) = 6 [pid 5915] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... futex resumed>) = 1 [pid 5917] <... futex resumed>) = 0 [pid 5916] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5925] <... ioctl resumed>) = 0 [pid 5921] <... futex resumed>) = 1 [pid 5919] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] <... futex resumed>) = 0 [pid 5917] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] <... futex resumed>) = 0 [pid 5915] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] <... futex resumed>) = 0 [pid 5916] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5915] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5934 attached [pid 5933] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5925] close(4 [pid 5921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5919] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5918] <... futex resumed>) = 0 [pid 5917] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5934] set_robust_list(0x555556f1a5e0, 24 [pid 5925] <... close resumed>) = 0 [pid 5921] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5916] <... write resumed>) = 262144 [pid 5916] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5916] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5915] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5921] <... write resumed>) = 262144 [pid 5925] <... futex resumed>) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5934] <... set_robust_list resumed>) = 0 [pid 5925] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] exit_group(0 [pid 5934] chdir("./33" [pid 5925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] <... futex resumed>) = 0 [pid 5916] <... futex resumed>) = ? [pid 5915] <... exit_group resumed>) = ? [pid 5934] <... chdir resumed>) = 0 [pid 5925] chdir("./file0" [pid 5920] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5916] +++ exited with 0 +++ [pid 5915] +++ exited with 0 +++ [pid 5934] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5925] <... chdir resumed>) = 0 [ 108.418014][ T27] kauditd_printk_skb: 13 callbacks suppressed [ 108.418032][ T27] audit: type=1800 audit(1678856059.815:192): pid=5916 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop0" ino=19 res=0 errno=0 [pid 5934] <... prctl resumed>) = 0 [pid 5933] <... write resumed>) = 1048576 [pid 5925] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5915, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5934] setpgid(0, 0 [pid 5925] <... futex resumed>) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5081] restart_syscall(<... resuming interrupted clone ...> [pid 5934] <... setpgid resumed>) = 0 [pid 5925] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... restart_syscall resumed>) = 0 [pid 5934] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] <... futex resumed>) = 0 [pid 5934] <... openat resumed>) = 3 [pid 5925] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5920] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5934] write(3, "1000", 4 [pid 5081] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5934] <... write resumed>) = 4 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5934] close(3 [pid 5081] <... openat resumed>) = 3 [pid 5925] <... openat resumed>) = 4 [pid 5081] fstat(3, [pid 5934] <... close resumed>) = 0 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5934] symlink("/dev/binderfs", "./binderfs" [pid 5925] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] getdents64(3, [pid 5934] <... symlink resumed>) = 0 [pid 5920] <... futex resumed>) = 0 [pid 5925] <... futex resumed>) = 1 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5934] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5934] <... futex resumed>) = 0 [pid 5925] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5920] <... futex resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5934] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5933] munmap(0x7f56517c2000, 1048576 [pid 5920] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] lstat("./31/binderfs", [pid 5934] <... mmap resumed>) = 0x7f5659bc2000 [pid 5933] <... munmap resumed>) = 0 [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5934] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5933] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5081] unlink("./31/binderfs" [pid 5934] <... mprotect resumed>) = 0 [pid 5933] <... openat resumed>) = 4 [pid 5081] <... unlink resumed>) = 0 [pid 5934] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5933] ioctl(4, LOOP_SET_FD, 3 [pid 5081] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5919] <... write resumed>) = 262144 [pid 5917] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5934] <... clone resumed>, parent_tid=[5935], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5935 [pid 5917] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5934] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5935 attached [pid 5934] <... futex resumed>) = 0 [pid 5921] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5919] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5934] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5917] <... mmap resumed>) = 0x7f56518a1000 [pid 5935] set_robust_list(0x7f5659be29e0, 24 [pid 5921] <... futex resumed>) = 1 [pid 5919] <... futex resumed>) = 0 [pid 5918] <... futex resumed>) = 0 [pid 5917] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 5935] <... set_robust_list resumed>) = 0 [pid 5921] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5919] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5917] <... mprotect resumed>) = 0 [pid 5935] memfd_create("syzkaller", 0 [pid 5921] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5918] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5917] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5933] <... ioctl resumed>) = 0 [pid 5925] <... write resumed>) = 262144 [pid 5935] <... memfd_create resumed>) = 3 [pid 5917] <... clone resumed>, parent_tid=[5936], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 5936 [pid 5935] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5933] close(3 [pid 5925] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... mmap resumed>) = 0x20000000 ./strace-static-x86_64: Process 5936 attached [pid 5935] <... mmap resumed>) = 0x7f56517c2000 [pid 5933] <... close resumed>) = 0 [pid 5925] <... futex resumed>) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5917] <... futex resumed>) = 0 [pid 5933] mkdir("./bus", 0777 [pid 5925] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5921] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5936] set_robust_list(0x7f56518c19e0, 24 [pid 5933] <... mkdir resumed>) = 0 [pid 5925] <... mmap resumed>) = 0x20000000 [pid 5920] <... futex resumed>) = 0 [pid 5917] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... futex resumed>) = 1 [pid 5918] <... futex resumed>) = 0 [pid 5936] <... set_robust_list resumed>) = 0 [pid 5933] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5925] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 108.523564][ T5933] loop4: detected capacity change from 0 to 2048 [ 108.538740][ T11] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5918] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5936] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5925] <... futex resumed>) = 0 [pid 5921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] <... futex resumed>) = 0 [pid 5925] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] <... futex resumed>) = 0 [pid 5925] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5920] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5936] <... mmap resumed>) = 0x20000000 [pid 5935] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5925] <... open resumed>) = 5 [pid 5921] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5918] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5925] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] <... futex resumed>) = 0 [pid 5925] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5920] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] <... mount resumed>) = 0 [pid 5925] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5925] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] <... futex resumed>) = 0 [pid 5925] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5920] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] <... open resumed>) = 6 [pid 5925] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5920] <... futex resumed>) = 0 [pid 5936] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5920] <... futex resumed>) = 0 [pid 5925] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5920] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] <... open resumed>) = 5 [pid 5917] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5936] <... futex resumed>) = 0 [pid 5917] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5936] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] <... write resumed>) = 262144 [pid 5921] <... futex resumed>) = 1 [pid 5919] <... futex resumed>) = 0 [pid 5918] <... futex resumed>) = 0 [pid 5917] <... futex resumed>) = 1 [pid 5925] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 5919] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5918] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [ 108.566904][ T11] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 108.572530][ T27] audit: type=1800 audit(1678856059.975:193): pid=5925 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop5" ino=19 res=0 errno=0 [ 108.580025][ T11] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 108.608824][ T11] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5917] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5935] <... write resumed>) = 1048576 [pid 5925] <... futex resumed>) = 1 [pid 5921] <... mount resumed>) = 0 [pid 5920] <... futex resumed>) = 0 [pid 5919] <... open resumed>) = 5 [pid 5918] <... futex resumed>) = 0 [pid 5925] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5920] exit_group(0 [pid 5925] <... futex resumed>) = ? [pid 5920] <... exit_group resumed>) = ? [pid 5935] munmap(0x7f56517c2000, 1048576 [pid 5925] +++ exited with 0 +++ [pid 5921] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] +++ exited with 0 +++ [pid 5919] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5920, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5935] <... munmap resumed>) = 0 [pid 5921] <... futex resumed>) = 0 [pid 5919] <... futex resumed>) = 1 [pid 5918] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5917] <... futex resumed>) = 0 [pid 5086] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5086] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./32/binderfs" [ 108.640826][ T5933] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/31/bus supports timestamps until 2038 (0x7fffffff) [ 108.641415][ T11] EXT4-fs (loop0): This should not happen!! Data will be lost [ 108.641415][ T11] [ 108.664449][ T11] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5935] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5921] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5919] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5918] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... unlink resumed>) = 0 [pid 5935] <... openat resumed>) = 4 [pid 5933] <... mount resumed>) = 0 [pid 5921] <... open resumed>) = 6 [pid 5935] ioctl(4, LOOP_SET_FD, 3 [ 108.680030][ T11] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 108.691531][ T27] audit: type=1800 audit(1678856060.035:194): pid=5921 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop2" ino=19 res=0 errno=0 [ 108.724518][ T75] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5933] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5921] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... mount resumed>) = 0 [pid 5918] <... futex resumed>) = 0 [pid 5917] <... futex resumed>) = 0 [pid 5086] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5933] <... openat resumed>) = 3 [pid 5921] <... futex resumed>) = 0 [pid 5917] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5918] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] chdir("./bus" [pid 5919] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] <... chdir resumed>) = 0 [pid 5933] ioctl(4, LOOP_CLR_FD) = 0 [pid 5933] close(4) = 0 [pid 5933] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5933] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] <... futex resumed>) = 0 [pid 5921] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5919] <... futex resumed>) = 0 [pid 5918] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5917] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5926] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] <... futex resumed>) = 0 [pid 5926] <... futex resumed>) = 1 [pid 5918] <... futex resumed>) = 1 [pid 5921] <... futex resumed>) = 0 [pid 5917] <... futex resumed>) = 0 [pid 5919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5933] chdir("./file0" [pid 5926] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5919] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5918] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5917] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] <... chdir resumed>) = 0 [pid 5933] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... open resumed>) = 6 [pid 5933] <... futex resumed>) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5919] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5919] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5933] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] <... futex resumed>) = 0 [pid 5933] <... futex resumed>) = 0 [pid 5926] <... futex resumed>) = 1 [pid 5917] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5926] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] <... futex resumed>) = 0 [pid 5917] <... futex resumed>) = 1 [pid 5919] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 108.736582][ T27] audit: type=1800 audit(1678856060.045:195): pid=5919 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop1" ino=19 res=0 errno=0 [ 108.764731][ T5935] loop3: detected capacity change from 0 to 2048 [ 108.782246][ T75] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5917] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5933] <... openat resumed>) = 4 [pid 5933] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5933] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5926] <... futex resumed>) = 0 [pid 5933] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5926] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5935] <... ioctl resumed>) = 0 [pid 5935] close(3) = 0 [pid 5935] mkdir("./bus", 0777) = 0 [pid 5935] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5918] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5933] <... write resumed>) = 262144 [pid 5921] <... write resumed>) = 262144 [pid 5917] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5081] <... umount2 resumed>) = 0 [pid 5933] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] exit_group(0 [pid 5081] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5933] <... futex resumed>) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5921] <... futex resumed>) = ? [pid 5918] <... exit_group resumed>) = ? [pid 5933] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] +++ exited with 0 +++ [pid 5919] <... write resumed>) = 262144 [pid 5919] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5926] <... futex resumed>) = 0 [pid 5918] +++ exited with 0 +++ [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5933] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5926] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] <... futex resumed>) = 0 [pid 5917] exit_group(0 [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5918, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5081] lstat("./31/bus", [pid 5919] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5933] <... mmap resumed>) = 0x20000000 [pid 5936] <... futex resumed>) = ? [pid 5933] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... futex resumed>) = ? [pid 5917] <... exit_group resumed>) = ? [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5936] +++ exited with 0 +++ [pid 5933] <... futex resumed>) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5919] +++ exited with 0 +++ [ 108.817253][ T75] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [pid 5933] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5926] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] +++ exited with 0 +++ [pid 5081] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5933] <... open resumed>) = 5 [pid 5926] <... futex resumed>) = 0 [pid 5083] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5917, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5933] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5081] <... openat resumed>) = 4 [pid 5083] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5933] <... futex resumed>) = 0 [pid 5926] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] fstat(4, [pid 5083] <... openat resumed>) = 3 [pid 5933] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 5926] <... futex resumed>) = 0 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5933] <... mount resumed>) = 0 [pid 5926] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] getdents64(4, [pid 5933] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] fstat(3, [pid 5082] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5933] <... futex resumed>) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5082] <... openat resumed>) = 3 [pid 5081] getdents64(4, [pid 5933] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 108.858847][ T75] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 108.872543][ T27] audit: type=1800 audit(1678856060.275:196): pid=5933 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop4" ino=19 res=0 errno=0 [ 108.874483][ T75] EXT4-fs (loop5): This should not happen!! Data will be lost [ 108.874483][ T75] [pid 5082] fstat(3, [pid 5926] <... futex resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5926] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5933] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] getdents64(3, [pid 5081] close(4 [pid 5933] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5082] getdents64(3, [pid 5081] <... close resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5933] <... open resumed>) = 6 [pid 5083] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] rmdir("./31/bus" [pid 5935] <... mount resumed>) = 0 [pid 5933] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5935] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5933] <... futex resumed>) = 1 [pid 5926] <... futex resumed>) = 0 [pid 5083] lstat("./32/binderfs", [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] <... rmdir resumed>) = 0 [pid 5933] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5926] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] lstat("./32/binderfs", [pid 5081] getdents64(3, [pid 5933] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5926] <... futex resumed>) = 0 [pid 5083] unlink("./32/binderfs" [pid 5082] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5935] <... openat resumed>) = 3 [pid 5933] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5926] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... unlink resumed>) = 0 [pid 5082] unlink("./32/binderfs" [pid 5081] close(3 [pid 5935] chdir("./bus") = 0 [pid 5935] ioctl(4, LOOP_CLR_FD) = 0 [pid 5083] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [ 108.911351][ T5935] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/33/bus supports timestamps until 2038 (0x7fffffff) [ 108.926617][ T75] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 108.941387][ T75] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5935] close(4 [pid 5082] <... unlink resumed>) = 0 [pid 5081] <... close resumed>) = 0 [pid 5933] <... write resumed>) = 262144 [pid 5082] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] rmdir("./31" [pid 5935] <... close resumed>) = 0 [pid 5081] <... rmdir resumed>) = 0 [pid 5935] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] mkdir("./32", 0777 [pid 5935] <... futex resumed>) = 1 [pid 5934] <... futex resumed>) = 0 [pid 5933] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... mkdir resumed>) = 0 [pid 5935] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5934] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5935] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5934] <... futex resumed>) = 0 [pid 5081] <... openat resumed>) = 3 [pid 5935] chdir("./file0" [pid 5934] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5926] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5081] ioctl(3, LOOP_CLR_FD [pid 5935] <... chdir resumed>) = 0 [pid 5933] <... futex resumed>) = 0 [pid 5926] exit_group(0 [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [ 108.957946][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 108.981364][ T11] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 108.991489][ T11] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [pid 5935] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... exit_group resumed>) = ? [pid 5081] close(3 [pid 5935] <... futex resumed>) = 1 [pid 5934] <... futex resumed>) = 0 [pid 5933] +++ exited with 0 +++ [pid 5926] +++ exited with 0 +++ [pid 5081] <... close resumed>) = 0 [pid 5935] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5934] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5935] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5934] <... futex resumed>) = 0 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5926, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5935] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5934] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] restart_syscall(<... resuming interrupted clone ...> [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5941 [pid 5935] <... openat resumed>) = 4 [pid 5085] <... restart_syscall resumed>) = 0 [pid 5935] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5934] <... futex resumed>) = 0 [pid 5935] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5934] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5935] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5934] <... futex resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 109.003560][ T11] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 109.016481][ T11] EXT4-fs (loop2): This should not happen!! Data will be lost [ 109.016481][ T11] [ 109.025376][ T1062] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 109.027724][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 ./strace-static-x86_64: Process 5941 attached [pid 5935] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5934] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5941] set_robust_list(0x555556f1a5e0, 24 [pid 5085] <... openat resumed>) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5085] umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5941] <... set_robust_list resumed>) = 0 [pid 5935] <... write resumed>) = 262144 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5941] chdir("./32" [pid 5085] lstat("./31/binderfs", [pid 5941] <... chdir resumed>) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5941] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5085] unlink("./31/binderfs" [pid 5941] <... prctl resumed>) = 0 [pid 5085] <... unlink resumed>) = 0 [pid 5941] setpgid(0, 0 [pid 5085] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5941] <... setpgid resumed>) = 0 [ 109.052848][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5941] write(3, "1000", 4) = 4 [pid 5935] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] close(3) = 0 [pid 5935] <... futex resumed>) = 1 [pid 5934] <... futex resumed>) = 0 [pid 5941] symlink("/dev/binderfs", "./binderfs" [pid 5935] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5934] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... symlink resumed>) = 0 [pid 5935] <... mmap resumed>) = 0x20000000 [pid 5934] <... futex resumed>) = 0 [pid 5941] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5934] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5941] <... futex resumed>) = 0 [pid 5935] <... futex resumed>) = 0 [pid 5934] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5935] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5934] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... mmap resumed>) = 0x7f5659bc2000 [pid 5935] <... open resumed>) = 5 [pid 5934] <... futex resumed>) = 0 [pid 5941] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5935] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5934] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5941] <... mprotect resumed>) = 0 [pid 5935] <... futex resumed>) = 0 [pid 5934] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5941] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5935] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 5934] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] <... mount resumed>) = 0 [pid 5934] <... futex resumed>) = 0 [pid 5941] <... clone resumed>, parent_tid=[5942], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5942 [pid 5935] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5934] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5941] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] <... futex resumed>) = 0 [pid 5934] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5941] <... futex resumed>) = 0 [ 109.083828][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 109.091422][ T1062] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5935] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5934] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5942 attached [pid 5941] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5935] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5934] <... futex resumed>) = 0 [pid 5942] set_robust_list(0x7f5659be29e0, 24 [pid 5935] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5934] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5942] <... set_robust_list resumed>) = 0 [pid 5935] <... open resumed>) = 6 [pid 5083] <... umount2 resumed>) = 0 [pid 5942] memfd_create("syzkaller", 0 [pid 5935] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... memfd_create resumed>) = 3 [pid 5935] <... futex resumed>) = 1 [pid 5934] <... futex resumed>) = 0 [pid 5942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5935] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5934] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = 0 [pid 5083] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5942] <... mmap resumed>) = 0x7f56517c2000 [pid 5935] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5934] <... futex resumed>) = 0 [pid 5942] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5935] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5934] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] lstat("./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5935] <... write resumed>) = 262144 [pid 5086] lstat("./32/bus", [pid 5083] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5935] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5934] <... futex resumed>) = 0 [pid 5935] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5934] exit_group(0 [pid 5935] <... futex resumed>) = ? [ 109.120200][ T27] audit: type=1800 audit(1678856060.525:197): pid=5935 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop3" ino=19 res=0 errno=0 [ 109.147226][ T11] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 109.157808][ T1062] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:6: mark_inode_dirty error [pid 5934] <... exit_group resumed>) = ? [pid 5935] +++ exited with 0 +++ [pid 5934] +++ exited with 0 +++ [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5934, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5084] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5084] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5084] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] getdents64(3, [pid 5086] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5084] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] lstat("./33/binderfs", [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5083] <... openat resumed>) = 4 [pid 5084] unlink("./33/binderfs") = 0 [ 109.173927][ T11] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 109.186963][ T1062] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 109.200296][ T11] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 109.213750][ T1062] EXT4-fs (loop1): This should not happen!! Data will be lost [ 109.213750][ T1062] [ 109.223822][ T11] EXT4-fs (loop4): This should not happen!! Data will be lost [ 109.223822][ T11] [pid 5084] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] fstat(4, [pid 5942] <... write resumed>) = 1048576 [pid 5086] <... openat resumed>) = 4 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] fstat(4, [pid 5083] getdents64(4, [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, [pid 5083] getdents64(4, [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5942] munmap(0x7f56517c2000, 1048576) = 0 [pid 5942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5942] ioctl(4, LOOP_SET_FD, 3 [pid 5086] getdents64(4, [ 109.224590][ T948] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 109.235273][ T1062] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 109.262526][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 109.273412][ T5942] loop0: detected capacity change from 0 to 2048 [pid 5083] close(4 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5083] <... close resumed>) = 0 [pid 5086] close(4 [pid 5083] rmdir("./32/bus" [pid 5086] <... close resumed>) = 0 [pid 5083] <... rmdir resumed>) = 0 [pid 5086] rmdir("./32/bus" [pid 5083] getdents64(3, [pid 5086] <... rmdir resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5086] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5083] close(3 [pid 5086] close(3 [pid 5083] <... close resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5083] rmdir("./32" [pid 5086] rmdir("./32" [pid 5083] <... rmdir resumed>) = 0 [ 109.276104][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 109.295803][ T1062] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 109.315630][ T5123] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [pid 5086] <... rmdir resumed>) = 0 [pid 5083] mkdir("./33", 0777 [pid 5086] mkdir("./33", 0777 [pid 5083] <... mkdir resumed>) = 0 [pid 5942] <... ioctl resumed>) = 0 [pid 5942] close(3 [pid 5086] <... mkdir resumed>) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5083] <... openat resumed>) = 3 [pid 5082] <... umount2 resumed>) = 0 [pid 5942] <... close resumed>) = 0 [pid 5086] <... openat resumed>) = 3 [ 109.338065][ T948] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 109.373099][ T948] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [pid 5942] mkdir("./bus", 0777) = 0 [pid 5086] ioctl(3, LOOP_CLR_FD [pid 5083] ioctl(3, LOOP_CLR_FD [pid 5082] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5942] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5086] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] close(3 [pid 5083] close(3 [pid 5082] lstat("./32/bus", [pid 5086] <... close resumed>) = 0 [pid 5085] <... umount2 resumed>) = 0 [pid 5083] <... close resumed>) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5082] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./31/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 109.386006][ T948] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 109.399366][ T948] EXT4-fs (loop3): This should not happen!! Data will be lost [ 109.399366][ T948] [ 109.414337][ T948] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 5085] umount2("./31/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./31/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 ./strace-static-x86_64: Process 5943 attached [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5943 [pid 5085] getdents64(4, [pid 5082] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5943] set_robust_list(0x555556f1a5e0, 24 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5944 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5085] close(4./strace-static-x86_64: Process 5944 attached [pid 5943] <... set_robust_list resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5082] openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5944] set_robust_list(0x555556f1a5e0, 24 [pid 5943] chdir("./33" [pid 5085] rmdir("./31/bus" [pid 5082] <... openat resumed>) = 4 [pid 5944] <... set_robust_list resumed>) = 0 [pid 5943] <... chdir resumed>) = 0 [pid 5085] <... rmdir resumed>) = 0 [pid 5084] <... umount2 resumed>) = 0 [pid 5082] fstat(4, [pid 5944] chdir("./33" [pid 5943] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5085] getdents64(3, [pid 5084] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5944] <... chdir resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5944] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5085] close(3 [pid 5944] <... prctl resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5944] setpgid(0, 0 [pid 5085] rmdir("./31" [pid 5944] <... setpgid resumed>) = 0 [pid 5085] <... rmdir resumed>) = 0 [pid 5944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5943] <... prctl resumed>) = 0 [ 109.428616][ T948] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 5085] mkdir("./32", 0777 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] getdents64(4, [pid 5944] <... openat resumed>) = 3 [pid 5943] setpgid(0, 0 [pid 5085] <... mkdir resumed>) = 0 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5944] write(3, "1000", 4 [pid 5943] <... setpgid resumed>) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5084] lstat("./33/bus", [pid 5082] getdents64(4, [pid 5943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5944] <... write resumed>) = 4 [pid 5943] <... openat resumed>) = 3 [pid 5085] <... openat resumed>) = 3 [pid 5084] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] close(4 [pid 5943] write(3, "1000", 4 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... close resumed>) = 0 [pid 5943] <... write resumed>) = 4 [pid 5084] openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] rmdir("./32/bus" [pid 5944] close(3 [pid 5943] close(3 [pid 5942] <... mount resumed>) = 0 [pid 5085] ioctl(3, LOOP_CLR_FD [pid 5084] <... openat resumed>) = 4 [pid 5082] <... rmdir resumed>) = 0 [pid 5944] <... close resumed>) = 0 [pid 5943] <... close resumed>) = 0 [pid 5942] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5084] fstat(4, [pid 5082] getdents64(3, [pid 5944] symlink("/dev/binderfs", "./binderfs" [pid 5943] symlink("/dev/binderfs", "./binderfs" [pid 5942] <... openat resumed>) = 3 [pid 5085] close(3 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5944] <... symlink resumed>) = 0 [pid 5943] <... symlink resumed>) = 0 [pid 5942] chdir("./bus" [pid 5085] <... close resumed>) = 0 [pid 5942] <... chdir resumed>) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5942] ioctl(4, LOOP_CLR_FD) = 0 [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5948 [pid 5942] close(4) = 0 [pid 5942] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5941] <... futex resumed>) = 0 [pid 5942] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5941] <... futex resumed>) = 0 [pid 5942] chdir("./file0" [pid 5941] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5942] <... chdir resumed>) = 0 [pid 5942] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5941] <... futex resumed>) = 0 [pid 5942] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5941] <... futex resumed>) = 0 [pid 5942] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5941] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5944] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] getdents64(4, [pid 5082] close(3 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5944] <... futex resumed>) = 0 [pid 5082] <... close resumed>) = 0 [ 109.482826][ T5942] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/32/bus supports timestamps until 2038 (0x7fffffff) ./strace-static-x86_64: Process 5948 attached [pid 5944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5943] <... futex resumed>) = 0 [pid 5942] <... openat resumed>) = 4 [pid 5084] getdents64(4, [pid 5082] rmdir("./32") = 0 [pid 5944] <... mmap resumed>) = 0x7f5659bc2000 [pid 5943] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5942] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5084] close(4 [pid 5943] <... mmap resumed>) = 0x7f5659bc2000 [pid 5942] <... futex resumed>) = 1 [pid 5941] <... futex resumed>) = 0 [pid 5944] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5084] <... close resumed>) = 0 [pid 5082] mkdir("./33", 0777 [pid 5948] set_robust_list(0x555556f1a5e0, 24 [pid 5944] <... mprotect resumed>) = 0 [pid 5943] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5942] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] rmdir("./33/bus" [pid 5082] <... mkdir resumed>) = 0 [pid 5948] <... set_robust_list resumed>) = 0 [pid 5944] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5943] <... mprotect resumed>) = 0 [pid 5942] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5941] <... futex resumed>) = 0 [pid 5084] <... rmdir resumed>) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5948] chdir("./32" [pid 5943] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5942] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5941] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] getdents64(3, [pid 5082] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5950 attached ./strace-static-x86_64: Process 5949 attached [pid 5948] <... chdir resumed>) = 0 [pid 5944] <... clone resumed>, parent_tid=[5949], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5949 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] ioctl(3, LOOP_CLR_FD [pid 5950] set_robust_list(0x7f5659be29e0, 24 [pid 5949] set_robust_list(0x7f5659be29e0, 24 [pid 5944] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... clone resumed>, parent_tid=[5950], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5950 [pid 5084] close(3 [pid 5950] <... set_robust_list resumed>) = 0 [pid 5949] <... set_robust_list resumed>) = 0 [pid 5948] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5944] <... futex resumed>) = 0 [pid 5943] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... close resumed>) = 0 [pid 5082] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5950] memfd_create("syzkaller", 0 [pid 5949] memfd_create("syzkaller", 0 [pid 5948] <... prctl resumed>) = 0 [pid 5944] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5943] <... futex resumed>) = 0 [pid 5084] rmdir("./33" [pid 5082] close(3 [pid 5950] <... memfd_create resumed>) = 3 [pid 5949] <... memfd_create resumed>) = 3 [pid 5948] setpgid(0, 0 [pid 5943] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5084] <... rmdir resumed>) = 0 [pid 5082] <... close resumed>) = 0 [pid 5948] <... setpgid resumed>) = 0 [pid 5084] mkdir("./34", 0777 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5084] <... mkdir resumed>) = 0 [pid 5948] <... openat resumed>) = 3 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5951 [pid 5950] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5948] write(3, "1000", 4 [pid 5942] <... write resumed>) = 262144 [pid 5084] <... openat resumed>) = 3 [pid 5950] <... mmap resumed>) = 0x7f56517c2000 [pid 5949] <... mmap resumed>) = 0x7f56517c2000 [pid 5948] <... write resumed>) = 4 [pid 5084] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5951 attached [pid 5950] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5942] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] set_robust_list(0x555556f1a5e0, 24 [pid 5942] <... futex resumed>) = 1 [pid 5941] <... futex resumed>) = 0 [pid 5951] <... set_robust_list resumed>) = 0 [pid 5942] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5941] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] chdir("./33" [pid 5942] <... mmap resumed>) = 0x20000000 [pid 5941] <... futex resumed>) = 0 [pid 5951] <... chdir resumed>) = 0 [pid 5941] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5942] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... prctl resumed>) = 0 [pid 5942] <... futex resumed>) = 1 [pid 5941] <... futex resumed>) = 0 [pid 5951] setpgid(0, 0 [pid 5942] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5941] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... setpgid resumed>) = 0 [pid 5950] <... write resumed>) = 1048576 [pid 5949] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5948] close(3 [pid 5941] <... futex resumed>) = 0 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5950] munmap(0x7f56517c2000, 1048576 [pid 5942] <... open resumed>) = 5 [pid 5941] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] <... openat resumed>) = 3 [pid 5948] <... close resumed>) = 0 [pid 5942] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] close(3 [pid 5951] write(3, "1000", 4 [pid 5948] symlink("/dev/binderfs", "./binderfs" [pid 5942] <... futex resumed>) = 0 [pid 5941] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... close resumed>) = 0 [pid 5951] <... write resumed>) = 4 [pid 5942] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5941] <... futex resumed>) = 0 [pid 5951] close(3 [pid 5942] <... mount resumed>) = 0 [pid 5941] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] <... close resumed>) = 0 [pid 5942] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5951] symlink("/dev/binderfs", "./binderfs" [pid 5942] <... futex resumed>) = 0 [pid 5941] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... symlink resumed>) = 0 [pid 5950] <... munmap resumed>) = 0 [pid 5949] <... write resumed>) = 1048576 [pid 5948] <... symlink resumed>) = 0 [pid 5942] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5941] <... futex resumed>) = 0 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5951] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5949] munmap(0x7f56517c2000, 1048576 [pid 5948] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... open resumed>) = 6 [pid 5941] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] <... futex resumed>) = 0 [pid 5950] <... openat resumed>) = 4 [pid 5949] <... munmap resumed>) = 0 [pid 5942] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5951] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5950] ioctl(4, LOOP_SET_FD, 3 [pid 5949] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5948] <... futex resumed>) = 0 [pid 5942] <... futex resumed>) = 0 [pid 5941] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... mmap resumed>) = 0x7f5659bc2000 [pid 5949] <... openat resumed>) = 4 [pid 5942] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5941] <... futex resumed>) = 0 [pid 5951] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [ 109.610911][ T27] audit: type=1800 audit(1678856061.015:198): pid=5942 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop0" ino=19 res=0 errno=0 [ 109.647463][ T5950] loop5: detected capacity change from 0 to 2048 [pid 5949] ioctl(4, LOOP_SET_FD, 3 [pid 5948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5941] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5952 ./strace-static-x86_64: Process 5952 attached [pid 5951] <... mprotect resumed>) = 0 [pid 5950] <... ioctl resumed>) = 0 [pid 5948] <... mmap resumed>) = 0x7f5659bc2000 [pid 5942] <... write resumed>) = 262144 [pid 5952] set_robust_list(0x555556f1a5e0, 24 [pid 5951] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5950] close(3 [pid 5949] <... ioctl resumed>) = 0 [pid 5948] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5942] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] <... set_robust_list resumed>) = 0 [pid 5950] <... close resumed>) = 0 [pid 5948] <... mprotect resumed>) = 0 [pid 5942] <... futex resumed>) = 1 [pid 5952] chdir("./34" [pid 5950] mkdir("./bus", 0777 [pid 5948] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5942] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5954 attached ./strace-static-x86_64: Process 5953 attached [pid 5952] <... chdir resumed>) = 0 [pid 5950] <... mkdir resumed>) = 0 [pid 5949] close(3 [pid 5952] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5950] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5948] <... clone resumed>, parent_tid=[5954], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5954 [pid 5941] exit_group(0 [pid 5951] <... clone resumed>, parent_tid=[5953], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5953 [pid 5954] set_robust_list(0x7f5659be29e0, 24 [pid 5953] set_robust_list(0x7f5659be29e0, 24 [pid 5952] <... prctl resumed>) = 0 [pid 5951] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... close resumed>) = 0 [pid 5948] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = ? [pid 5941] <... exit_group resumed>) = ? [pid 5954] <... set_robust_list resumed>) = 0 [pid 5953] <... set_robust_list resumed>) = 0 [pid 5952] setpgid(0, 0 [pid 5951] <... futex resumed>) = 0 [pid 5949] mkdir("./bus", 0777 [pid 5948] <... futex resumed>) = 0 [pid 5942] +++ exited with 0 +++ [pid 5954] memfd_create("syzkaller", 0 [pid 5953] memfd_create("syzkaller", 0 [pid 5952] <... setpgid resumed>) = 0 [pid 5951] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5949] <... mkdir resumed>) = 0 [pid 5948] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5941] +++ exited with 0 +++ [pid 5954] <... memfd_create resumed>) = 3 [pid 5953] <... memfd_create resumed>) = 3 [pid 5952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5949] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5953] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5952] <... openat resumed>) = 3 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5941, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5954] <... mmap resumed>) = 0x7f56517c2000 [pid 5953] <... mmap resumed>) = 0x7f56517c2000 [pid 5952] write(3, "1000", 4 [pid 5081] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5954] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5952] <... write resumed>) = 4 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5952] close(3 [pid 5081] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5953] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5081] <... openat resumed>) = 3 [pid 5952] <... close resumed>) = 0 [pid 5081] fstat(3, [pid 5952] symlink("/dev/binderfs", "./binderfs" [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5952] <... symlink resumed>) = 0 [pid 5081] getdents64(3, [pid 5952] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5952] <... futex resumed>) = 0 [ 109.663833][ T5949] loop2: detected capacity change from 0 to 2048 [pid 5081] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] lstat("./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5081] unlink("./32/binderfs") = 0 [pid 5081] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5953] <... write resumed>) = 1048576 [pid 5953] munmap(0x7f56517c2000, 1048576) = 0 [pid 5953] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5953] ioctl(4, LOOP_SET_FD, 3 [pid 5952] <... mmap resumed>) = 0x7f5659bc2000 [pid 5952] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5952] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5959 attached [pid 5959] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 5959] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] <... write resumed>) = 1048576 [pid 5954] munmap(0x7f56517c2000, 1048576) = 0 [ 109.725336][ T5950] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/33/bus supports timestamps until 2038 (0x7fffffff) [ 109.738397][ T948] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 109.739966][ T5953] loop1: detected capacity change from 0 to 2048 [ 109.752980][ T948] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5954] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5954] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5954] close(3) = 0 [pid 5954] mkdir("./bus", 0777) = 0 [pid 5954] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5952] <... clone resumed>, parent_tid=[5959], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5959 [pid 5952] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5959] <... futex resumed>) = 0 [pid 5952] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5959] memfd_create("syzkaller", 0) = 3 [pid 5959] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5950] <... mount resumed>) = 0 [pid 5950] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5950] chdir("./bus") = 0 [pid 5950] ioctl(4, LOOP_CLR_FD) = 0 [pid 5950] close(4 [pid 5959] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5949] <... mount resumed>) = 0 [pid 5953] <... ioctl resumed>) = 0 [pid 5949] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5953] close(3 [pid 5949] <... openat resumed>) = 3 [pid 5953] <... close resumed>) = 0 [pid 5949] chdir("./bus" [ 109.772569][ T5949] ext4 filesystem being mounted at /root/syzkaller.22hR0w/33/bus supports timestamps until 2038 (0x7fffffff) [ 109.779231][ T5954] loop4: detected capacity change from 0 to 2048 [ 109.785422][ T948] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [pid 5953] mkdir("./bus", 0777 [pid 5950] <... close resumed>) = 0 [pid 5950] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5950] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5943] <... futex resumed>) = 0 [pid 5943] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... futex resumed>) = 0 [pid 5943] <... futex resumed>) = 1 [pid 5950] chdir("./file0" [pid 5943] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5950] <... chdir resumed>) = 0 [pid 5950] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... chdir resumed>) = 0 [pid 5959] <... write resumed>) = 1048576 [pid 5950] <... futex resumed>) = 1 [pid 5943] <... futex resumed>) = 0 [pid 5943] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5943] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5950] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5959] munmap(0x7f56517c2000, 1048576) = 0 [pid 5959] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5959] ioctl(4, LOOP_SET_FD, 3 [pid 5954] <... mount resumed>) = 0 [pid 5953] <... mkdir resumed>) = 0 [pid 5950] <... openat resumed>) = 4 [pid 5949] ioctl(4, LOOP_CLR_FD [pid 5959] <... ioctl resumed>) = 0 [pid 5959] close(3) = 0 [pid 5959] mkdir("./bus", 0777) = 0 [ 109.834021][ T948] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 109.861404][ T5954] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/32/bus supports timestamps until 2038 (0x7fffffff) [ 109.865302][ T5959] loop3: detected capacity change from 0 to 2048 [pid 5959] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5954] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5954] chdir("./bus") = 0 [pid 5954] ioctl(4, LOOP_CLR_FD) = 0 [pid 5953] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5950] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... ioctl resumed>) = 0 [pid 5954] close(4 [pid 5950] <... futex resumed>) = 1 [pid 5943] <... futex resumed>) = 0 [pid 5954] <... close resumed>) = 0 [pid 5950] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5949] close(4 [pid 5943] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5954] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5950] <... write resumed>) = 262144 [pid 5949] <... close resumed>) = 0 [pid 5948] <... futex resumed>) = 0 [pid 5943] <... futex resumed>) = 0 [pid 5949] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5948] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] <... futex resumed>) = 0 [pid 5943] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] <... futex resumed>) = 0 [pid 5949] chdir("./file0" [pid 5948] <... futex resumed>) = 1 [pid 5944] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] chdir("./file0" [pid 5949] <... chdir resumed>) = 0 [pid 5948] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5944] <... futex resumed>) = 0 [pid 5954] <... chdir resumed>) = 0 [pid 5944] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] <... futex resumed>) = 1 [pid 5949] <... futex resumed>) = 1 [pid 5948] <... futex resumed>) = 0 [pid 5944] <... futex resumed>) = 0 [pid 5954] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5949] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5948] <... futex resumed>) = 0 [pid 5944] <... futex resumed>) = 0 [pid 5954] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5949] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5948] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5944] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] <... openat resumed>) = 4 [pid 5950] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5943] <... futex resumed>) = 0 [pid 5950] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5943] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5949] <... openat resumed>) = 4 [pid 5943] <... futex resumed>) = 0 [pid 5954] <... futex resumed>) = 1 [pid 5950] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5949] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = 0 [pid 5943] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5950] <... mmap resumed>) = 0x20000000 [pid 5949] <... futex resumed>) = 1 [ 109.876989][ T948] EXT4-fs (loop0): This should not happen!! Data will be lost [ 109.876989][ T948] [ 109.895458][ T948] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 109.921261][ T948] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 5948] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] <... futex resumed>) = 0 [pid 5954] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5950] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] <... futex resumed>) = 0 [pid 5944] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5950] <... futex resumed>) = 1 [pid 5949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5948] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5944] <... futex resumed>) = 0 [pid 5943] <... futex resumed>) = 0 [pid 5950] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5944] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5943] <... futex resumed>) = 0 [pid 5950] <... open resumed>) = 5 [pid 5949] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5943] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5950] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5950] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... umount2 resumed>) = 0 [pid 5081] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] lstat("./32/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5943] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5943] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... futex resumed>) = 0 [pid 5943] <... futex resumed>) = 1 [pid 5950] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5943] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5950] <... mount resumed>) = 0 [pid 5950] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5950] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5081] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5081] close(4) = 0 [pid 5081] rmdir("./32/bus") = 0 [pid 5081] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5081] close(3) = 0 [pid 5081] rmdir("./32") = 0 [pid 5081] mkdir("./33", 0777 [pid 5948] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5944] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5943] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5948] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5944] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5944] <... futex resumed>) = 0 [pid 5948] <... mmap resumed>) = 0x7f56518a1000 [pid 5944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5943] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... futex resumed>) = 0 [pid 5948] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 5943] <... futex resumed>) = 1 [pid 5950] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5944] <... mmap resumed>) = 0x7f56518a1000 [pid 5943] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5948] <... mprotect resumed>) = 0 [pid 5950] <... open resumed>) = 6 [pid 5944] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 5950] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] <... mprotect resumed>) = 0 [pid 5950] <... futex resumed>) = 1 [pid 5943] <... futex resumed>) = 0 [pid 5948] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5950] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5944] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5943] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5950] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5943] <... futex resumed>) = 0 [pid 5081] <... mkdir resumed>) = 0 [pid 5948] <... clone resumed>, parent_tid=[5967], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 5967 [pid 5944] <... clone resumed>, parent_tid=[5968], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 5968 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5081] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5081] close(3) = 0 [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5948] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5948] <... futex resumed>) = 0 [pid 5944] <... futex resumed>) = 0 [pid 5948] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5944] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5969 [pid 5954] <... write resumed>) = 262144 [pid 5954] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 109.972983][ T27] audit: type=1800 audit(1678856061.375:199): pid=5950 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop5" ino=19 res=0 errno=0 [ 109.995556][ T5953] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/33/bus supports timestamps until 2038 (0x7fffffff) [ 110.011080][ T5959] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/34/bus supports timestamps until 2038 (0x7fffffff) [pid 5954] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5967 attached ./strace-static-x86_64: Process 5968 attached ./strace-static-x86_64: Process 5969 attached [pid 5968] set_robust_list(0x7f56518c19e0, 24 [pid 5967] set_robust_list(0x7f56518c19e0, 24 [pid 5959] <... mount resumed>) = 0 [pid 5953] <... mount resumed>) = 0 [pid 5950] <... write resumed>) = 262144 [pid 5959] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5953] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5969] set_robust_list(0x555556f1a5e0, 24 [pid 5953] <... openat resumed>) = 3 [pid 5953] chdir("./bus" [pid 5969] <... set_robust_list resumed>) = 0 [pid 5959] <... openat resumed>) = 3 [pid 5953] <... chdir resumed>) = 0 [pid 5953] ioctl(4, LOOP_CLR_FD [pid 5959] chdir("./bus" [pid 5953] <... ioctl resumed>) = 0 [pid 5969] chdir("./33") = 0 [pid 5968] <... set_robust_list resumed>) = 0 [pid 5967] <... set_robust_list resumed>) = 0 [pid 5959] <... chdir resumed>) = 0 [pid 5953] close(4 [pid 5969] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5959] ioctl(4, LOOP_CLR_FD [pid 5953] <... close resumed>) = 0 [pid 5950] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5968] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5949] <... write resumed>) = 262144 [pid 5969] <... prctl resumed>) = 0 [pid 5959] <... ioctl resumed>) = 0 [pid 5953] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... futex resumed>) = 1 [pid 5949] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... futex resumed>) = 0 [pid 5969] setpgid(0, 0 [pid 5968] <... mmap resumed>) = 0x20000000 [pid 5967] <... mmap resumed>) = 0x20000000 [pid 5959] close(4 [pid 5953] <... futex resumed>) = 1 [pid 5951] <... futex resumed>) = 0 [pid 5950] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5949] <... futex resumed>) = 0 [pid 5948] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5944] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5943] exit_group(0 [pid 5969] <... setpgid resumed>) = 0 [pid 5968] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] <... close resumed>) = 0 [pid 5953] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5951] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] <... futex resumed>) = ? [pid 5949] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... exit_group resumed>) = ? [pid 5969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5968] <... futex resumed>) = 0 [pid 5967] <... futex resumed>) = 0 [pid 5959] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] <... futex resumed>) = 0 [pid 5953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5951] <... futex resumed>) = 0 [pid 5950] +++ exited with 0 +++ [pid 5949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5948] <... futex resumed>) = 1 [pid 5944] <... futex resumed>) = 0 [pid 5969] <... openat resumed>) = 3 [pid 5968] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5959] <... futex resumed>) = 1 [pid 5954] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5953] chdir("./file0" [pid 5952] <... futex resumed>) = 0 [pid 5951] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5948] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5944] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] +++ exited with 0 +++ [pid 5969] write(3, "1000", 4 [pid 5959] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] <... open resumed>) = 5 [pid 5953] <... chdir resumed>) = 0 [pid 5952] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... open resumed>) = 5 [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5943, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5969] <... write resumed>) = 4 [pid 5959] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5954] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] <... futex resumed>) = 0 [pid 5949] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5969] close(3 [pid 5959] chdir("./file0" [pid 5954] <... futex resumed>) = 1 [pid 5953] <... futex resumed>) = 1 [pid 5952] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] <... futex resumed>) = 0 [pid 5949] <... futex resumed>) = 1 [pid 5948] <... futex resumed>) = 0 [pid 5944] <... futex resumed>) = 0 [pid 5969] <... close resumed>) = 0 [pid 5959] <... chdir resumed>) = 0 [pid 5954] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5953] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5951] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5969] symlink("/dev/binderfs", "./binderfs" [pid 5959] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5951] <... futex resumed>) = 0 [pid 5949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5948] <... futex resumed>) = 0 [pid 5944] <... futex resumed>) = 0 [pid 5086] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5969] <... symlink resumed>) = 0 [pid 5959] <... futex resumed>) = 1 [pid 5954] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 5953] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5952] <... futex resumed>) = 0 [pid 5951] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 5948] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5944] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5969] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] <... mount resumed>) = 0 [pid 5953] <... openat resumed>) = 4 [pid 5952] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... mount resumed>) = 0 [pid 5086] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5969] <... futex resumed>) = 0 [pid 5959] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5954] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] <... futex resumed>) = 0 [pid 5949] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... openat resumed>) = 3 [pid 5969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5959] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5954] <... futex resumed>) = 1 [pid 5953] <... futex resumed>) = 1 [pid 5952] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] <... futex resumed>) = 0 [pid 5949] <... futex resumed>) = 1 [pid 5948] <... futex resumed>) = 0 [pid 5944] <... futex resumed>) = 0 [pid 5086] fstat(3, [pid 5969] <... mmap resumed>) = 0x7f5659bc2000 [pid 5954] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5953] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5951] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5969] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5954] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5951] <... futex resumed>) = 0 [pid 5949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5969] <... mprotect resumed>) = 0 [pid 5959] <... openat resumed>) = 4 [pid 5954] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5953] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5951] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5948] <... futex resumed>) = 0 [pid 5944] <... futex resumed>) = 0 [pid 5086] getdents64(3, [pid 5969] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5959] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] <... open resumed>) = 6 [pid 5953] <... write resumed>) = 262144 [pid 5949] <... open resumed>) = 6 [pid 5948] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5944] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5969] <... clone resumed>, parent_tid=[5970], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5970 [pid 5959] <... futex resumed>) = 1 [pid 5954] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... futex resumed>) = 0 [pid 5952] <... futex resumed>) = 0 [pid 5948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5944] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5969] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] <... futex resumed>) = 0 [pid 5952] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5969] <... futex resumed>) = 0 [ 110.116321][ T27] audit: type=1800 audit(1678856061.515:200): pid=5949 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop2" ino=19 res=0 errno=0 [pid 5959] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5954] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5953] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] <... futex resumed>) = 0 [pid 5949] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5948] <... futex resumed>) = 0 [pid 5944] <... futex resumed>) = 0 [pid 5086] lstat("./33/binderfs", [pid 5969] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5959] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5953] <... futex resumed>) = 1 [pid 5951] <... futex resumed>) = 0 [pid 5949] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5953] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5952] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5944] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5953] <... mmap resumed>) = 0x20000000 [pid 5951] <... futex resumed>) = 0 [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5953] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] unlink("./33/binderfs" [pid 5953] <... futex resumed>) = 0 [pid 5951] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5949] <... write resumed>) = 262144 [pid 5953] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5951] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... unlink resumed>) = 0 [pid 5953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5951] <... futex resumed>) = 0 [pid 5949] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5953] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5951] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5954] <... write resumed>) = 262144 [pid 5953] <... open resumed>) = 5 [pid 5949] <... futex resumed>) = 1 [pid 5953] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5953] <... futex resumed>) = 1 [pid 5951] <... futex resumed>) = 0 [pid 5953] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5951] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5951] <... futex resumed>) = 0 [pid 5953] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5951] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5953] <... mount resumed>) = 0 [pid 5953] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5951] <... futex resumed>) = 0 [pid 5953] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5951] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5951] <... futex resumed>) = 0 [pid 5953] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5951] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5953] <... open resumed>) = 6 [pid 5953] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5951] <... futex resumed>) = 0 [pid 5953] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5951] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5951] <... futex resumed>) = 0 [pid 5953] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5951] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5959] <... write resumed>) = 262144 [pid 5944] <... futex resumed>) = 0 [pid 5944] exit_group(0./strace-static-x86_64: Process 5970 attached [pid 5949] <... futex resumed>) = ? [pid 5944] <... exit_group resumed>) = ? [pid 5970] set_robust_list(0x7f5659be29e0, 24 [pid 5959] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] +++ exited with 0 +++ [pid 5970] <... set_robust_list resumed>) = 0 [pid 5959] <... futex resumed>) = 1 [pid 5952] <... futex resumed>) = 0 [pid 5970] memfd_create("syzkaller", 0 [pid 5959] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5952] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5970] <... memfd_create resumed>) = 3 [pid 5968] <... futex resumed>) = ? [pid 5959] <... mmap resumed>) = 0x20000000 [pid 5952] <... futex resumed>) = 0 [pid 5970] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5952] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5970] <... mmap resumed>) = 0x7f56517c2000 [pid 5959] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5970] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5959] <... futex resumed>) = 1 [pid 5953] <... write resumed>) = 262144 [pid 5952] <... futex resumed>) = 0 [pid 5959] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5953] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] <... open resumed>) = 5 [pid 5953] <... futex resumed>) = 1 [pid 5952] <... futex resumed>) = 0 [pid 5951] <... futex resumed>) = 0 [pid 5968] +++ exited with 0 +++ [pid 5944] +++ exited with 0 +++ [pid 5959] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 110.204894][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 110.209944][ T27] audit: type=1800 audit(1678856061.515:201): pid=5954 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop4" ino=19 res=0 errno=0 [pid 5952] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5951] exit_group(0 [pid 5948] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5959] <... futex resumed>) = 0 [pid 5954] <... futex resumed>) = 0 [pid 5953] <... futex resumed>) = ? [pid 5952] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5951] <... exit_group resumed>) = ? [pid 5959] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5953] +++ exited with 0 +++ [pid 5952] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] +++ exited with 0 +++ [pid 5959] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5952] <... futex resumed>) = 0 [pid 5959] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 5952] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5959] <... mount resumed>) = 0 [pid 5959] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5952] <... futex resumed>) = 0 [pid 5959] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5952] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5952] <... futex resumed>) = 0 [pid 5959] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5952] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5959] <... open resumed>) = 6 [pid 5959] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5952] <... futex resumed>) = 0 [pid 5959] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5952] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5952] <... futex resumed>) = 0 [pid 5959] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5952] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5948] exit_group(0 [pid 5954] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5944, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5967] <... futex resumed>) = ? [pid 5954] <... futex resumed>) = ? [pid 5948] <... exit_group resumed>) = ? [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5951, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5967] +++ exited with 0 +++ [pid 5954] +++ exited with 0 +++ [pid 5948] +++ exited with 0 +++ [pid 5083] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5948, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] <... openat resumed>) = 3 [pid 5082] <... openat resumed>) = 3 [pid 5085] openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] fstat(3, [pid 5083] fstat(3, [pid 5085] <... openat resumed>) = 3 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] fstat(3, [pid 5082] getdents64(3, [pid 5083] getdents64(3, [pid 5959] <... write resumed>) = 262144 [pid 5959] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] getdents64(3, [pid 5083] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./33/binderfs", [pid 5085] umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] lstat("./33/binderfs", [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5970] <... write resumed>) = 1048576 [pid 5959] <... futex resumed>) = 1 [pid 5952] <... futex resumed>) = 0 [pid 5085] lstat("./32/binderfs", [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] unlink("./33/binderfs" [pid 5959] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5952] exit_group(0 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5083] unlink("./33/binderfs" [pid 5959] <... futex resumed>) = ? [pid 5952] <... exit_group resumed>) = ? [pid 5085] unlink("./32/binderfs" [pid 5082] <... unlink resumed>) = 0 [pid 5959] +++ exited with 0 +++ [pid 5952] +++ exited with 0 +++ [pid 5083] <... unlink resumed>) = 0 [ 110.251811][ T1062] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 110.290445][ T1062] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:6: mark_inode_dirty error [pid 5085] <... unlink resumed>) = 0 [pid 5970] munmap(0x7f56517c2000, 1048576 [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5952, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5083] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5970] <... munmap resumed>) = 0 [ 110.308490][ T1062] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 110.322814][ T1062] EXT4-fs (loop5): This should not happen!! Data will be lost [ 110.322814][ T1062] [ 110.333046][ T948] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 5970] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5970] ioctl(4, LOOP_SET_FD, 3 [ 110.347808][ T11] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 110.348675][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 110.361320][ T75] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 110.374191][ T948] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 110.388673][ T11] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5084] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5084] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5084] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5970] <... ioctl resumed>) = 0 [pid 5970] close(3 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5970] <... close resumed>) = 0 [pid 5084] lstat("./34/binderfs", [pid 5970] mkdir("./bus", 0777 [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5970] <... mkdir resumed>) = 0 [pid 5084] unlink("./34/binderfs") = 0 [pid 5970] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [ 110.408202][ T5970] loop0: detected capacity change from 0 to 2048 [ 110.410285][ T75] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 110.415591][ T11] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 110.449523][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 110.460957][ T11] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 110.475780][ T948] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [ 110.479386][ T9] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 5084] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] <... umount2 resumed>) = 0 [pid 5086] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 110.488715][ T948] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 110.513631][ T75] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [ 110.533940][ T11] EXT4-fs (loop1): This should not happen!! Data will be lost [ 110.533940][ T11] [ 110.536632][ T75] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5086] lstat("./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./33/bus") = 0 [pid 5086] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./33") = 0 [pid 5086] mkdir("./34", 0777) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5086] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5086] close(3) = 0 [pid 5970] <... mount resumed>) = 0 [ 110.558052][ T9] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 110.570772][ T75] EXT4-fs (loop4): This should not happen!! Data will be lost [ 110.570772][ T75] [ 110.582118][ T5970] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/33/bus supports timestamps until 2038 (0x7fffffff) [ 110.593829][ T9] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5970] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5970] chdir("./bus") = 0 [pid 5970] ioctl(4, LOOP_CLR_FD) = 0 [pid 5970] close(4) = 0 [ 110.608184][ T9] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 110.616015][ T75] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 110.621521][ T9] EXT4-fs (loop3): This should not happen!! Data will be lost [ 110.621521][ T9] [ 110.644722][ T11] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5970] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5974 attached ) = 1 [pid 5969] <... futex resumed>) = 0 [pid 5970] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5969] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5970] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5969] <... futex resumed>) = 0 [pid 5970] chdir("./file0" [pid 5969] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5970] <... chdir resumed>) = 0 [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5974 [pid 5970] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5974] set_robust_list(0x555556f1a5e0, 24 [pid 5970] <... futex resumed>) = 1 [pid 5969] <... futex resumed>) = 0 [pid 5974] <... set_robust_list resumed>) = 0 [pid 5970] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5969] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5970] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5969] <... futex resumed>) = 0 [pid 5970] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5969] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5970] <... openat resumed>) = 4 [pid 5970] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5969] <... futex resumed>) = 0 [pid 5970] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5969] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5970] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5969] <... futex resumed>) = 0 [pid 5974] chdir("./34" [ 110.645141][ T9] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 110.672333][ T948] EXT4-fs (loop2): This should not happen!! Data will be lost [ 110.672333][ T948] [ 110.682204][ T9] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 5970] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5969] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5974] <... chdir resumed>) = 0 [pid 5974] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5970] <... write resumed>) = 262144 [pid 5970] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5969] <... futex resumed>) = 0 [pid 5969] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5970] <... futex resumed>) = 1 [pid 5969] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5970] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5974] setpgid(0, 0) = 0 [pid 5974] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [ 110.698279][ T948] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 110.712562][ T948] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 110.725928][ T75] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 110.743939][ T11] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5970] <... mmap resumed>) = 0x20000000 [pid 5974] <... openat resumed>) = 3 [pid 5974] write(3, "1000", 4) = 4 [pid 5974] close(3) = 0 [pid 5974] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5970] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5969] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5974] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... umount2 resumed>) = 0 [pid 5974] <... futex resumed>) = 0 [pid 5974] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5970] <... futex resumed>) = 0 [pid 5969] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5974] <... mmap resumed>) = 0x7f5659bc2000 [pid 5969] <... futex resumed>) = 0 [pid 5085] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5974] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5969] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5974] <... mprotect resumed>) = 0 [pid 5970] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5974] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5976], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5976 [pid 5974] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5974] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5970] <... open resumed>) = 5 [pid 5085] lstat("./32/bus", [pid 5970] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5976 attached ) = 1 [pid 5969] <... futex resumed>) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] <... umount2 resumed>) = 0 [pid 5976] set_robust_list(0x7f5659be29e0, 24 [pid 5970] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5969] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] umount2("./32/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5969] <... futex resumed>) = 0 [pid 5969] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5976] <... set_robust_list resumed>) = 0 [pid 5970] <... mount resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5970] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] openat(AT_FDCWD, "./32/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5969] <... futex resumed>) = 0 [pid 5970] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5969] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5970] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5969] <... futex resumed>) = 0 [pid 5970] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5969] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... openat resumed>) = 4 [pid 5970] <... open resumed>) = 6 [pid 5085] fstat(4, [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... umount2 resumed>) = 0 [pid 5976] memfd_create("syzkaller", 0 [pid 5970] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] lstat("./34/bus", [pid 5970] <... futex resumed>) = 1 [pid 5969] <... futex resumed>) = 0 [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5976] <... memfd_create resumed>) = 3 [pid 5085] getdents64(4, [pid 5970] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5969] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5970] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5969] <... futex resumed>) = 0 [pid 5085] getdents64(4, [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./33/bus", [pid 5976] <... mmap resumed>) = 0x7f56517c2000 [pid 5970] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5969] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5084] openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] <... openat resumed>) = 4 [pid 5082] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] fstat(4, [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5084] getdents64(4, [pid 5082] <... openat resumed>) = 4 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5082] fstat(4, [pid 5084] getdents64(4, [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] getdents64(4, [pid 5084] close(4 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5085] close(4 [pid 5084] <... close resumed>) = 0 [pid 5082] getdents64(4, [pid 5085] <... close resumed>) = 0 [pid 5084] rmdir("./34/bus" [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5085] rmdir("./32/bus" [pid 5084] <... rmdir resumed>) = 0 [pid 5082] close(4 [pid 5084] getdents64(3, [pid 5082] <... close resumed>) = 0 [pid 5085] <... rmdir resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] rmdir("./33/bus" [pid 5085] getdents64(3, [pid 5084] close(3 [pid 5082] <... rmdir resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5084] <... close resumed>) = 0 [pid 5082] getdents64(3, [pid 5085] close(3 [pid 5084] rmdir("./34" [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5970] <... write resumed>) = 262144 [pid 5085] <... close resumed>) = 0 [pid 5084] <... rmdir resumed>) = 0 [pid 5083] <... umount2 resumed>) = 0 [pid 5082] close(3 [pid 5970] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] rmdir("./32" [pid 5084] mkdir("./35", 0777 [pid 5082] <... close resumed>) = 0 [pid 5083] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5970] <... futex resumed>) = 1 [pid 5969] <... futex resumed>) = 0 [pid 5085] <... rmdir resumed>) = 0 [pid 5084] <... mkdir resumed>) = 0 [pid 5082] rmdir("./33" [pid 5970] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5969] exit_group(0 [pid 5085] mkdir("./33", 0777 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... rmdir resumed>) = 0 [pid 5969] <... exit_group resumed>) = ? [pid 5084] <... openat resumed>) = 3 [pid 5082] mkdir("./34", 0777 [pid 5970] <... futex resumed>) = ? [pid 5085] <... mkdir resumed>) = 0 [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5083] lstat("./33/bus", [pid 5082] <... mkdir resumed>) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5085] <... openat resumed>) = 3 [pid 5084] close(3 [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... openat resumed>) = 3 [pid 5976] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5085] ioctl(3, LOOP_CLR_FD [pid 5084] <... close resumed>) = 0 [pid 5083] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] ioctl(3, LOOP_CLR_FD [pid 5970] +++ exited with 0 +++ [pid 5969] +++ exited with 0 +++ [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] close(3 [pid 5083] openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5085] <... close resumed>) = 0 [pid 5083] <... openat resumed>) = 4 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5969, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5083] fstat(4, [pid 5081] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5977 [pid 5083] getdents64(4, [pid 5081] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5082] close(3 [pid 5081] <... openat resumed>) = 3 [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5978 [pid 5083] getdents64(4, [pid 5081] fstat(3, [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] <... close resumed>) = 0 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] close(4 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5081] getdents64(3, [pid 5083] <... close resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 ./strace-static-x86_64: Process 5978 attached ./strace-static-x86_64: Process 5977 attached [pid 5083] rmdir("./33/bus" [pid 5081] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... rmdir resumed>) = 0 [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5979 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] getdents64(3, [pid 5081] lstat("./33/binderfs", [pid 5977] set_robust_list(0x555556f1a5e0, 24 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 ./strace-static-x86_64: Process 5979 attached [pid 5978] set_robust_list(0x555556f1a5e0, 24 [pid 5977] <... set_robust_list resumed>) = 0 [pid 5083] close(3 [pid 5081] unlink("./33/binderfs" [pid 5979] set_robust_list(0x555556f1a5e0, 24 [pid 5978] <... set_robust_list resumed>) = 0 [pid 5977] chdir("./33" [pid 5976] <... write resumed>) = 1048576 [pid 5083] <... close resumed>) = 0 [pid 5081] <... unlink resumed>) = 0 [pid 5979] <... set_robust_list resumed>) = 0 [pid 5978] chdir("./35" [pid 5977] <... chdir resumed>) = 0 [pid 5083] rmdir("./33" [pid 5081] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5979] chdir("./34" [pid 5978] <... chdir resumed>) = 0 [pid 5977] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5976] munmap(0x7f56517c2000, 1048576 [pid 5083] <... rmdir resumed>) = 0 [pid 5979] <... chdir resumed>) = 0 [pid 5978] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5977] <... prctl resumed>) = 0 [pid 5976] <... munmap resumed>) = 0 [pid 5083] mkdir("./34", 0777 [pid 5979] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5978] <... prctl resumed>) = 0 [pid 5977] setpgid(0, 0 [pid 5976] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5083] <... mkdir resumed>) = 0 [pid 5979] <... prctl resumed>) = 0 [pid 5978] setpgid(0, 0 [pid 5977] <... setpgid resumed>) = 0 [pid 5976] <... openat resumed>) = 4 [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5979] setpgid(0, 0 [pid 5978] <... setpgid resumed>) = 0 [pid 5977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5976] ioctl(4, LOOP_SET_FD, 3 [pid 5083] <... openat resumed>) = 3 [pid 5979] <... setpgid resumed>) = 0 [pid 5978] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5977] <... openat resumed>) = 3 [pid 5976] <... ioctl resumed>) = 0 [pid 5083] ioctl(3, LOOP_CLR_FD [pid 5979] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5978] <... openat resumed>) = 3 [pid 5977] write(3, "1000", 4 [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5979] <... openat resumed>) = 3 [pid 5978] write(3, "1000", 4 [pid 5977] <... write resumed>) = 4 [pid 5083] close(3 [pid 5979] write(3, "1000", 4 [pid 5978] <... write resumed>) = 4 [pid 5977] close(3 [pid 5083] <... close resumed>) = 0 [pid 5979] <... write resumed>) = 4 [pid 5978] close(3 [pid 5977] <... close resumed>) = 0 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 5980 [pid 5979] close(3 [pid 5978] <... close resumed>) = 0 [pid 5977] symlink("/dev/binderfs", "./binderfs" [pid 5979] <... close resumed>) = 0 [pid 5978] symlink("/dev/binderfs", "./binderfs" [ 110.946195][ T1062] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 110.970962][ T5976] loop5: detected capacity change from 0 to 2048 [pid 5976] close(3./strace-static-x86_64: Process 5980 attached [pid 5979] symlink("/dev/binderfs", "./binderfs" [pid 5977] <... symlink resumed>) = 0 [pid 5978] <... symlink resumed>) = 0 [pid 5976] <... close resumed>) = 0 [pid 5980] set_robust_list(0x555556f1a5e0, 24 [pid 5979] <... symlink resumed>) = 0 [pid 5978] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] mkdir("./bus", 0777 [pid 5980] <... set_robust_list resumed>) = 0 [pid 5979] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5976] <... mkdir resumed>) = 0 [pid 5980] chdir("./34" [pid 5979] <... futex resumed>) = 0 [pid 5978] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5976] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5980] <... chdir resumed>) = 0 [pid 5980] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5980] setpgid(0, 0) = 0 [pid 5980] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5980] write(3, "1000", 4) = 4 [pid 5980] close(3 [pid 5979] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5980] <... close resumed>) = 0 [pid 5979] <... mmap resumed>) = 0x7f5659bc2000 [pid 5978] <... mmap resumed>) = 0x7f5659bc2000 [pid 5977] <... mmap resumed>) = 0x7f5659bc2000 [pid 5980] symlink("/dev/binderfs", "./binderfs" [pid 5979] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5978] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5977] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5980] <... symlink resumed>) = 0 [pid 5979] <... mprotect resumed>) = 0 [pid 5980] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5979] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5978] <... mprotect resumed>) = 0 [pid 5977] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 5981 attached [pid 5980] <... futex resumed>) = 0 [pid 5978] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5977] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5981] set_robust_list(0x7f5659be29e0, 24 [pid 5979] <... clone resumed>, parent_tid=[5981], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5981 [pid 5981] <... set_robust_list resumed>) = 0 [pid 5979] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... clone resumed>, parent_tid=[5982], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5982 [pid 5977] <... clone resumed>, parent_tid=[5983], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5983 [pid 5981] memfd_create("syzkaller", 0 [pid 5979] <... futex resumed>) = 0 [pid 5978] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... memfd_create resumed>) = 3 [pid 5979] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5981] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5978] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5977] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5981] <... mmap resumed>) = 0x7f56517c2000 [ 110.992731][ T1062] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 111.027831][ T1062] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:6: mark_inode_dirty error [pid 5980] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 5983 attached ./strace-static-x86_64: Process 5982 attached [pid 5981] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5980] <... mmap resumed>) = 0x7f5659bc2000 [pid 5983] set_robust_list(0x7f5659be29e0, 24 [pid 5982] set_robust_list(0x7f5659be29e0, 24 [pid 5983] <... set_robust_list resumed>) = 0 [pid 5982] <... set_robust_list resumed>) = 0 [pid 5980] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5983] memfd_create("syzkaller", 0 [pid 5982] memfd_create("syzkaller", 0 [pid 5980] <... mprotect resumed>) = 0 [pid 5980] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5983] <... memfd_create resumed>) = 3 [pid 5982] <... memfd_create resumed>) = 3 [pid 5981] <... write resumed>) = 1048576 [pid 5981] munmap(0x7f56517c2000, 1048576) = 0 [pid 5981] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5981] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5981] close(3) = 0 [pid 5982] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [ 111.042111][ T1062] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 111.056670][ T1062] EXT4-fs (loop0): This should not happen!! Data will be lost [ 111.056670][ T1062] [ 111.072828][ T5976] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/34/bus supports timestamps until 2038 (0x7fffffff) [ 111.075919][ T5981] loop1: detected capacity change from 0 to 2048 [pid 5981] mkdir("./bus", 0777 [pid 5983] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5982] <... mmap resumed>) = 0x7f56517c2000 [pid 5981] <... mkdir resumed>) = 0 [pid 5983] <... mmap resumed>) = 0x7f56517c2000 [pid 5981] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5980] <... clone resumed>, parent_tid=[5986], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5986 ./strace-static-x86_64: Process 5986 attached [pid 5980] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... mount resumed>) = 0 [pid 5986] set_robust_list(0x7f5659be29e0, 24 [pid 5980] <... futex resumed>) = 0 [pid 5976] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5986] <... set_robust_list resumed>) = 0 [pid 5983] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5982] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5980] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5976] <... openat resumed>) = 3 [pid 5986] memfd_create("syzkaller", 0 [pid 5983] <... write resumed>) = 1048576 [pid 5976] chdir("./bus" [pid 5986] <... memfd_create resumed>) = 3 [pid 5976] <... chdir resumed>) = 0 [pid 5986] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5976] ioctl(4, LOOP_CLR_FD [pid 5986] <... mmap resumed>) = 0x7f56517c2000 [pid 5976] <... ioctl resumed>) = 0 [pid 5976] close(4) = 0 [pid 5976] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5976] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5976] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] <... futex resumed>) = 0 [pid 5983] munmap(0x7f56517c2000, 1048576 [pid 5982] <... write resumed>) = 1048576 [ 111.094936][ T1062] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 111.115766][ T1062] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [pid 5986] <... write resumed>) = 1048576 [pid 5983] <... munmap resumed>) = 0 [pid 5982] munmap(0x7f56517c2000, 1048576 [pid 5976] chdir("./file0" [pid 5974] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5983] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5982] <... munmap resumed>) = 0 [pid 5976] <... chdir resumed>) = 0 [pid 5986] munmap(0x7f56517c2000, 1048576 [pid 5983] <... openat resumed>) = 4 [pid 5982] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5976] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... munmap resumed>) = 0 [pid 5983] ioctl(4, LOOP_SET_FD, 3 [pid 5982] <... openat resumed>) = 4 [pid 5981] <... mount resumed>) = 0 [pid 5976] <... futex resumed>) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5986] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5981] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5976] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... openat resumed>) = 4 [pid 5982] ioctl(4, LOOP_SET_FD, 3 [pid 5981] <... openat resumed>) = 3 [pid 5976] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] <... futex resumed>) = 0 [pid 5986] ioctl(4, LOOP_SET_FD, 3 [pid 5981] chdir("./bus" [pid 5976] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5974] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5986] <... ioctl resumed>) = 0 [pid 5981] <... chdir resumed>) = 0 [pid 5976] <... openat resumed>) = 4 [pid 5981] ioctl(4, LOOP_CLR_FD [pid 5976] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... ioctl resumed>) = 0 [pid 5976] <... futex resumed>) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5981] close(4 [pid 5976] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... close resumed>) = 0 [pid 5976] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] <... futex resumed>) = 0 [pid 5981] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5974] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5986] close(3 [pid 5983] <... ioctl resumed>) = 0 [pid 5982] <... ioctl resumed>) = 0 [pid 5981] <... futex resumed>) = 1 [pid 5979] <... futex resumed>) = 0 [pid 5081] <... umount2 resumed>) = 0 [pid 5986] <... close resumed>) = 0 [pid 5983] close(3 [pid 5982] close(3 [pid 5981] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5979] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5986] mkdir("./bus", 0777 [pid 5983] <... close resumed>) = 0 [pid 5982] <... close resumed>) = 0 [pid 5981] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5979] <... futex resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5986] <... mkdir resumed>) = 0 [pid 5983] mkdir("./bus", 0777 [pid 5982] mkdir("./bus", 0777 [pid 5981] chdir("./file0" [pid 5979] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5976] <... write resumed>) = 262144 [ 111.178570][ T5981] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/34/bus supports timestamps until 2038 (0x7fffffff) [ 111.203388][ T5983] loop4: detected capacity change from 0 to 2048 [ 111.204492][ T5986] loop2: detected capacity change from 0 to 2048 [ 111.210922][ T5982] loop3: detected capacity change from 0 to 2048 [pid 5081] lstat("./33/bus", [pid 5986] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5983] <... mkdir resumed>) = 0 [pid 5982] <... mkdir resumed>) = 0 [pid 5981] <... chdir resumed>) = 0 [pid 5976] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5983] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5982] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5981] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5081] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5981] <... futex resumed>) = 1 [pid 5979] <... futex resumed>) = 0 [pid 5976] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5979] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] <... futex resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5981] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5979] <... futex resumed>) = 0 [pid 5976] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5974] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5981] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5979] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5976] <... mmap resumed>) = 0x20000000 [pid 5981] <... openat resumed>) = 4 [pid 5976] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... openat resumed>) = 4 [pid 5981] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5081] fstat(4, [pid 5981] <... futex resumed>) = 1 [pid 5979] <... futex resumed>) = 0 [pid 5976] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5981] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5979] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] <... futex resumed>) = 0 [pid 5981] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5979] <... futex resumed>) = 0 [pid 5976] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5974] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] getdents64(4, [pid 5981] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5979] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5976] <... open resumed>) = 5 [pid 5981] <... write resumed>) = 262144 [pid 5976] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5976] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5976] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] <... futex resumed>) = 0 [pid 5976] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5974] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] getdents64(4, [pid 5976] <... mount resumed>) = 0 [pid 5976] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5976] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] <... futex resumed>) = 0 [pid 5976] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5974] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5976] <... open resumed>) = 6 [pid 5976] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5976] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5974] <... futex resumed>) = 0 [pid 5976] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5974] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5986] <... mount resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5986] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5081] close(4 [pid 5976] <... write resumed>) = 262144 [pid 5081] <... close resumed>) = 0 [pid 5981] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... futex resumed>) = 1 [pid 5081] rmdir("./33/bus" [pid 5981] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5976] <... futex resumed>) = 1 [pid 5974] <... futex resumed>) = 0 [pid 5979] <... futex resumed>) = 0 [pid 5974] exit_group(0 [pid 5081] <... rmdir resumed>) = 0 [pid 5976] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] <... mount resumed>) = 0 [pid 5979] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... futex resumed>) = ? [pid 5974] <... exit_group resumed>) = ? [pid 5081] getdents64(3, [pid 5979] <... futex resumed>) = 1 [pid 5979] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5986] <... openat resumed>) = 3 [pid 5986] chdir("./bus") = 0 [pid 5986] ioctl(4, LOOP_CLR_FD) = 0 [pid 5986] close(4) = 0 [pid 5983] <... mount resumed>) = 0 [pid 5982] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5981] <... futex resumed>) = 0 [pid 5976] +++ exited with 0 +++ [pid 5974] +++ exited with 0 +++ [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5986] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5982] <... openat resumed>) = 3 [pid 5981] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5974, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5081] close(3 [pid 5986] <... futex resumed>) = 1 [pid 5983] <... openat resumed>) = 3 [pid 5982] chdir("./bus" [pid 5981] <... mmap resumed>) = 0x20000000 [pid 5980] <... futex resumed>) = 0 [pid 5081] <... close resumed>) = 0 [pid 5986] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5983] chdir("./bus" [pid 5982] <... chdir resumed>) = 0 [pid 5981] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5980] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] rmdir("./33" [pid 5986] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5983] <... chdir resumed>) = 0 [pid 5982] ioctl(4, LOOP_CLR_FD [pid 5981] <... futex resumed>) = 1 [pid 5980] <... futex resumed>) = 0 [pid 5979] <... futex resumed>) = 0 [pid 5086] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... rmdir resumed>) = 0 [pid 5986] chdir("./file0" [pid 5983] ioctl(4, LOOP_CLR_FD [pid 5982] <... ioctl resumed>) = 0 [pid 5981] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] mkdir("./34", 0777 [pid 5986] <... chdir resumed>) = 0 [pid 5983] <... ioctl resumed>) = 0 [pid 5982] close(4 [pid 5981] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5979] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5081] <... mkdir resumed>) = 0 [pid 5986] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] close(4 [pid 5982] <... close resumed>) = 0 [pid 5981] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5086] <... openat resumed>) = 3 [ 111.276000][ T5986] ext4 filesystem being mounted at /root/syzkaller.22hR0w/34/bus supports timestamps until 2038 (0x7fffffff) [ 111.291346][ T5982] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/35/bus supports timestamps until 2038 (0x7fffffff) [ 111.312839][ T5983] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/33/bus supports timestamps until 2038 (0x7fffffff) [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5986] <... futex resumed>) = 1 [pid 5983] <... close resumed>) = 0 [pid 5982] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... open resumed>) = 5 [pid 5980] <... futex resumed>) = 0 [pid 5979] <... futex resumed>) = 0 [pid 5086] fstat(3, [pid 5081] <... openat resumed>) = 3 [pid 5986] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5983] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] <... futex resumed>) = 1 [pid 5981] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5980] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... futex resumed>) = 0 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] ioctl(3, LOOP_CLR_FD [pid 5986] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5983] <... futex resumed>) = 1 [pid 5982] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5981] <... futex resumed>) = 0 [pid 5980] <... futex resumed>) = 0 [pid 5979] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5978] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] <... futex resumed>) = 0 [pid 5086] getdents64(3, [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5986] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5983] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5981] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5979] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5978] <... futex resumed>) = 0 [pid 5977] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] close(3 [pid 5986] <... openat resumed>) = 4 [pid 5983] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5982] chdir("./file0" [pid 5979] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] <... futex resumed>) = 0 [pid 5086] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... close resumed>) = 0 [pid 5986] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] chdir("./file0" [pid 5982] <... chdir resumed>) = 0 [pid 5981] <... futex resumed>) = 0 [pid 5979] <... futex resumed>) = 1 [pid 5977] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5986] <... futex resumed>) = 1 [pid 5983] <... chdir resumed>) = 0 [pid 5982] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5980] <... futex resumed>) = 0 [pid 5979] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] lstat("./34/binderfs", [pid 5986] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5983] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] <... futex resumed>) = 1 [pid 5981] <... mount resumed>) = 0 [pid 5980] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... futex resumed>) = 0 [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 5995 [pid 5986] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5983] <... futex resumed>) = 1 [pid 5982] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5981] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5980] <... futex resumed>) = 0 [pid 5978] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] <... futex resumed>) = 0 [pid 5086] unlink("./34/binderfs" [pid 5986] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5983] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5981] <... futex resumed>) = 1 [pid 5980] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5979] <... futex resumed>) = 0 [pid 5978] <... futex resumed>) = 0 [pid 5977] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... unlink resumed>) = 0 [pid 5986] <... write resumed>) = 262144 [pid 5983] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5982] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5981] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5979] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] <... futex resumed>) = 0 [pid 5086] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5995 attached [pid 5986] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5982] <... openat resumed>) = 4 [pid 5981] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5979] <... futex resumed>) = 0 [pid 5977] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5995] set_robust_list(0x555556f1a5e0, 24 [pid 5986] <... futex resumed>) = 1 [pid 5983] <... openat resumed>) = 4 [pid 5982] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5980] <... futex resumed>) = 0 [pid 5979] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5995] <... set_robust_list resumed>) = 0 [pid 5986] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5983] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] <... futex resumed>) = 1 [pid 5981] <... open resumed>) = 6 [pid 5980] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... futex resumed>) = 0 [pid 5995] chdir("./34" [pid 5986] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5983] <... futex resumed>) = 1 [pid 5982] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5981] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5980] <... futex resumed>) = 0 [pid 5978] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] <... futex resumed>) = 0 [pid 5995] <... chdir resumed>) = 0 [pid 5986] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5983] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5981] <... futex resumed>) = 1 [pid 5980] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5979] <... futex resumed>) = 0 [pid 5978] <... futex resumed>) = 0 [pid 5977] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5986] <... mmap resumed>) = 0x20000000 [pid 5983] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5982] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5981] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5979] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] <... futex resumed>) = 0 [pid 5995] <... prctl resumed>) = 0 [pid 5986] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5979] <... futex resumed>) = 0 [pid 5995] setpgid(0, 0 [pid 5986] <... futex resumed>) = 1 [pid 5979] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5995] <... setpgid resumed>) = 0 [pid 5986] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 111.395280][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [pid 5995] write(3, "1000", 4) = 4 [pid 5995] close(3) = 0 [pid 5995] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5981] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5977] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5995] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5980] <... futex resumed>) = 0 [pid 5995] <... futex resumed>) = 0 [pid 5995] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5995] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5995] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5996], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 5996 [pid 5995] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5980] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5986] <... futex resumed>) = 0 [pid 5980] <... futex resumed>) = 1 [pid 5986] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5980] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5986] <... open resumed>) = 5 [pid 5986] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5980] <... futex resumed>) = 0 [pid 5986] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5980] <... futex resumed>) = 0 [pid 5986] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 5980] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5986] <... mount resumed>) = 0 [pid 5986] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5980] <... futex resumed>) = 0 [pid 5986] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5980] <... futex resumed>) = 0 [pid 5986] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5980] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5986] <... open resumed>) = 6 [pid 5986] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5980] <... futex resumed>) = 0 [pid 5986] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5986] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5980] <... futex resumed>) = 0 [pid 5986] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5980] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5996 attached [pid 5983] <... write resumed>) = 262144 [pid 5982] <... write resumed>) = 262144 [pid 5981] <... write resumed>) = 262144 [pid 5979] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5986] <... write resumed>) = 262144 [pid 5996] set_robust_list(0x7f5659be29e0, 24 [pid 5986] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... set_robust_list resumed>) = 0 [pid 5986] <... futex resumed>) = 1 [pid 5983] <... futex resumed>) = 1 [pid 5982] <... futex resumed>) = 1 [pid 5981] <... futex resumed>) = 0 [pid 5980] <... futex resumed>) = 0 [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5996] memfd_create("syzkaller", 0 [pid 5983] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5981] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5978] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... memfd_create resumed>) = 3 [pid 5983] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5982] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5983] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5982] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5978] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] <... mmap resumed>) = 0x7f56517c2000 [pid 5983] <... mmap resumed>) = 0x20000000 [pid 5982] <... mmap resumed>) = 0x20000000 [pid 5996] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5986] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5983] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5980] exit_group(0 [pid 5979] exit_group(0 [pid 5983] <... futex resumed>) = 1 [pid 5982] <... futex resumed>) = 1 [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5983] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5978] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5982] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5983] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5982] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5978] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5986] <... futex resumed>) = ? [pid 5983] <... open resumed>) = 5 [pid 5982] <... open resumed>) = 5 [pid 5981] <... futex resumed>) = ? [pid 5980] <... exit_group resumed>) = ? [pid 5979] <... exit_group resumed>) = ? [pid 5983] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] +++ exited with 0 +++ [pid 5983] <... futex resumed>) = 1 [pid 5982] <... futex resumed>) = 1 [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5983] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5978] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5982] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5983] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 5982] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 5978] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5986] +++ exited with 0 +++ [pid 5983] <... mount resumed>) = 0 [pid 5982] <... mount resumed>) = 0 [pid 5980] +++ exited with 0 +++ [pid 5983] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5980, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5983] <... futex resumed>) = 1 [pid 5982] <... futex resumed>) = 1 [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5983] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5978] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5982] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5083] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5983] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5982] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5978] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5996] <... write resumed>) = 1048576 [pid 5983] <... open resumed>) = 6 [pid 5982] <... open resumed>) = 6 [pid 5083] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5996] munmap(0x7f56517c2000, 1048576 [pid 5983] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... openat resumed>) = 3 [pid 5996] <... munmap resumed>) = 0 [pid 5983] <... futex resumed>) = 1 [pid 5982] <... futex resumed>) = 1 [pid 5979] +++ exited with 0 +++ [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5083] fstat(3, [pid 5996] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5983] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5978] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5979, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5996] <... openat resumed>) = 4 [pid 5983] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5982] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5083] getdents64(3, [ 111.496061][ T1062] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 111.507922][ T1062] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:6: mark_inode_dirty error [ 111.521769][ T1062] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 111.535543][ T1062] EXT4-fs (loop5): This should not happen!! Data will be lost [ 111.535543][ T1062] [pid 5996] ioctl(4, LOOP_SET_FD, 3 [pid 5983] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5982] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5978] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5977] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] lstat("./34/binderfs", [pid 5082] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] <... openat resumed>) = 3 [pid 5083] unlink("./34/binderfs" [pid 5082] fstat(3, [pid 5983] <... write resumed>) = 262144 [pid 5982] <... write resumed>) = 262144 [pid 5083] <... unlink resumed>) = 0 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5983] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5982] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [ 111.566692][ T5996] loop0: detected capacity change from 0 to 2048 [ 111.576066][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 111.600386][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [pid 5083] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] getdents64(3, [pid 5996] <... ioctl resumed>) = 0 [pid 5983] <... futex resumed>) = 1 [pid 5982] <... futex resumed>) = 1 [pid 5978] <... futex resumed>) = 0 [pid 5977] <... futex resumed>) = 0 [pid 5996] close(3) = 0 [pid 5996] mkdir("./bus", 0777) = 0 [pid 5996] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5983] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5982] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5978] exit_group(0 [pid 5977] exit_group(0 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5086] <... umount2 resumed>) = 0 [ 111.619632][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 111.635652][ T11] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 111.646103][ T11] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [pid 5086] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./34/bus", [pid 5978] <... exit_group resumed>) = ? [pid 5977] <... exit_group resumed>) = ? [pid 5082] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5983] <... futex resumed>) = ? [pid 5982] <... futex resumed>) = ? [pid 5983] +++ exited with 0 +++ [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5982] +++ exited with 0 +++ [pid 5978] +++ exited with 0 +++ [pid 5977] +++ exited with 0 +++ [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 111.659326][ T11] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 111.678415][ T11] EXT4-fs (loop2): This should not happen!! Data will be lost [ 111.678415][ T11] [ 111.679648][ T5996] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/34/bus supports timestamps until 2038 (0x7fffffff) [ 111.690284][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5086] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5977, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5978, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5082] lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] unlink("./34/binderfs" [pid 5085] umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... unlink resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5084] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5085] <... openat resumed>) = 3 [pid 5084] <... openat resumed>) = 3 [pid 5085] fstat(3, [pid 5084] fstat(3, [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, [pid 5084] getdents64(3, [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5085] umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./33/binderfs", [pid 5084] lstat("./35/binderfs", [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./33/binderfs" [pid 5084] unlink("./35/binderfs" [pid 5085] <... unlink resumed>) = 0 [pid 5084] <... unlink resumed>) = 0 [pid 5085] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5996] <... mount resumed>) = 0 [pid 5086] getdents64(4, [pid 5996] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5996] <... openat resumed>) = 3 [pid 5086] getdents64(4, [pid 5996] chdir("./bus" [pid 5086] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5996] <... chdir resumed>) = 0 [pid 5086] close(4 [pid 5996] ioctl(4, LOOP_CLR_FD [pid 5086] <... close resumed>) = 0 [pid 5996] <... ioctl resumed>) = 0 [pid 5086] rmdir("./34/bus" [pid 5996] close(4 [pid 5086] <... rmdir resumed>) = 0 [pid 5996] <... close resumed>) = 0 [pid 5086] getdents64(3, [pid 5996] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5996] <... futex resumed>) = 1 [pid 5995] <... futex resumed>) = 0 [pid 5086] close(3 [pid 5996] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... close resumed>) = 0 [pid 5996] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5995] <... futex resumed>) = 0 [pid 5086] rmdir("./34" [pid 5996] chdir("./file0" [pid 5995] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... rmdir resumed>) = 0 [ 111.713347][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 111.727305][ T1062] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 111.757582][ T948] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 5086] mkdir("./35", 0777 [pid 5996] <... chdir resumed>) = 0 [pid 5086] <... mkdir resumed>) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5086] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5086] close(3) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 5999 [pid 5996] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5995] <... futex resumed>) = 0 [pid 5995] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5995] <... futex resumed>) = 0 [pid 5995] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] <... openat resumed>) = 4 [pid 5996] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5995] <... futex resumed>) = 0 [pid 5996] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5995] <... futex resumed>) = 0 [pid 5996] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 111.771661][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 111.791153][ T1062] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5995] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] <... write resumed>) = 262144 ./strace-static-x86_64: Process 5999 attached [pid 5999] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 5999] chdir("./35") = 0 [pid 5999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5999] setpgid(0, 0) = 0 [pid 5999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] <... umount2 resumed>) = 0 [pid 5999] write(3, "1000", 4) = 4 [pid 5999] close(3) = 0 [pid 5999] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5999] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5999] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5999] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6000], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6000 [pid 5999] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5995] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... futex resumed>) = 0 [pid 5995] <... futex resumed>) = 0 [pid 5999] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5995] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5083] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5995] <... mmap resumed>) = 0x7f56518a1000 [pid 5995] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6000 attached [pid 5995] <... mprotect resumed>) = 0 [pid 5995] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5083] lstat("./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5996] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] <... clone resumed>, parent_tid=[6001], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 6001 [pid 5995] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5995] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] set_robust_list(0x7f5659be29e0, 24 [pid 5083] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6000] <... set_robust_list resumed>) = 0 [pid 6000] memfd_create("syzkaller", 0 [pid 5996] <... futex resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5996] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 6001 attached [pid 6000] <... memfd_create resumed>) = 3 [pid 6001] set_robust_list(0x7f56518c19e0, 24 [pid 6000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5083] <... openat resumed>) = 4 [pid 6001] <... set_robust_list resumed>) = 0 [pid 6000] <... mmap resumed>) = 0x7f56517c2000 [pid 6001] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5083] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5083] getdents64(4, [pid 6001] <... mmap resumed>) = 0x20000000 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6001] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] close(4 [pid 6001] <... futex resumed>) = 1 [pid 5995] <... futex resumed>) = 0 [pid 5083] <... close resumed>) = 0 [ 111.815863][ T11] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 111.816099][ T948] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 111.849032][ T11] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 111.895107][ T1062] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:6: mark_inode_dirty error [ 111.897083][ T948] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [ 111.919076][ T11] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 111.931787][ T1062] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 6001] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5995] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] rmdir("./34/bus" [pid 6000] <... write resumed>) = 1048576 [pid 5996] <... futex resumed>) = 0 [pid 5995] <... futex resumed>) = 1 [pid 5083] <... rmdir resumed>) = 0 [pid 5996] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5995] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] getdents64(3, [pid 5996] <... open resumed>) = 5 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5996] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] close(3 [pid 5996] <... futex resumed>) = 1 [pid 5995] <... futex resumed>) = 0 [pid 5083] <... close resumed>) = 0 [pid 5996] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] rmdir("./34" [pid 5996] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5995] <... futex resumed>) = 0 [pid 5083] <... rmdir resumed>) = 0 [pid 5996] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5995] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] mkdir("./35", 0777 [pid 5996] <... mount resumed>) = 0 [pid 5083] <... mkdir resumed>) = 0 [pid 5996] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5996] <... futex resumed>) = 1 [pid 5995] <... futex resumed>) = 0 [pid 5083] <... openat resumed>) = 3 [pid 5996] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] ioctl(3, LOOP_CLR_FD [pid 5996] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5995] <... futex resumed>) = 0 [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5996] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5995] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] close(3 [pid 5996] <... open resumed>) = 6 [pid 5083] <... close resumed>) = 0 [pid 5996] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6000] munmap(0x7f56517c2000, 1048576 [pid 5996] <... futex resumed>) = 1 [pid 5995] <... futex resumed>) = 0 [pid 6000] <... munmap resumed>) = 0 [pid 5996] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6002 [pid 6000] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5996] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5995] <... futex resumed>) = 0 [pid 6000] <... openat resumed>) = 4 [pid 5996] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5995] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6002 attached [pid 6002] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 6002] chdir("./35") = 0 [pid 6002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6002] setpgid(0, 0) = 0 [pid 6002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6002] write(3, "1000", 4) = 4 [pid 6002] close(3) = 0 [pid 6002] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6002] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6002] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6002] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5996] <... write resumed>) = 262144 [pid 6002] <... clone resumed>, parent_tid=[6003], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6003 [pid 5996] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6002] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6000] <... ioctl resumed>) = 0 [pid 6002] <... futex resumed>) = 0 [pid 6000] close(3 [pid 6002] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6000] <... close resumed>) = 0 [pid 5996] <... futex resumed>) = 1 [pid 5995] <... futex resumed>) = 0 [pid 6000] mkdir("./bus", 0777) = 0 [pid 5996] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5995] exit_group(0 [pid 6001] <... futex resumed>) = ? [pid 6000] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5996] <... futex resumed>) = ? [pid 5995] <... exit_group resumed>) = ? [pid 6001] +++ exited with 0 +++ [pid 5996] +++ exited with 0 +++ [ 111.944315][ T948] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 111.957512][ T1062] EXT4-fs (loop1): This should not happen!! Data will be lost [ 111.957512][ T1062] [ 111.968389][ T6000] loop5: detected capacity change from 0 to 2048 [ 111.968491][ T11] EXT4-fs (loop4): This should not happen!! Data will be lost [ 111.968491][ T11] [ 111.985202][ T948] EXT4-fs (loop3): This should not happen!! Data will be lost [ 111.985202][ T948] [pid 5995] +++ exited with 0 +++ ./strace-static-x86_64: Process 6003 attached [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5995, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 6003] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6003] memfd_create("syzkaller", 0) = 3 [pid 6003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5081] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6003] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5081] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5081] unlink("./34/binderfs") = 0 [pid 5081] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6003] <... write resumed>) = 1048576 [ 112.008132][ T1062] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 112.022236][ T948] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 112.037433][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 6003] munmap(0x7f56517c2000, 1048576) = 0 [pid 6003] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6003] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6003] close(3) = 0 [pid 6003] mkdir("./bus", 0777) = 0 [ 112.051142][ T75] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 112.063948][ T6003] loop2: detected capacity change from 0 to 2048 [ 112.073287][ T1062] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 112.074914][ T75] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6003] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6000] <... mount resumed>) = 0 [pid 6000] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6000] chdir("./bus") = 0 [pid 6000] ioctl(4, LOOP_CLR_FD) = 0 [pid 6000] close(4) = 0 [pid 6000] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6000] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5999] <... futex resumed>) = 0 [pid 5999] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6000] <... futex resumed>) = 0 [pid 5999] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] chdir("./file0") = 0 [pid 6000] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5999] <... futex resumed>) = 0 [pid 6000] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5999] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6000] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5999] <... futex resumed>) = 0 [pid 6000] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5999] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] <... openat resumed>) = 4 [pid 6000] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... futex resumed>) = 0 [pid 6000] <... futex resumed>) = 1 [pid 5999] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 112.086482][ T948] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 112.109631][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 112.111868][ T6000] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/35/bus supports timestamps until 2038 (0x7fffffff) [ 112.137690][ T75] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [pid 5999] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5085] <... umount2 resumed>) = 0 [pid 5085] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./33/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] umount2("./33/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./33/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./33/bus") = 0 [pid 5085] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./33") = 0 [ 112.182349][ T75] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 112.207623][ T75] EXT4-fs (loop0): This should not happen!! Data will be lost [ 112.207623][ T75] [pid 5085] mkdir("./34", 0777) = 0 [pid 6000] <... write resumed>) = 262144 [pid 6000] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6000] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] <... umount2 resumed>) = 0 [pid 5082] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./34/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5082] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5082] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] close(4) = 0 [pid 5082] rmdir("./34/bus") = 0 [pid 5082] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] close(3) = 0 [pid 5082] rmdir("./34") = 0 [pid 5082] mkdir("./35", 0777) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5082] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5082] close(3) = 0 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 6008 ./strace-static-x86_64: Process 6008 attached [pid 6008] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 6008] chdir("./35") = 0 [pid 6008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6008] setpgid(0, 0) = 0 [pid 6008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5999] <... futex resumed>) = 0 [pid 5999] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... openat resumed>) = 3 [pid 6008] write(3, "1000", 4) = 4 [pid 6000] <... futex resumed>) = 0 [pid 5999] <... futex resumed>) = 1 [pid 6000] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5999] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6008] close(3 [pid 6003] <... mount resumed>) = 0 [pid 6000] <... mmap resumed>) = 0x20000000 [pid 6008] <... close resumed>) = 0 [pid 6000] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... openat resumed>) = 3 [pid 6000] <... futex resumed>) = 1 [pid 5999] <... futex resumed>) = 0 [pid 5085] ioctl(3, LOOP_CLR_FD [pid 6008] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6008] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6000] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5999] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6000] <... open resumed>) = 5 [pid 5999] <... futex resumed>) = 0 [pid 5999] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5999] <... futex resumed>) = 0 [pid 6000] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 5999] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5999] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] <... mount resumed>) = 0 [pid 6000] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5999] <... futex resumed>) = 0 [pid 6000] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5999] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6000] <... open resumed>) = 6 [pid 5999] <... futex resumed>) = 0 [pid 5999] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] close(3 [pid 6000] <... futex resumed>) = 1 [pid 5999] <... futex resumed>) = 0 [pid 6000] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5999] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... close resumed>) = 0 [pid 5999] <... futex resumed>) = 0 [pid 5999] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6008] <... mmap resumed>) = 0x7f5659bc2000 [pid 6003] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6009 [pid 6003] <... openat resumed>) = 3 [pid 6003] chdir("./bus") = 0 [pid 6003] ioctl(4, LOOP_CLR_FD) = 0 [pid 6003] close(4) = 0 ./strace-static-x86_64: Process 6009 attached [pid 6003] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] set_robust_list(0x555556f1a5e0, 24 [pid 6003] <... futex resumed>) = 1 [pid 6002] <... futex resumed>) = 0 [pid 6009] <... set_robust_list resumed>) = 0 [pid 6003] chdir("./file0" [pid 6002] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] chdir("./34" [pid 6008] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6003] <... chdir resumed>) = 0 [pid 6002] <... futex resumed>) = 0 [pid 6008] <... mprotect resumed>) = 0 [pid 6002] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6008] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6000] <... write resumed>) = 262144 [pid 6000] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5999] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6010 attached [pid 6010] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6010] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6008] <... clone resumed>, parent_tid=[6010], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6010 [pid 6000] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5999] exit_group(0 [pid 6008] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... exit_group resumed>) = ? [pid 6010] <... futex resumed>) = 0 [pid 6008] <... futex resumed>) = 1 [pid 6000] <... futex resumed>) = ? [pid 6010] memfd_create("syzkaller", 0 [pid 6000] +++ exited with 0 +++ [pid 5999] +++ exited with 0 +++ [pid 6010] <... memfd_create resumed>) = 3 [pid 6010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6008] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6010] <... mmap resumed>) = 0x7f56517c2000 [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5999, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5086] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5086] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, [pid 6009] <... chdir resumed>) = 0 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6009] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5086] getdents64(3, [pid 6009] <... prctl resumed>) = 0 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6009] setpgid(0, 0 [pid 5086] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./35/binderfs" [pid 6009] <... setpgid resumed>) = 0 [pid 6009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5086] <... unlink resumed>) = 0 [pid 5086] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6009] <... openat resumed>) = 3 [pid 6009] write(3, "1000", 4) = 4 [pid 6009] close(3) = 0 [ 112.212213][ T6003] ext4 filesystem being mounted at /root/syzkaller.22hR0w/35/bus supports timestamps until 2038 (0x7fffffff) [ 112.243175][ T75] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 112.259343][ T75] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 6009] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6009] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6009] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6003] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... umount2 resumed>) = 0 [pid 6002] <... futex resumed>) = 0 [pid 6003] <... futex resumed>) = 1 [pid 6002] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6002] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6011], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6011 [pid 6003] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6009] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6009] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6003] <... openat resumed>) = 4 ./strace-static-x86_64: Process 6011 attached [pid 6010] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5084] <... umount2 resumed>) = 0 [pid 5081] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6011] set_robust_list(0x7f5659be29e0, 24 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6011] <... set_robust_list resumed>) = 0 [pid 5081] lstat("./34/bus", [pid 6011] memfd_create("syzkaller", 0 [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6011] <... memfd_create resumed>) = 3 [pid 6003] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6003] <... futex resumed>) = 1 [pid 6002] <... futex resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6011] <... mmap resumed>) = 0x7f56517c2000 [pid 6010] <... write resumed>) = 1048576 [pid 6003] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6002] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6011] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6010] munmap(0x7f56517c2000, 1048576 [pid 5084] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] lstat("./35/bus", [pid 6010] <... munmap resumed>) = 0 [pid 6002] <... futex resumed>) = 0 [pid 5081] <... openat resumed>) = 4 [pid 6010] openat(AT_FDCWD, "/dev/loop1", O_RDWR [ 112.342205][ T9] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 112.363656][ T9] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6002] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] fstat(4, [pid 6011] <... write resumed>) = 1048576 [pid 6010] <... openat resumed>) = 4 [pid 6003] <... write resumed>) = 262144 [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5084] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5084] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6010] ioctl(4, LOOP_SET_FD, 3 [pid 6003] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] close(4 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6003] <... futex resumed>) = 1 [pid 6002] <... futex resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 6011] munmap(0x7f56517c2000, 1048576 [pid 6010] <... ioctl resumed>) = 0 [pid 6003] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6002] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] rmdir("./35/bus" [pid 5081] getdents64(4, [pid 6011] <... munmap resumed>) = 0 [pid 6010] close(3 [pid 6003] <... mmap resumed>) = 0x20000000 [pid 6002] <... futex resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6011] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6010] <... close resumed>) = 0 [pid 6003] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6002] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] getdents64(4, [pid 6011] <... openat resumed>) = 4 [pid 6010] mkdir("./bus", 0777 [pid 6003] <... futex resumed>) = 0 [pid 6002] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] <... rmdir resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [ 112.408515][ T9] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [ 112.422679][ T6010] loop1: detected capacity change from 0 to 2048 [ 112.430402][ T9] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 6011] ioctl(4, LOOP_SET_FD, 3 [pid 6010] <... mkdir resumed>) = 0 [pid 6003] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6002] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] getdents64(3, [pid 5081] close(4 [pid 6010] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6003] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6002] <... futex resumed>) = 0 [pid 5081] <... close resumed>) = 0 [pid 6011] <... ioctl resumed>) = 0 [pid 6003] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6002] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5081] rmdir("./34/bus" [pid 6011] close(3 [pid 6003] <... open resumed>) = 5 [pid 5084] close(3 [pid 5081] <... rmdir resumed>) = 0 [pid 6011] <... close resumed>) = 0 [pid 6003] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] getdents64(3, [pid 6011] mkdir("./bus", 0777 [pid 6003] <... futex resumed>) = 1 [pid 6002] <... futex resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6011] <... mkdir resumed>) = 0 [pid 6003] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6002] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] close(3 [pid 6011] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6003] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6002] <... futex resumed>) = 0 [pid 5081] <... close resumed>) = 0 [ 112.456826][ T6011] loop4: detected capacity change from 0 to 2048 [ 112.464183][ T5123] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 112.479345][ T9] EXT4-fs (loop5): This should not happen!! Data will be lost [ 112.479345][ T9] [ 112.494046][ T6010] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/35/bus supports timestamps until 2038 (0x7fffffff) [pid 6003] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 6002] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... close resumed>) = 0 [pid 5081] rmdir("./34" [pid 6003] <... mount resumed>) = 0 [pid 5081] <... rmdir resumed>) = 0 [pid 6003] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] mkdir("./35", 0777 [pid 6003] <... futex resumed>) = 1 [pid 6002] <... futex resumed>) = 0 [pid 5081] <... mkdir resumed>) = 0 [pid 6003] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6002] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6003] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6002] <... futex resumed>) = 0 [pid 5081] <... openat resumed>) = 3 [pid 6003] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6002] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] ioctl(3, LOOP_CLR_FD [pid 6003] <... open resumed>) = 6 [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6003] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] close(3 [pid 6003] <... futex resumed>) = 1 [pid 6002] <... futex resumed>) = 0 [pid 5081] <... close resumed>) = 0 [pid 6003] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6002] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] rmdir("./35" [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6003] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6002] <... futex resumed>) = 0 [pid 6003] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6002] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6015 ./strace-static-x86_64: Process 6015 attached [pid 5084] <... rmdir resumed>) = 0 [pid 6015] set_robust_list(0x555556f1a5e0, 24 [pid 5084] mkdir("./36", 0777 [pid 6015] <... set_robust_list resumed>) = 0 [pid 6003] <... write resumed>) = 262144 [pid 6010] <... mount resumed>) = 0 [pid 5084] <... mkdir resumed>) = 0 [pid 6015] chdir("./35" [pid 6003] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6015] <... chdir resumed>) = 0 [pid 6003] <... futex resumed>) = 1 [pid 6002] <... futex resumed>) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6015] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6003] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6002] exit_group(0) = ? [pid 6010] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6003] <... futex resumed>) = ? [pid 6010] <... openat resumed>) = 3 [pid 6003] +++ exited with 0 +++ [pid 6002] +++ exited with 0 +++ [pid 6010] chdir("./bus") = 0 [pid 6010] ioctl(4, LOOP_CLR_FD) = 0 [pid 6010] close(4) = 0 [pid 6015] <... prctl resumed>) = 0 [pid 6010] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... openat resumed>) = 3 [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6002, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 6015] setpgid(0, 0 [pid 6010] <... futex resumed>) = 1 [pid 6008] <... futex resumed>) = 0 [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5083] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6015] <... setpgid resumed>) = 0 [pid 6008] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6010] chdir("./file0" [pid 6008] <... futex resumed>) = 0 [pid 5084] close(3 [pid 5083] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6015] <... openat resumed>) = 3 [pid 6010] <... chdir resumed>) = 0 [pid 6008] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... close resumed>) = 0 [pid 6015] write(3, "1000", 4 [pid 6010] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5083] <... openat resumed>) = 3 [pid 6015] <... write resumed>) = 4 [pid 6010] <... futex resumed>) = 0 [pid 6010] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6008] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6015] close(3 [pid 5083] fstat(3, [pid 6010] <... futex resumed>) = 0 [pid 6008] <... futex resumed>) = 1 [ 112.501698][ T9] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 112.539732][ T9] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 ./strace-static-x86_64: Process 6018 attached [pid 6015] <... close resumed>) = 0 [pid 6010] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6008] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6018 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6015] symlink("/dev/binderfs", "./binderfs" [pid 5086] <... umount2 resumed>) = 0 [pid 5083] getdents64(3, [pid 6015] <... symlink resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6015] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] <... openat resumed>) = 4 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6015] <... futex resumed>) = 0 [pid 5083] lstat("./35/binderfs", [pid 6015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6010] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6015] <... mmap resumed>) = 0x7f5659bc2000 [pid 6010] <... futex resumed>) = 1 [pid 6008] <... futex resumed>) = 0 [pid 5083] unlink("./35/binderfs" [pid 6015] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6010] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6008] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6015] <... mprotect resumed>) = 0 [pid 5083] <... unlink resumed>) = 0 [pid 6015] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6008] <... futex resumed>) = 0 [pid 6008] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6015] <... clone resumed>, parent_tid=[6019], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6019 [pid 6011] <... mount resumed>) = 0 [pid 6015] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6015] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6011] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6011] chdir("./bus" [pid 6018] set_robust_list(0x555556f1a5e0, 24 [pid 5086] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6018] <... set_robust_list resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6018] chdir("./36" [pid 5086] lstat("./35/bus", [pid 6018] <... chdir resumed>) = 0 [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 ./strace-static-x86_64: Process 6019 attached [pid 6018] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5086] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6018] <... prctl resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6019] set_robust_list(0x7f5659be29e0, 24 [pid 6018] setpgid(0, 0 [pid 6011] <... chdir resumed>) = 0 [pid 5086] openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6019] <... set_robust_list resumed>) = 0 [pid 6018] <... setpgid resumed>) = 0 [pid 6011] ioctl(4, LOOP_CLR_FD [pid 5086] <... openat resumed>) = 4 [pid 6018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6011] <... ioctl resumed>) = 0 [pid 5086] fstat(4, [pid 6019] memfd_create("syzkaller", 0 [pid 6011] close(4 [pid 6019] <... memfd_create resumed>) = 3 [pid 6018] <... openat resumed>) = 3 [pid 6011] <... close resumed>) = 0 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6018] write(3, "1000", 4 [pid 6011] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] getdents64(4, [pid 6019] <... mmap resumed>) = 0x7f56517c2000 [pid 6018] <... write resumed>) = 4 [pid 6011] <... futex resumed>) = 1 [pid 6009] <... futex resumed>) = 0 [pid 6018] close(3 [pid 6011] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6009] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] <... close resumed>) = 0 [pid 6011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6009] <... futex resumed>) = 0 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6018] symlink("/dev/binderfs", "./binderfs" [pid 6011] chdir("./file0" [pid 6009] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 112.598635][ T6011] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/34/bus supports timestamps until 2038 (0x7fffffff) [ 112.627950][ T9] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 5086] getdents64(4, [pid 6018] <... symlink resumed>) = 0 [pid 6011] <... chdir resumed>) = 0 [pid 6010] <... write resumed>) = 262144 [pid 6008] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5086] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6019] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6018] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] close(4 [pid 6018] <... futex resumed>) = 0 [pid 6011] <... futex resumed>) = 1 [pid 6009] <... futex resumed>) = 0 [pid 6008] <... futex resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 6018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6011] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6010] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5086] rmdir("./35/bus" [pid 6018] <... mmap resumed>) = 0x7f5659bc2000 [pid 6011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6009] <... futex resumed>) = 0 [pid 6008] <... mmap resumed>) = 0x7f56518a1000 [pid 5086] <... rmdir resumed>) = 0 [pid 6018] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6011] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6009] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6008] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 5086] getdents64(3, [pid 6018] <... mprotect resumed>) = 0 [pid 6011] <... openat resumed>) = 4 [pid 6008] <... mprotect resumed>) = 0 [pid 6019] <... write resumed>) = 1048576 [pid 6018] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6011] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] <... futex resumed>) = 0 [pid 6008] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [ 112.674350][ T9] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 112.687993][ T9] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [ 112.703404][ T9] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 112.716663][ T9] EXT4-fs (loop2): This should not happen!! Data will be lost [pid 6019] munmap(0x7f56517c2000, 1048576 [pid 6011] <... futex resumed>) = 1 [pid 6010] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6009] <... futex resumed>) = 0 [pid 5086] close(3./strace-static-x86_64: Process 6020 attached [pid 6020] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6020] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6011] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6009] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... close resumed>) = 0 [pid 6011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6008] <... clone resumed>, parent_tid=[6021], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 6021 [pid 6011] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6009] <... futex resumed>) = 0 [pid 6008] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] <... clone resumed>, parent_tid=[6020], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6020 [pid 5086] rmdir("./35" [pid 6019] <... munmap resumed>) = 0 [pid 6018] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6008] <... futex resumed>) = 0 [pid 5086] <... rmdir resumed>) = 0 [pid 6020] <... futex resumed>) = 0 [pid 6018] <... futex resumed>) = 1 [pid 6008] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6018] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5086] mkdir("./36", 0777 [pid 6020] memfd_create("syzkaller", 0) = 3 [pid 6020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5086] <... mkdir resumed>) = 0 [pid 6020] <... mmap resumed>) = 0x7f56517c2000 ./strace-static-x86_64: Process 6021 attached [pid 6019] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6019] <... openat resumed>) = 4 [pid 5086] <... openat resumed>) = 3 [pid 5086] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5086] close(3) = 0 [ 112.716663][ T9] [ 112.731411][ T9] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 6021] set_robust_list(0x7f56518c19e0, 24 [pid 6019] ioctl(4, LOOP_SET_FD, 3 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6020] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6022 ./strace-static-x86_64: Process 6022 attached [pid 6022] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 6022] chdir("./36") = 0 [pid 6022] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6022] setpgid(0, 0) = 0 [pid 6022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6022] write(3, "1000", 4) = 4 [pid 6022] close(3) = 0 [pid 6022] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6022] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6021] <... set_robust_list resumed>) = 0 [pid 6011] <... write resumed>) = 262144 [pid 6022] <... futex resumed>) = 0 [pid 6021] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6011] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6008] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6022] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6019] <... ioctl resumed>) = 0 [pid 6022] <... mmap resumed>) = 0x7f5659bc2000 [pid 6019] close(3 [pid 6022] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6019] <... close resumed>) = 0 [pid 6022] <... mprotect resumed>) = 0 [pid 6019] mkdir("./bus", 0777 [pid 6022] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6019] <... mkdir resumed>) = 0 [pid 6019] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6022] <... clone resumed>, parent_tid=[6023], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6023 [pid 6021] <... mmap resumed>) = 0x20000000 [pid 6011] <... futex resumed>) = 0 [pid 6009] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6022] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6021] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6010] <... futex resumed>) = 0 [pid 6009] <... futex resumed>) = 0 [pid 6008] <... futex resumed>) = 1 [pid 6022] <... futex resumed>) = 0 [pid 6021] <... futex resumed>) = 0 [pid 6022] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6023 attached [pid 6023] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6023] memfd_create("syzkaller", 0 [pid 6011] <... mmap resumed>) = 0x20000000 [pid 6010] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6009] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6008] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6021] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6011] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] <... memfd_create resumed>) = 3 [pid 6023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6010] <... open resumed>) = 5 [pid 6009] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6011] <... futex resumed>) = 0 [pid 6010] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6011] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6010] <... futex resumed>) = 1 [pid 6009] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6008] <... futex resumed>) = 0 [ 112.765350][ T6019] loop0: detected capacity change from 0 to 2048 [ 112.778901][ T9] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 6020] <... write resumed>) = 1048576 [pid 6011] <... open resumed>) = 5 [pid 6010] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6008] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6008] <... futex resumed>) = 0 [pid 6011] <... futex resumed>) = 1 [pid 6010] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 6009] <... futex resumed>) = 0 [pid 6008] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6020] munmap(0x7f56517c2000, 1048576 [pid 6011] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6010] <... mount resumed>) = 0 [pid 6009] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] <... write resumed>) = 1048576 [pid 6020] <... munmap resumed>) = 0 [pid 6019] <... mount resumed>) = 0 [pid 6011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6010] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] <... futex resumed>) = 0 [pid 5083] <... umount2 resumed>) = 0 [pid 6023] munmap(0x7f56517c2000, 1048576 [pid 6020] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6019] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6011] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 6010] <... futex resumed>) = 1 [pid 6009] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6008] <... futex resumed>) = 0 [pid 5083] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6023] <... munmap resumed>) = 0 [pid 6020] <... openat resumed>) = 4 [pid 6019] <... openat resumed>) = 3 [pid 6011] <... mount resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6010] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6023] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6020] ioctl(4, LOOP_SET_FD, 3 [pid 6019] chdir("./bus" [pid 6011] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6008] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] lstat("./35/bus", [pid 6023] <... openat resumed>) = 4 [pid 6019] <... chdir resumed>) = 0 [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6023] ioctl(4, LOOP_SET_FD, 3 [pid 6020] <... ioctl resumed>) = 0 [pid 6019] ioctl(4, LOOP_CLR_FD [pid 5083] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6020] close(3 [pid 6019] <... ioctl resumed>) = 0 [pid 6011] <... futex resumed>) = 1 [pid 6010] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6009] <... futex resumed>) = 0 [pid 6008] <... futex resumed>) = 0 [pid 6023] <... ioctl resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6023] close(3 [pid 6020] <... close resumed>) = 0 [pid 6019] close(4 [pid 5083] openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6023] <... close resumed>) = 0 [pid 6019] <... close resumed>) = 0 [pid 5083] <... openat resumed>) = 4 [pid 6023] mkdir("./bus", 0777 [pid 6019] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] fstat(4, [pid 6023] <... mkdir resumed>) = 0 [pid 6019] <... futex resumed>) = 1 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6023] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6019] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5083] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6011] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] close(4 [pid 6010] <... open resumed>) = 6 [pid 6009] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6015] <... futex resumed>) = 0 [pid 6008] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... close resumed>) = 0 [pid 6011] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6015] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6010] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] <... futex resumed>) = 0 [pid 6008] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] rmdir("./35/bus" [pid 6019] <... futex resumed>) = 0 [pid 6015] <... futex resumed>) = 1 [pid 6011] <... open resumed>) = 6 [pid 6010] <... futex resumed>) = 0 [pid 6009] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6008] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... rmdir resumed>) = 0 [pid 6019] chdir("./file0" [pid 6015] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6011] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6008] <... futex resumed>) = 0 [pid 6020] mkdir("./bus", 0777 [pid 5083] getdents64(3, [pid 6008] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5083] close(3) = 0 [pid 5083] rmdir("./35") = 0 [pid 5083] mkdir("./36", 0777) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5083] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5083] close(3) = 0 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6020] <... mkdir resumed>) = 0 [pid 6019] <... chdir resumed>) = 0 [pid 6011] <... futex resumed>) = 1 [pid 6009] <... futex resumed>) = 0 [pid 6019] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6026 [pid 6019] <... futex resumed>) = 1 [pid 6015] <... futex resumed>) = 0 [pid 6011] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6009] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6019] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6015] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6009] <... futex resumed>) = 0 [pid 6019] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6019] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6015] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] <... openat resumed>) = 4 [ 112.834974][ T6019] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/35/bus supports timestamps until 2038 (0x7fffffff) [ 112.866050][ T6020] loop3: detected capacity change from 0 to 2048 [ 112.874631][ T6023] loop5: detected capacity change from 0 to 2048 [pid 6019] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] <... write resumed>) = 262144 [pid 6010] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6015] <... futex resumed>) = 0 [pid 6019] <... futex resumed>) = 1 [pid 6015] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] <... futex resumed>) = 1 [pid 6008] <... futex resumed>) = 0 [pid 6019] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6015] <... futex resumed>) = 0 [pid 6008] exit_group(0 [pid 6015] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6021] <... futex resumed>) = ? [pid 6008] <... exit_group resumed>) = ? [pid 6021] +++ exited with 0 +++ [pid 6010] +++ exited with 0 +++ [pid 6008] +++ exited with 0 +++ [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6008, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5082] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6026 attached ) = -1 EINVAL (Invalid argument) [pid 5082] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5082] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6026] set_robust_list(0x555556f1a5e0, 24 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./35/binderfs", [pid 6026] <... set_robust_list resumed>) = 0 [pid 5082] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6026] chdir("./36" [pid 5082] unlink("./35/binderfs" [pid 6026] <... chdir resumed>) = 0 [pid 6026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6026] setpgid(0, 0 [pid 5082] <... unlink resumed>) = 0 [pid 6026] <... setpgid resumed>) = 0 [pid 5082] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6026] write(3, "1000", 4) = 4 [pid 6026] close(3) = 0 [pid 6026] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6026] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6026] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6026] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6029], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6029 [pid 6026] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6029 attached [pid 6019] <... write resumed>) = 262144 [pid 6009] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6023] <... mount resumed>) = 0 [pid 6023] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6023] chdir("./bus") = 0 [pid 6023] ioctl(4, LOOP_CLR_FD) = 0 [pid 6023] close(4) = 0 [pid 6023] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6022] <... futex resumed>) = 0 [pid 6022] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6022] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6023] <... futex resumed>) = 1 [pid 6023] chdir("./file0") = 0 [pid 6023] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6022] <... futex resumed>) = 0 [pid 6022] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6022] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6023] <... futex resumed>) = 1 [pid 6023] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6029] set_robust_list(0x7f5659be29e0, 24 [pid 6019] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6015] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6029] <... set_robust_list resumed>) = 0 [pid 6019] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6015] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] <... write resumed>) = 262144 [pid 6029] memfd_create("syzkaller", 0 [pid 6015] <... futex resumed>) = 0 [pid 6011] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] <... mmap resumed>) = 0x20000000 [pid 6015] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6011] <... futex resumed>) = 0 [pid 6009] exit_group(0 [pid 6011] exit_group(0 [pid 6009] <... exit_group resumed>) = ? [pid 6011] +++ exited with 0 +++ [pid 6029] <... memfd_create resumed>) = 3 [pid 6029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6019] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6009] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6009, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 6019] <... futex resumed>) = 1 [pid 6015] <... futex resumed>) = 0 [ 112.937308][ T948] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 112.953865][ T6023] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/36/bus supports timestamps until 2038 (0x7fffffff) [ 112.966063][ T948] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6019] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6015] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6015] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] <... open resumed>) = 5 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6019] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... openat resumed>) = 3 [pid 6019] <... futex resumed>) = 1 [pid 6015] <... futex resumed>) = 0 [pid 5085] fstat(3, [pid 6015] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6019] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6015] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6019] <... mount resumed>) = 0 [pid 5085] umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6022] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5085] lstat("./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./34/binderfs" [pid 6022] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6022] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5085] <... unlink resumed>) = 0 [pid 6022] <... mmap resumed>) = 0x7f56518a1000 [pid 6022] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 5085] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6022] <... mprotect resumed>) = 0 [pid 6022] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6032], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 6032 [pid 6022] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6022] <... futex resumed>) = 0 [pid 6019] <... futex resumed>) = 1 [pid 6015] <... futex resumed>) = 0 [pid 6022] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6015] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6015] <... futex resumed>) = 0 [ 112.991297][ T948] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [ 113.012322][ T6020] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/36/bus supports timestamps until 2038 (0x7fffffff) [pid 6019] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6015] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] <... open resumed>) = 6 [pid 6019] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6015] <... futex resumed>) = 0 [pid 6019] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6015] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6015] <... futex resumed>) = 0 [pid 6019] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6015] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6023] <... openat resumed>) = 4 [pid 6029] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6023] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6022] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6020] <... mount resumed>) = 0 [pid 6015] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 113.041099][ T46] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 113.073154][ T948] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 ./strace-static-x86_64: Process 6032 attached [pid 6023] <... futex resumed>) = 0 [pid 6022] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6023] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6022] <... futex resumed>) = 0 [pid 6020] <... openat resumed>) = 3 [pid 6032] set_robust_list(0x7f56518c19e0, 24 [pid 6023] <... mmap resumed>) = 0x20000000 [pid 6032] <... set_robust_list resumed>) = 0 [pid 6023] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] <... write resumed>) = 262144 [pid 6032] write(4, 0x20000040, 34136651 [pid 6023] <... futex resumed>) = 0 [pid 6022] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6020] chdir("./bus" [pid 6019] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] <... write resumed>) = -1 EFAULT (Bad address) [pid 6023] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6019] <... futex resumed>) = 0 [pid 6032] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6015] exit_group(0 [pid 6032] <... futex resumed>) = 0 [pid 6022] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6020] <... chdir resumed>) = 0 [pid 6019] <... futex resumed>) = ? [pid 6015] <... exit_group resumed>) = ? [ 113.086131][ T948] EXT4-fs (loop1): This should not happen!! Data will be lost [ 113.086131][ T948] [ 113.098012][ T948] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 113.113075][ T948] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 113.126874][ T46] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6032] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6022] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] ioctl(4, LOOP_CLR_FD [pid 6019] +++ exited with 0 +++ [pid 6015] +++ exited with 0 +++ [pid 6022] <... futex resumed>) = 1 [pid 6020] <... ioctl resumed>) = 0 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6015, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6023] <... futex resumed>) = 0 [pid 6023] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000c4} --- [pid 6022] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6020] close(4) = 0 [pid 6032] <... futex resumed>) = ? [pid 6029] <... write resumed>) = 1048576 [pid 6022] <... futex resumed>) = ? [pid 6020] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] +++ killed by SIGBUS +++ [pid 6029] munmap(0x7f56517c2000, 1048576 [pid 6023] +++ killed by SIGBUS +++ [pid 6022] +++ killed by SIGBUS +++ [pid 6020] <... futex resumed>) = 1 [pid 6018] <... futex resumed>) = 0 [pid 6029] <... munmap resumed>) = 0 [pid 6020] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6018] <... futex resumed>) = 0 [ 113.137102][ T46] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:3: mark_inode_dirty error [ 113.151092][ T46] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 113.163665][ T46] EXT4-fs (loop4): This should not happen!! Data will be lost [ 113.163665][ T46] [ 113.175007][ T46] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6022, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5081] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6029] <... openat resumed>) = 4 [pid 6020] chdir("./file0" [pid 6018] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6029] ioctl(4, LOOP_SET_FD, 3 [pid 6020] <... chdir resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6020] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5081] <... openat resumed>) = 3 [pid 6029] <... ioctl resumed>) = 0 [pid 6020] <... futex resumed>) = 1 [pid 6018] <... futex resumed>) = 0 [pid 5086] <... openat resumed>) = 3 [pid 6020] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] fstat(3, [pid 6020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6018] <... futex resumed>) = 0 [pid 5086] fstat(3, [pid 6029] close(3 [pid 6020] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6018] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6029] <... close resumed>) = 0 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6029] mkdir("./bus", 0777) = 0 [pid 6020] <... openat resumed>) = 4 [pid 5086] getdents64(3, [pid 5081] getdents64(3, [pid 6029] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6020] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./36/binderfs", [pid 6020] <... futex resumed>) = 1 [pid 6018] <... futex resumed>) = 0 [pid 5081] lstat("./35/binderfs", [pid 6018] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6020] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6018] <... futex resumed>) = 0 [pid 5086] unlink("./36/binderfs" [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6018] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... unlink resumed>) = 0 [pid 5081] unlink("./35/binderfs") = 0 [ 113.195847][ T46] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 113.213557][ T6029] loop2: detected capacity change from 0 to 2048 [pid 5086] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6020] <... write resumed>) = 262144 [pid 5082] <... umount2 resumed>) = 0 [pid 5082] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./35/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5082] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5082] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] close(4) = 0 [pid 5082] rmdir("./35/bus") = 0 [pid 5082] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] close(3) = 0 [pid 5082] rmdir("./35") = 0 [pid 5082] mkdir("./36", 0777) = 0 [pid 6020] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5085] <... umount2 resumed>) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5082] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5082] close(3 [pid 6020] <... futex resumed>) = 0 [pid 6018] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... close resumed>) = 0 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6020] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6018] <... futex resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6018] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6020] <... mmap resumed>) = 0x20000000 [pid 5085] lstat("./34/bus", [pid 6020] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 113.268483][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 113.285841][ T9] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 113.291082][ T6029] ext4 filesystem being mounted at /root/syzkaller.22hR0w/36/bus supports timestamps until 2038 (0x7fffffff) [ 113.305797][ T9] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [pid 6020] <... futex resumed>) = 1 [pid 6018] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = 0 [pid 5085] umount2("./34/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6020] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6018] <... futex resumed>) = 0 [pid 5085] openat(AT_FDCWD, "./34/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6020] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6018] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... openat resumed>) = 4 [pid 6020] <... open resumed>) = 5 [pid 5085] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6020] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] getdents64(4, [pid 6020] <... futex resumed>) = 1 [pid 6018] <... futex resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6020] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] getdents64(4, [pid 6020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6018] <... futex resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6020] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 6018] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] close(4 [pid 6020] <... mount resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 6020] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] rmdir("./34/bus" [pid 6020] <... futex resumed>) = 1 [pid 6018] <... futex resumed>) = 0 [pid 5085] <... rmdir resumed>) = 0 [pid 6020] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] getdents64(3, [pid 6020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6018] <... futex resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6020] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6018] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] close(3 [pid 6020] <... open resumed>) = 6 [pid 5085] <... close resumed>) = 0 [pid 6020] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] rmdir("./34" [pid 6029] <... mount resumed>) = 0 [pid 6020] <... futex resumed>) = 1 [ 113.336206][ T9] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 113.349599][ T9] EXT4-fs (loop0): This should not happen!! Data will be lost [ 113.349599][ T9] [ 113.362745][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 6018] <... futex resumed>) = 0 [pid 5086] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6035 attached [pid 6029] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6020] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] mkdir("./35", 0777 [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6035 [pid 6035] set_robust_list(0x555556f1a5e0, 24 [pid 6029] <... openat resumed>) = 3 [pid 6020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6018] <... futex resumed>) = 0 [pid 5086] lstat("./36/bus", [pid 5085] <... mkdir resumed>) = 0 [pid 5081] <... umount2 resumed>) = 0 [pid 6035] <... set_robust_list resumed>) = 0 [ 113.376651][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 6029] chdir("./bus" [pid 6020] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6018] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5081] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6035] chdir("./36" [pid 6029] <... chdir resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6035] <... chdir resumed>) = 0 [pid 6029] ioctl(4, LOOP_CLR_FD [pid 5081] lstat("./35/bus", [pid 6035] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6029] <... ioctl resumed>) = 0 [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6035] <... prctl resumed>) = 0 [pid 6029] close(4 [pid 5081] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6035] setpgid(0, 0 [pid 6029] <... close resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6035] <... setpgid resumed>) = 0 [pid 6029] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6029] <... futex resumed>) = 1 [pid 6026] <... futex resumed>) = 0 [pid 5081] <... openat resumed>) = 4 [pid 6035] <... openat resumed>) = 3 [pid 6029] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... openat resumed>) = 3 [pid 5081] fstat(4, [pid 6035] write(3, "1000", 4 [pid 6029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6026] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] ioctl(3, LOOP_CLR_FD [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6035] <... write resumed>) = 4 [pid 6029] chdir("./file0" [pid 6026] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5081] getdents64(4, [pid 6035] close(3 [pid 6029] <... chdir resumed>) = 0 [pid 5086] <... openat resumed>) = 4 [pid 5085] close(3 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6035] <... close resumed>) = 0 [pid 6029] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] fstat(4, [pid 5085] <... close resumed>) = 0 [pid 5081] getdents64(4, [pid 6035] symlink("/dev/binderfs", "./binderfs" [pid 6029] <... futex resumed>) = 1 [pid 6026] <... futex resumed>) = 0 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6035] <... symlink resumed>) = 0 [pid 6029] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5081] close(4 [pid 6035] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6026] <... futex resumed>) = 0 [pid 5086] getdents64(4, [pid 5081] <... close resumed>) = 0 [pid 6035] <... futex resumed>) = 0 [pid 5081] rmdir("./35/bus" [pid 6035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6029] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6026] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5081] <... rmdir resumed>) = 0 [pid 6035] <... mmap resumed>) = 0x7f5659bc2000 [pid 5081] getdents64(3, [pid 6035] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6035] <... mprotect resumed>) = 0 [pid 5081] close(3 [pid 6035] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5086] getdents64(4, [pid 5081] <... close resumed>) = 0 [pid 5081] rmdir("./35" [pid 6035] <... clone resumed>, parent_tid=[6037], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6037 [pid 6029] <... openat resumed>) = 4 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6036 [pid 5081] <... rmdir resumed>) = 0 [pid 6035] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] close(4 [pid 5081] mkdir("./36", 0777 [pid 6035] <... futex resumed>) = 0 [pid 6029] <... futex resumed>) = 1 [pid 6026] <... futex resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5081] <... mkdir resumed>) = 0 [pid 6035] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6029] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] rmdir("./36/bus" [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6026] <... futex resumed>) = 0 [pid 5081] <... openat resumed>) = 3 [pid 6026] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] ioctl(3, LOOP_CLR_FD [pid 6029] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5086] <... rmdir resumed>) = 0 [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5081] close(3) = 0 [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6037 attached [pid 6037] set_robust_list(0x7f5659be29e0, 24 [pid 5086] getdents64(3, [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6038 [pid 6037] <... set_robust_list resumed>) = 0 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6038 attached ./strace-static-x86_64: Process 6036 attached [pid 6037] memfd_create("syzkaller", 0 [pid 6029] <... write resumed>) = 262144 [pid 6020] <... write resumed>) = 262144 [pid 5086] close(3 [pid 6038] set_robust_list(0x555556f1a5e0, 24 [pid 6037] <... memfd_create resumed>) = 3 [pid 6036] set_robust_list(0x555556f1a5e0, 24 [pid 6029] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... close resumed>) = 0 [pid 6038] <... set_robust_list resumed>) = 0 [pid 6037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6036] <... set_robust_list resumed>) = 0 [pid 6029] <... futex resumed>) = 1 [pid 6026] <... futex resumed>) = 0 [pid 6020] <... futex resumed>) = 0 [pid 6018] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5086] rmdir("./36" [pid 6038] chdir("./36" [pid 6037] <... mmap resumed>) = 0x7f56517c2000 [pid 6036] chdir("./35" [pid 6029] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] exit_group(0 [pid 5086] <... rmdir resumed>) = 0 [pid 6038] <... chdir resumed>) = 0 [pid 6036] <... chdir resumed>) = 0 [pid 6029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6026] <... futex resumed>) = 0 [pid 6020] <... futex resumed>) = ? [pid 6018] <... exit_group resumed>) = ? [pid 5086] mkdir("./37", 0777 [pid 6038] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6037] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6036] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6029] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6026] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6020] +++ exited with 0 +++ [pid 6018] +++ exited with 0 +++ [pid 5086] <... mkdir resumed>) = 0 [pid 6038] <... prctl resumed>) = 0 [pid 6036] <... prctl resumed>) = 0 [pid 6029] <... mmap resumed>) = 0x20000000 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6018, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 6038] setpgid(0, 0 [pid 6036] setpgid(0, 0 [pid 6029] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... openat resumed>) = 3 [pid 6038] <... setpgid resumed>) = 0 [pid 6036] <... setpgid resumed>) = 0 [pid 6029] <... futex resumed>) = 1 [pid 6026] <... futex resumed>) = 0 [pid 5086] ioctl(3, LOOP_CLR_FD [pid 6038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6029] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5084] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6038] <... openat resumed>) = 3 [pid 6036] <... openat resumed>) = 3 [pid 6029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6026] <... futex resumed>) = 0 [pid 5086] close(3 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6038] write(3, "1000", 4 [pid 6036] write(3, "1000", 4 [pid 6029] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6026] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... close resumed>) = 0 [pid 5084] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6038] <... write resumed>) = 4 [pid 6036] <... write resumed>) = 4 [pid 6029] <... open resumed>) = 5 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5084] <... openat resumed>) = 3 [pid 6038] close(3 [pid 6036] close(3 [pid 6029] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] fstat(3, [pid 6038] <... close resumed>) = 0 [pid 6036] <... close resumed>) = 0 [pid 6029] <... futex resumed>) = 1 [pid 6026] <... futex resumed>) = 0 [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6039 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6038] symlink("/dev/binderfs", "./binderfs" [pid 6036] symlink("/dev/binderfs", "./binderfs" [pid 6029] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] getdents64(3, [pid 6038] <... symlink resumed>) = 0 [pid 6036] <... symlink resumed>) = 0 [pid 6029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6026] <... futex resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6038] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 6026] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6038] <... futex resumed>) = 0 [pid 6036] <... futex resumed>) = 0 [pid 6029] <... mount resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6029] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] lstat("./36/binderfs", [pid 6038] <... mmap resumed>) = 0x7f5659bc2000 [pid 6036] <... mmap resumed>) = 0x7f5659bc2000 [pid 6029] <... futex resumed>) = 1 [pid 6026] <... futex resumed>) = 0 [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6038] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6036] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6029] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] unlink("./36/binderfs" [pid 6038] <... mprotect resumed>) = 0 [pid 6037] <... write resumed>) = 1048576 [pid 6036] <... mprotect resumed>) = 0 [pid 6029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6026] <... futex resumed>) = 0 [pid 5084] <... unlink resumed>) = 0 [pid 6038] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6036] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6029] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6026] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 113.522359][ T27] kauditd_printk_skb: 15 callbacks suppressed [ 113.522378][ T27] audit: type=1800 audit(1678856064.925:217): pid=6029 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop2" ino=19 res=0 errno=0 [pid 5084] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6041 attached ./strace-static-x86_64: Process 6039 attached [pid 6037] munmap(0x7f56517c2000, 1048576 [pid 6029] <... open resumed>) = 6 [pid 6041] set_robust_list(0x7f5659be29e0, 24 [pid 6039] set_robust_list(0x555556f1a5e0, 24 [pid 6038] <... clone resumed>, parent_tid=[6040], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6040 [pid 6037] <... munmap resumed>) = 0 [pid 6036] <... clone resumed>, parent_tid=[6041], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6041 [pid 6029] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6040 attached [pid 6041] <... set_robust_list resumed>) = 0 [pid 6039] <... set_robust_list resumed>) = 0 [pid 6038] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6036] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6029] <... futex resumed>) = 1 [pid 6026] <... futex resumed>) = 0 [pid 6041] memfd_create("syzkaller", 0 [pid 6040] set_robust_list(0x7f5659be29e0, 24 [pid 6039] chdir("./37" [pid 6038] <... futex resumed>) = 0 [pid 6037] <... openat resumed>) = 4 [pid 6036] <... futex resumed>) = 0 [pid 6029] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] <... memfd_create resumed>) = 3 [pid 6040] <... set_robust_list resumed>) = 0 [pid 6039] <... chdir resumed>) = 0 [pid 6038] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6037] ioctl(4, LOOP_SET_FD, 3 [pid 6036] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6029] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6026] <... futex resumed>) = 0 [pid 6041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6040] memfd_create("syzkaller", 0 [pid 6039] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6029] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6026] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... mmap resumed>) = 0x7f56517c2000 [pid 6040] <... memfd_create resumed>) = 3 [pid 6039] <... prctl resumed>) = 0 [pid 6040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6029] <... write resumed>) = 262144 [pid 6040] <... mmap resumed>) = 0x7f56517c2000 [pid 6039] setpgid(0, 0 [pid 6029] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6039] <... setpgid resumed>) = 0 [pid 6037] <... ioctl resumed>) = 0 [pid 6029] <... futex resumed>) = 1 [pid 6026] <... futex resumed>) = 0 [pid 6039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6037] close(3 [pid 6029] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] exit_group(0 [pid 6040] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6039] <... openat resumed>) = 3 [pid 6037] <... close resumed>) = 0 [pid 6029] <... futex resumed>) = ? [pid 6026] <... exit_group resumed>) = ? [pid 6039] write(3, "1000", 4 [pid 6037] mkdir("./bus", 0777 [pid 6029] +++ exited with 0 +++ [pid 6026] +++ exited with 0 +++ [pid 6039] <... write resumed>) = 4 [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6026, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6039] close(3 [pid 6037] <... mkdir resumed>) = 0 [pid 6039] <... close resumed>) = 0 [pid 6037] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6039] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5083] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6039] <... mmap resumed>) = 0x7f5659bc2000 [pid 5083] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6039] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5083] <... openat resumed>) = 3 [pid 6039] <... mprotect resumed>) = 0 [ 113.560242][ T75] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 113.588373][ T6037] loop1: detected capacity change from 0 to 2048 [ 113.610268][ T75] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5083] fstat(3, [pid 6039] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] getdents64(3, [pid 6039] <... clone resumed>, parent_tid=[6043], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6043 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6039] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6043 attached [pid 6041] <... write resumed>) = 1048576 [pid 6039] <... futex resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6043] set_robust_list(0x7f5659be29e0, 24 [pid 6041] munmap(0x7f56517c2000, 1048576 [pid 6039] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5083] lstat("./36/binderfs", [pid 6043] <... set_robust_list resumed>) = 0 [pid 6041] <... munmap resumed>) = 0 [pid 6040] <... write resumed>) = 1048576 [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5083] unlink("./36/binderfs") = 0 [pid 5083] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6040] munmap(0x7f56517c2000, 1048576) = 0 [pid 6040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6040] ioctl(4, LOOP_SET_FD, 3 [pid 6043] memfd_create("syzkaller", 0 [pid 6041] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6043] <... memfd_create resumed>) = 3 [pid 6041] <... openat resumed>) = 4 [pid 6043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6041] ioctl(4, LOOP_SET_FD, 3 [pid 6043] <... mmap resumed>) = 0x7f56517c2000 [pid 6041] <... ioctl resumed>) = 0 [ 113.658745][ T75] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [ 113.678195][ T6037] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/36/bus supports timestamps until 2038 (0x7fffffff) [ 113.687848][ T6040] loop0: detected capacity change from 0 to 2048 [ 113.696382][ T6041] loop4: detected capacity change from 0 to 2048 [pid 6043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6041] close(3 [pid 6040] <... ioctl resumed>) = 0 [pid 6037] <... mount resumed>) = 0 [pid 6041] <... close resumed>) = 0 [pid 6041] mkdir("./bus", 0777) = 0 [pid 6041] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6040] close(3 [pid 6037] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6040] <... close resumed>) = 0 [ 113.705240][ T9] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 113.706436][ T75] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 113.731976][ T75] EXT4-fs (loop3): This should not happen!! Data will be lost [ 113.731976][ T75] [ 113.742624][ T9] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6040] mkdir("./bus", 0777 [pid 6037] <... openat resumed>) = 3 [pid 6043] <... write resumed>) = 1048576 [pid 6043] munmap(0x7f56517c2000, 1048576) = 0 [pid 6040] <... mkdir resumed>) = 0 [pid 6037] chdir("./bus" [pid 6040] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6037] <... chdir resumed>) = 0 [pid 6037] ioctl(4, LOOP_CLR_FD) = 0 [pid 6037] close(4) = 0 [pid 6037] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6037] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6043] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6035] <... futex resumed>) = 0 [pid 6043] <... openat resumed>) = 4 [pid 6041] <... mount resumed>) = 0 [pid 6035] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6035] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6037] <... futex resumed>) = 0 [pid 6041] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6043] ioctl(4, LOOP_SET_FD, 3 [pid 6041] chdir("./bus" [pid 6037] chdir("./file0" [pid 6041] <... chdir resumed>) = 0 [pid 6041] ioctl(4, LOOP_CLR_FD [pid 6037] <... chdir resumed>) = 0 [pid 6037] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6035] <... futex resumed>) = 0 [pid 6037] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6035] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6035] <... futex resumed>) = 0 [pid 6037] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6035] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... ioctl resumed>) = 0 [ 113.745172][ T75] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 113.761049][ T6041] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/35/bus supports timestamps until 2038 (0x7fffffff) [ 113.780707][ T75] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 113.797353][ T6043] loop5: detected capacity change from 0 to 2048 [pid 6041] close(4) = 0 [pid 6037] <... openat resumed>) = 4 [pid 6041] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6036] <... futex resumed>) = 0 [pid 6041] chdir("./file0" [pid 6036] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] <... chdir resumed>) = 0 [pid 6036] <... futex resumed>) = 0 [pid 6041] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... futex resumed>) = 0 [pid 6036] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6041] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 113.809934][ T9] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [ 113.837272][ T6040] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/36/bus supports timestamps until 2038 (0x7fffffff) [pid 6036] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = 0 [pid 6037] <... futex resumed>) = 1 [pid 6036] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6035] <... futex resumed>) = 0 [pid 6037] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6035] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] <... openat resumed>) = 4 [pid 6041] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6036] <... futex resumed>) = 0 [pid 6041] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6036] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] <... write resumed>) = 262144 [pid 6036] <... futex resumed>) = 0 [pid 6036] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6035] <... futex resumed>) = 0 [pid 6041] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = 0 [pid 6036] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... futex resumed>) = 1 [pid 6041] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6041] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = 0 [pid 6036] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... futex resumed>) = 1 [pid 6041] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6035] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... open resumed>) = 5 [pid 6043] <... ioctl resumed>) = 0 [pid 6043] close(3) = 0 [pid 6043] mkdir("./bus", 0777) = 0 [pid 6041] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = 0 [pid 6036] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... futex resumed>) = 1 [pid 6041] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL) = 0 [pid 6041] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = 0 [pid 6036] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... futex resumed>) = 1 [pid 6041] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 6043] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6041] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = 0 [pid 6036] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... futex resumed>) = 1 [pid 6041] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6037] <... write resumed>) = 262144 [pid 6037] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6037] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6040] <... mount resumed>) = 0 [pid 6040] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6040] chdir("./bus") = 0 [pid 6040] ioctl(4, LOOP_CLR_FD) = 0 [ 113.856046][ T27] audit: type=1800 audit(1678856065.255:218): pid=6041 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop4" ino=19 res=0 errno=0 [ 113.863016][ T9] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 113.900472][ T9] EXT4-fs (loop2): This should not happen!! Data will be lost [ 113.900472][ T9] [pid 6040] close(4 [pid 6035] <... futex resumed>) = 0 [pid 6035] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... umount2 resumed>) = 0 [pid 6037] <... futex resumed>) = 0 [pid 6035] <... futex resumed>) = 1 [pid 6035] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6037] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6041] <... write resumed>) = 262144 [pid 6041] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = 0 [pid 6036] exit_group(0) = ? [pid 6041] <... futex resumed>) = ? [pid 6041] +++ exited with 0 +++ [pid 6036] +++ exited with 0 +++ [pid 6040] <... close resumed>) = 0 [pid 6040] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6038] <... futex resumed>) = 0 [pid 6038] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6038] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6040] <... futex resumed>) = 1 [pid 6037] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] chdir("./file0" [pid 6035] <... futex resumed>) = 0 [pid 6035] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6035] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6037] <... futex resumed>) = 1 [pid 6037] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6036, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6040] <... chdir resumed>) = 0 [pid 5085] umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6040] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 113.914915][ T9] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 113.930281][ T9] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 6040] <... futex resumed>) = 1 [pid 6038] <... futex resumed>) = 0 [pid 5084] lstat("./36/bus", [pid 6040] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6038] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6037] <... open resumed>) = 5 [pid 5085] <... openat resumed>) = 3 [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6038] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6037] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6037] <... futex resumed>) = 1 [pid 6035] <... futex resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6037] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 6035] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] <... mount resumed>) = 0 [pid 6035] <... futex resumed>) = 0 [pid 5084] openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6037] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6035] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... openat resumed>) = 4 [pid 6037] <... futex resumed>) = 0 [pid 6035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] fstat(4, [pid 6037] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6035] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6037] <... open resumed>) = 6 [pid 6035] <... futex resumed>) = 0 [pid 5084] getdents64(4, [pid 6037] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6035] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6037] <... futex resumed>) = 0 [pid 6035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] getdents64(4, [pid 6037] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6035] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6037] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6035] <... futex resumed>) = 0 [pid 5084] close(4 [pid 6037] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6035] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... close resumed>) = 0 [pid 5084] rmdir("./36/bus") = 0 [pid 5084] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5084] close(3 [pid 5085] fstat(3, [pid 5084] <... close resumed>) = 0 [pid 5084] rmdir("./36") = 0 [pid 5084] mkdir("./37", 0777 [pid 6043] <... mount resumed>) = 0 [pid 6040] <... openat resumed>) = 4 [pid 6037] <... write resumed>) = 262144 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] <... umount2 resumed>) = 0 [pid 6043] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6037] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] getdents64(3, [pid 6043] <... openat resumed>) = 3 [pid 6037] <... futex resumed>) = 1 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6043] chdir("./bus" [pid 6037] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6043] <... chdir resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6043] ioctl(4, LOOP_CLR_FD [pid 5085] lstat("./35/binderfs", [pid 6043] <... ioctl resumed>) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6043] close(4 [pid 5085] unlink("./35/binderfs" [pid 6043] <... close resumed>) = 0 [pid 6040] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6038] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6035] <... futex resumed>) = 0 [pid 5085] <... unlink resumed>) = 0 [pid 5084] <... mkdir resumed>) = 0 [pid 5083] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6043] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] <... futex resumed>) = 0 [pid 6038] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6035] exit_group(0 [pid 5085] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [ 113.954858][ T6043] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/37/bus supports timestamps until 2038 (0x7fffffff) [ 113.975928][ T27] audit: type=1800 audit(1678856065.375:219): pid=6037 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop1" ino=19 res=0 errno=0 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6043] <... futex resumed>) = 1 [pid 6040] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6039] <... futex resumed>) = 0 [pid 6038] <... futex resumed>) = 0 [pid 6037] <... futex resumed>) = ? [pid 6035] <... exit_group resumed>) = ? [pid 5084] <... openat resumed>) = 3 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6043] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6037] +++ exited with 0 +++ [pid 6039] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6038] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6043] <... futex resumed>) = 0 [pid 6039] <... futex resumed>) = 1 [pid 6035] +++ exited with 0 +++ [pid 6043] chdir("./file0" [pid 6039] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5083] lstat("./36/bus", [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6035, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6043] <... chdir resumed>) = 0 [pid 6040] <... write resumed>) = 262144 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6043] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] close(3 [pid 5083] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6043] <... futex resumed>) = 1 [pid 6039] <... futex resumed>) = 0 [pid 5082] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6043] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6039] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6039] <... futex resumed>) = 0 [pid 5082] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6043] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6039] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... openat resumed>) = 3 [pid 5082] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] unlink("./36/binderfs") = 0 [pid 5082] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6043] <... openat resumed>) = 4 [pid 6040] <... futex resumed>) = 1 [pid 6038] <... futex resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 114.036449][ T9] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 114.073962][ T9] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6040] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6038] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5083] openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6043] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6039] <... futex resumed>) = 0 [pid 6043] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6039] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... openat resumed>) = 4 [pid 6038] <... futex resumed>) = 0 [pid 5083] fstat(4, [pid 6040] <... mmap resumed>) = 0x20000000 [pid 6038] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6051 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] getdents64(4, [pid 6040] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6038] <... futex resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6040] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6038] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] getdents64(4, ./strace-static-x86_64: Process 6051 attached [pid 6043] <... write resumed>) = 262144 [pid 6040] <... open resumed>) = 5 [pid 6038] <... futex resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6043] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6038] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] close(4 [pid 6051] set_robust_list(0x555556f1a5e0, 24 [ 114.088328][ T75] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 114.113044][ T27] audit: type=1800 audit(1678856065.515:220): pid=6040 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop0" ino=19 res=0 errno=0 [pid 6043] <... futex resumed>) = 1 [pid 6040] <... futex resumed>) = 0 [pid 6038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] <... close resumed>) = 0 [pid 6051] <... set_robust_list resumed>) = 0 [pid 6039] <... futex resumed>) = 0 [pid 6051] chdir("./37" [pid 6039] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6051] <... chdir resumed>) = 0 [pid 6039] <... futex resumed>) = 0 [pid 6051] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6039] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6051] <... prctl resumed>) = 0 [pid 6051] setpgid(0, 0) = 0 [pid 6051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6051] write(3, "1000", 4) = 4 [pid 6051] close(3) = 0 [pid 6051] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6051] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6051] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6051] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6052], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6052 [pid 6051] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6052 attached [pid 6052] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6052] memfd_create("syzkaller", 0) = 3 [pid 6052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6043] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6040] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6038] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] rmdir("./36/bus" [pid 6043] <... mmap resumed>) = 0x20000000 [pid 6040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6038] <... futex resumed>) = 0 [pid 6038] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... rmdir resumed>) = 0 [pid 6043] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 5083] getdents64(3, [pid 6043] <... futex resumed>) = 1 [pid 6039] <... futex resumed>) = 0 [pid 6039] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] <... mount resumed>) = 0 [pid 6043] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6040] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] <... futex resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6039] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6043] <... open resumed>) = 5 [pid 6040] <... futex resumed>) = 1 [pid 6038] <... futex resumed>) = 0 [pid 5083] close(3 [pid 6043] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6043] <... futex resumed>) = 1 [pid 6039] <... futex resumed>) = 0 [pid 6038] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... close resumed>) = 0 [pid 6043] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6039] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6038] <... futex resumed>) = 0 [pid 6039] <... futex resumed>) = 0 [pid 6038] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6039] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 114.135241][ T9] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [ 114.146997][ T75] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 114.167061][ T27] audit: type=1800 audit(1678856065.565:221): pid=6043 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop5" ino=19 res=0 errno=0 [pid 6052] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6040] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5083] rmdir("./36" [pid 6043] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 6040] <... open resumed>) = 6 [pid 5083] <... rmdir resumed>) = 0 [pid 6043] <... mount resumed>) = 0 [pid 6040] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6043] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] <... futex resumed>) = 1 [pid 6038] <... futex resumed>) = 0 [pid 5083] mkdir("./37", 0777 [pid 6038] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6038] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] <... write resumed>) = 1048576 [pid 6052] munmap(0x7f56517c2000, 1048576) = 0 [pid 6052] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6052] ioctl(4, LOOP_SET_FD, 3 [pid 6043] <... futex resumed>) = 1 [pid 6040] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5083] <... mkdir resumed>) = 0 [ 114.188654][ T75] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [ 114.203182][ T9] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 114.211497][ T6052] loop3: detected capacity change from 0 to 2048 [ 114.217624][ T9] EXT4-fs (loop4): This should not happen!! Data will be lost [ 114.217624][ T9] [pid 6043] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6039] <... futex resumed>) = 0 [pid 6039] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] <... ioctl resumed>) = 0 [pid 6052] close(3) = 0 [pid 6052] mkdir("./bus", 0777 [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6052] <... mkdir resumed>) = 0 [pid 6052] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5083] <... openat resumed>) = 3 [pid 6043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] ioctl(3, LOOP_CLR_FD [pid 6043] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6043] <... open resumed>) = 6 [ 114.238914][ T75] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 114.254197][ T75] EXT4-fs (loop1): This should not happen!! Data will be lost [ 114.254197][ T75] [ 114.256900][ T9] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 6040] <... write resumed>) = 262144 [pid 5083] close(3 [pid 6043] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6038] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6043] <... futex resumed>) = 1 [pid 6040] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] <... futex resumed>) = 0 [pid 5083] <... close resumed>) = 0 [pid 6039] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6043] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6040] <... futex resumed>) = 0 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6040] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6038] exit_group(0 [pid 6040] <... futex resumed>) = ? [pid 6038] <... exit_group resumed>) = ? [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6055 [pid 6040] +++ exited with 0 +++ [pid 6038] +++ exited with 0 +++ [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6038, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5081] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5081] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5081] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 114.265541][ T75] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 114.280872][ T9] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 6039] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5081] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6043] <... write resumed>) = 262144 [pid 5085] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 6055 attached [pid 6055] set_robust_list(0x555556f1a5e0, 24 [pid 6043] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] lstat("./36/binderfs", [pid 6055] <... set_robust_list resumed>) = 0 [pid 6039] exit_group(0 [pid 6055] chdir("./37" [pid 6043] <... futex resumed>) = ? [pid 6039] <... exit_group resumed>) = ? [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6055] <... chdir resumed>) = 0 [pid 6043] +++ exited with 0 +++ [pid 6039] +++ exited with 0 +++ [pid 5081] unlink("./36/binderfs" [pid 6055] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6039, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6055] <... prctl resumed>) = 0 [pid 6055] setpgid(0, 0 [pid 5081] <... unlink resumed>) = 0 [pid 6055] <... setpgid resumed>) = 0 [ 114.335556][ T6052] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/37/bus supports timestamps until 2038 (0x7fffffff) [ 114.339913][ T75] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5086] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6055] <... openat resumed>) = 3 [pid 5086] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6055] write(3, "1000", 4 [pid 5086] <... openat resumed>) = 3 [pid 6055] <... write resumed>) = 4 [pid 5086] fstat(3, [pid 6055] close(3 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6055] <... close resumed>) = 0 [pid 5086] getdents64(3, [pid 6055] symlink("/dev/binderfs", "./binderfs" [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6055] <... symlink resumed>) = 0 [pid 5086] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6055] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6055] <... futex resumed>) = 0 [pid 5086] lstat("./37/binderfs", [pid 6055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6055] <... mmap resumed>) = 0x7f5659bc2000 [pid 5086] unlink("./37/binderfs" [pid 6055] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5086] <... unlink resumed>) = 0 [pid 5085] lstat("./35/bus", [pid 6055] <... mprotect resumed>) = 0 [pid 5086] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6055] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6055] <... clone resumed>, parent_tid=[6056], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6056 [pid 5085] umount2("./35/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6055] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] <... mount resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6055] <... futex resumed>) = 0 [pid 6052] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5085] openat(AT_FDCWD, "./35/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6055] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6052] <... openat resumed>) = 3 [pid 5085] <... openat resumed>) = 4 [pid 6052] chdir("./bus" [pid 5085] fstat(4, ./strace-static-x86_64: Process 6056 attached [pid 6052] <... chdir resumed>) = 0 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6056] set_robust_list(0x7f5659be29e0, 24 [pid 6052] ioctl(4, LOOP_CLR_FD [pid 5085] getdents64(4, [pid 6056] <... set_robust_list resumed>) = 0 [pid 6052] <... ioctl resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6056] memfd_create("syzkaller", 0 [pid 6052] close(4 [pid 5085] getdents64(4, [pid 6056] <... memfd_create resumed>) = 3 [pid 6052] <... close resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [ 114.378625][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 114.394745][ T948] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 6052] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] close(4 [pid 6056] <... mmap resumed>) = 0x7f56517c2000 [pid 6052] <... futex resumed>) = 1 [pid 6051] <... futex resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 6056] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6052] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] rmdir("./35/bus" [pid 6052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6051] <... futex resumed>) = 0 [pid 5085] <... rmdir resumed>) = 0 [pid 6052] chdir("./file0" [pid 6051] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] getdents64(3, [pid 6052] <... chdir resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6052] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] close(3 [pid 6052] <... futex resumed>) = 1 [pid 6051] <... futex resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 6052] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] rmdir("./35" [pid 6052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6051] <... futex resumed>) = 0 [pid 5085] <... rmdir resumed>) = 0 [pid 6052] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6051] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] mkdir("./36", 0777 [pid 6052] <... openat resumed>) = 4 [pid 5085] <... mkdir resumed>) = 0 [pid 6052] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6052] <... futex resumed>) = 1 [pid 6051] <... futex resumed>) = 0 [pid 5085] <... openat resumed>) = 3 [pid 6052] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] ioctl(3, LOOP_CLR_FD [pid 6052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6051] <... futex resumed>) = 0 [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6052] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6051] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] close(3 [pid 6056] <... write resumed>) = 1048576 [ 114.420413][ T9] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 114.445487][ T948] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 114.459910][ T9] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [pid 6056] munmap(0x7f56517c2000, 1048576) = 0 [pid 5085] <... close resumed>) = 0 [pid 6056] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6052] <... write resumed>) = 262144 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6056] <... openat resumed>) = 4 [ 114.489605][ T9] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 114.505258][ T948] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [ 114.523506][ T9] EXT4-fs (loop0): This should not happen!! Data will be lost [ 114.523506][ T9] [pid 6056] ioctl(4, LOOP_SET_FD, 3 [pid 6052] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6051] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6052] <... futex resumed>) = 0 [pid 6051] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6057 [pid 6052] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6051] <... futex resumed>) = 0 [pid 6052] <... mmap resumed>) = 0x20000000 [pid 6052] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6051] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] <... futex resumed>) = 0 [pid 6051] <... futex resumed>) = 1 [pid 6052] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6051] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6056] <... ioctl resumed>) = 0 [pid 6056] close(3) = 0 [pid 6056] mkdir("./bus", 0777./strace-static-x86_64: Process 6057 attached ) = 0 [pid 6057] set_robust_list(0x555556f1a5e0, 24 [pid 6056] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6057] <... set_robust_list resumed>) = 0 [pid 6057] chdir("./36") = 0 [pid 6057] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6057] setpgid(0, 0) = 0 [pid 6057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6052] <... open resumed>) = 5 [pid 6057] <... openat resumed>) = 3 [pid 6052] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... umount2 resumed>) = 0 [pid 6057] write(3, "1000", 4 [pid 6052] <... futex resumed>) = 1 [pid 6051] <... futex resumed>) = 0 [pid 6057] <... write resumed>) = 4 [pid 6052] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6057] close(3 [pid 6052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6051] <... futex resumed>) = 0 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6057] <... close resumed>) = 0 [pid 6052] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 6051] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] lstat("./36/bus", [pid 6057] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6052] <... mount resumed>) = 0 [pid 5082] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6057] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6057] <... futex resumed>) = 0 [pid 6052] <... futex resumed>) = 1 [pid 6051] <... futex resumed>) = 0 [ 114.530856][ T948] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 114.548086][ T6056] loop2: detected capacity change from 0 to 2048 [ 114.559947][ T27] audit: type=1800 audit(1678856065.965:222): pid=6052 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop3" ino=19 res=0 errno=0 [pid 6057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6052] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6057] <... mmap resumed>) = 0x7f5659bc2000 [pid 6057] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6057] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6058], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6058 [pid 6057] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6057] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6058 attached [pid 6058] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6058] memfd_create("syzkaller", 0) = 3 [pid 6058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6051] <... futex resumed>) = 0 [pid 5082] openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6058] <... mmap resumed>) = 0x7f56517c2000 [pid 6052] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [ 114.597693][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 114.612917][ T948] EXT4-fs (loop5): This should not happen!! Data will be lost [ 114.612917][ T948] [ 114.613161][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 114.625212][ T948] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 6051] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... openat resumed>) = 4 [pid 6058] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6052] <... open resumed>) = 6 [pid 5082] fstat(4, [pid 6052] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6052] <... futex resumed>) = 1 [pid 6051] <... futex resumed>) = 0 [pid 5082] getdents64(4, [pid 6052] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6051] <... futex resumed>) = 0 [pid 5082] getdents64(4, [pid 6052] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6051] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] close(4) = 0 [pid 5082] rmdir("./36/bus") = 0 [pid 5082] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] close(3) = 0 [pid 5082] rmdir("./36") = 0 [pid 5082] mkdir("./37", 0777) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5082] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5082] close(3) = 0 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 6061 [pid 6052] <... write resumed>) = 262144 [pid 6052] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6051] <... futex resumed>) = 0 [pid 6052] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] exit_group(0 [pid 6052] <... futex resumed>) = ? [pid 6051] <... exit_group resumed>) = ? [pid 6052] +++ exited with 0 +++ [pid 6051] +++ exited with 0 +++ [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6051, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5084] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5084] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5084] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] lstat("./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5084] unlink("./37/binderfs") = 0 [ 114.651473][ T948] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 114.681558][ T6056] ext4 filesystem being mounted at /root/syzkaller.22hR0w/37/bus supports timestamps until 2038 (0x7fffffff) [pid 5084] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6061 attached [pid 6061] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 6061] chdir("./37") = 0 [pid 6061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6061] setpgid(0, 0) = 0 [pid 6061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6061] write(3, "1000", 4) = 4 [pid 6061] close(3) = 0 [pid 6061] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6061] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6058] <... write resumed>) = 1048576 [pid 6061] <... mmap resumed>) = 0x7f5659bc2000 [pid 6061] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6058] munmap(0x7f56517c2000, 1048576 [pid 6061] <... mprotect resumed>) = 0 [pid 5081] <... umount2 resumed>) = 0 [pid 6061] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6058] <... munmap resumed>) = 0 [pid 6061] <... clone resumed>, parent_tid=[6062], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6062 [pid 6061] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6061] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6056] <... mount resumed>) = 0 [pid 5081] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6058] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6058] <... openat resumed>) = 4 [pid 5086] <... umount2 resumed>) = 0 [pid 5081] lstat("./36/bus", [pid 6058] ioctl(4, LOOP_SET_FD, 3 [pid 5086] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [ 114.737655][ T9] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6056] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6056] chdir("./bus") = 0 [pid 6056] ioctl(4, LOOP_CLR_FD) = 0 [pid 6056] close(4 [pid 6058] <... ioctl resumed>) = 0 [pid 5081] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6056] <... close resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6056] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6055] <... futex resumed>) = 0 [pid 6056] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6055] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6056] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6055] <... futex resumed>) = 0 [pid 6056] chdir("./file0" [pid 6055] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6062 attached [pid 6062] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6056] <... chdir resumed>) = 0 [pid 6058] close(3 [pid 6056] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] lstat("./37/bus", [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6062] memfd_create("syzkaller", 0 [pid 6058] <... close resumed>) = 0 [pid 6056] <... futex resumed>) = 1 [pid 6055] <... futex resumed>) = 0 [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6062] <... memfd_create resumed>) = 3 [pid 6058] mkdir("./bus", 0777 [pid 6056] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6055] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6056] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6055] <... futex resumed>) = 0 [pid 6056] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6055] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6062] <... mmap resumed>) = 0x7f56517c2000 [pid 6062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6058] <... mkdir resumed>) = 0 [pid 6056] <... openat resumed>) = 4 [pid 5086] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... openat resumed>) = 4 [pid 6056] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] fstat(4, [pid 6056] <... futex resumed>) = 1 [pid 6055] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6058] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6056] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6055] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5081] getdents64(4, [pid 6056] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6055] <... futex resumed>) = 0 [pid 5086] <... openat resumed>) = 4 [pid 6056] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6055] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] fstat(4, [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5081] getdents64(4, [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, [pid 5081] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5081] close(4 [pid 5086] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5081] <... close resumed>) = 0 [pid 5086] close(4 [pid 5081] rmdir("./36/bus" [pid 5086] <... close resumed>) = 0 [pid 5086] rmdir("./37/bus" [pid 5081] <... rmdir resumed>) = 0 [pid 5081] getdents64(3, [pid 5086] <... rmdir resumed>) = 0 [ 114.791697][ T6058] loop4: detected capacity change from 0 to 2048 [ 114.798487][ T9] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6062] <... write resumed>) = 1048576 [pid 5086] getdents64(3, [pid 5081] close(3 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5086] close(3 [pid 5081] <... close resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5081] rmdir("./36" [pid 6056] <... write resumed>) = 262144 [pid 5086] rmdir("./37" [pid 5081] <... rmdir resumed>) = 0 [pid 5086] <... rmdir resumed>) = 0 [pid 6062] munmap(0x7f56517c2000, 1048576 [pid 5086] mkdir("./38", 0777 [pid 6062] <... munmap resumed>) = 0 [pid 6062] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6062] ioctl(4, LOOP_SET_FD, 3 [pid 6056] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... mkdir resumed>) = 0 [pid 5081] mkdir("./37", 0777 [pid 6062] <... ioctl resumed>) = 0 [pid 6062] close(3) = 0 [pid 6062] mkdir("./bus", 0777) = 0 [pid 6062] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5081] <... mkdir resumed>) = 0 [pid 6055] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6055] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... openat resumed>) = 3 [pid 6055] <... futex resumed>) = 0 [pid 5086] ioctl(3, LOOP_CLR_FD [pid 6055] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5086] close(3 [pid 6058] <... mount resumed>) = 0 [pid 6056] <... futex resumed>) = 1 [pid 6055] <... futex resumed>) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6058] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6056] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6055] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=48000000} [pid 5086] <... close resumed>) = 0 [pid 5081] <... openat resumed>) = 3 [pid 6058] <... openat resumed>) = 3 [pid 6056] <... mmap resumed>) = 0x20000000 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6058] chdir("./bus" [pid 5081] ioctl(3, LOOP_CLR_FD [pid 6058] <... chdir resumed>) = 0 [pid 6056] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [ 114.864615][ T6058] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/36/bus supports timestamps until 2038 (0x7fffffff) [ 114.871502][ T6062] loop1: detected capacity change from 0 to 2048 [ 114.877521][ T9] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [pid 6058] ioctl(4, LOOP_CLR_FD [pid 5081] close(3 [pid 6058] <... ioctl resumed>) = 0 [pid 5081] <... close resumed>) = 0 [pid 6058] close(4 [pid 6056] <... futex resumed>) = 1 [pid 6055] <... futex resumed>) = 0 [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6065 [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6058] <... close resumed>) = 0 [pid 6056] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6055] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6058] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6056] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6055] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6065 attached [pid 6058] <... futex resumed>) = 1 [pid 6057] <... futex resumed>) = 0 [pid 6056] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6055] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6067 [pid 6065] set_robust_list(0x555556f1a5e0, 24 [pid 6058] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6057] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6056] <... open resumed>) = 5 [ 114.903207][ T9] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 114.930421][ T27] audit: type=1800 audit(1678856066.335:223): pid=6056 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop2" ino=19 res=0 errno=0 [ 114.936492][ T6062] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/37/bus supports timestamps until 2038 (0x7fffffff) [pid 6065] <... set_robust_list resumed>) = 0 [pid 6058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6057] <... futex resumed>) = 0 [pid 6056] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6067 attached [pid 6065] chdir("./38" [pid 6058] chdir("./file0" [pid 6057] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6056] <... futex resumed>) = 1 [pid 6055] <... futex resumed>) = 0 [pid 6067] set_robust_list(0x555556f1a5e0, 24 [pid 6065] <... chdir resumed>) = 0 [pid 6058] <... chdir resumed>) = 0 [pid 6056] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6055] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] <... set_robust_list resumed>) = 0 [pid 6065] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6058] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6056] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6055] <... futex resumed>) = 0 [pid 6067] chdir("./37" [pid 6065] <... prctl resumed>) = 0 [pid 6058] <... futex resumed>) = 1 [pid 6057] <... futex resumed>) = 0 [pid 6056] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 6055] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6067] <... chdir resumed>) = 0 [pid 6065] setpgid(0, 0 [pid 6058] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6057] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6056] <... mount resumed>) = 0 [pid 6067] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6065] <... setpgid resumed>) = 0 [pid 6058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6057] <... futex resumed>) = 0 [pid 6056] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] <... prctl resumed>) = 0 [pid 6065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6058] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6057] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6056] <... futex resumed>) = 1 [pid 6055] <... futex resumed>) = 0 [pid 6067] setpgid(0, 0 [pid 6065] <... openat resumed>) = 3 [pid 6056] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6055] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] <... setpgid resumed>) = 0 [pid 6065] write(3, "1000", 4 [pid 6056] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6055] <... futex resumed>) = 0 [pid 6067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6065] <... write resumed>) = 4 [pid 6056] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6055] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6067] <... openat resumed>) = 3 [pid 6065] close(3 [pid 6062] <... mount resumed>) = 0 [pid 6058] <... openat resumed>) = 4 [pid 6056] <... open resumed>) = 6 [pid 6067] write(3, "1000", 4 [pid 6065] <... close resumed>) = 0 [pid 6058] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6056] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] <... write resumed>) = 4 [pid 6065] symlink("/dev/binderfs", "./binderfs" [pid 6058] <... futex resumed>) = 1 [pid 6057] <... futex resumed>) = 0 [pid 6056] <... futex resumed>) = 1 [pid 6055] <... futex resumed>) = 0 [pid 6065] <... symlink resumed>) = 0 [pid 6056] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6055] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6065] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6056] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6055] <... futex resumed>) = 0 [pid 6067] close(3 [pid 6065] <... futex resumed>) = 0 [pid 6058] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6057] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6056] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6055] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6067] <... close resumed>) = 0 [pid 6065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6062] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6057] <... futex resumed>) = 0 [pid 6067] symlink("/dev/binderfs", "./binderfs" [pid 6065] <... mmap resumed>) = 0x7f5659bc2000 [pid 6062] <... openat resumed>) = 3 [pid 6057] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6056] <... write resumed>) = 262144 [pid 6067] <... symlink resumed>) = 0 [pid 6065] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6062] chdir("./bus" [pid 6056] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6065] <... mprotect resumed>) = 0 [pid 6062] <... chdir resumed>) = 0 [pid 6056] <... futex resumed>) = 1 [pid 6055] <... futex resumed>) = 0 [pid 6067] <... futex resumed>) = 0 [pid 6065] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6062] ioctl(4, LOOP_CLR_FD [pid 6056] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6055] exit_group(0 [pid 6067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6062] <... ioctl resumed>) = 0 [pid 6056] <... futex resumed>) = ? [pid 6055] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 6069 attached [ 114.950762][ T9] EXT4-fs (loop3): This should not happen!! Data will be lost [ 114.950762][ T9] [ 114.974828][ T9] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 114.989781][ T9] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 6067] <... mmap resumed>) = 0x7f5659bc2000 [pid 6065] <... clone resumed>, parent_tid=[6069], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6069 [pid 6062] close(4 [pid 6058] <... write resumed>) = 262144 [pid 6056] +++ exited with 0 +++ [pid 5084] <... umount2 resumed>) = 0 [pid 6067] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6062] <... close resumed>) = 0 [pid 6067] <... mprotect resumed>) = 0 [pid 6062] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6065] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] <... futex resumed>) = 1 [pid 6061] <... futex resumed>) = 0 [pid 6055] +++ exited with 0 +++ [pid 6065] <... futex resumed>) = 0 [pid 6062] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6061] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] set_robust_list(0x7f5659be29e0, 24 [pid 6067] <... clone resumed>, parent_tid=[6070], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6070 [pid 6065] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6061] <... futex resumed>) = 0 [pid 6058] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6055, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6067] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] chdir("./file0" [pid 6061] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] restart_syscall(<... resuming interrupted clone ...> [pid 6069] <... set_robust_list resumed>) = 0 [pid 6067] <... futex resumed>) = 0 [pid 6062] <... chdir resumed>) = 0 [pid 6058] <... futex resumed>) = 1 [pid 6057] <... futex resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] <... restart_syscall resumed>) = 0 ./strace-static-x86_64: Process 6070 attached [pid 6069] memfd_create("syzkaller", 0 [pid 6067] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6062] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6058] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6057] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] lstat("./37/bus", [pid 6070] set_robust_list(0x7f5659be29e0, 24 [pid 6069] <... memfd_create resumed>) = 3 [pid 6062] <... futex resumed>) = 1 [pid 6061] <... futex resumed>) = 0 [pid 6057] <... futex resumed>) = 0 [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6070] <... set_robust_list resumed>) = 0 [pid 6062] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6061] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6057] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6070] memfd_create("syzkaller", 0 [pid 6069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6061] <... futex resumed>) = 0 [pid 6058] <... mmap resumed>) = 0x20000000 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6070] <... memfd_create resumed>) = 3 [pid 6069] <... mmap resumed>) = 0x7f56517c2000 [pid 6062] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6061] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6058] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6062] <... openat resumed>) = 4 [pid 6058] <... futex resumed>) = 1 [pid 6057] <... futex resumed>) = 0 [pid 5084] <... openat resumed>) = 4 [pid 5083] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6070] <... mmap resumed>) = 0x7f56517c2000 [pid 6062] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6058] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6057] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] fstat(4, [pid 5083] <... openat resumed>) = 3 [pid 6070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6062] <... futex resumed>) = 1 [pid 6061] <... futex resumed>) = 0 [pid 6057] <... futex resumed>) = 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] fstat(3, [pid 6062] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6061] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6057] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] getdents64(4, [pid 6062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6061] <... futex resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6058] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6062] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6061] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] getdents64(4, [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6058] <... open resumed>) = 5 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6058] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] close(4 [pid 5083] getdents64(3, [pid 6058] <... futex resumed>) = 1 [pid 6057] <... futex resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 6069] <... write resumed>) = 1048576 [pid 6058] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 6057] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] rmdir("./37/bus" [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6058] <... mount resumed>) = 0 [pid 6057] <... futex resumed>) = 0 [pid 5084] <... rmdir resumed>) = 0 [pid 6058] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6057] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] getdents64(3, [pid 5083] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6058] <... futex resumed>) = 0 [pid 6057] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6070] <... write resumed>) = 1048576 [pid 6062] <... write resumed>) = 262144 [pid 6058] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6057] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] close(3 [pid 6062] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... close resumed>) = 0 [pid 5083] lstat("./37/binderfs", [pid 6058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6057] <... futex resumed>) = 0 [pid 6062] <... futex resumed>) = 1 [pid 6061] <... futex resumed>) = 0 [ 115.099583][ T27] audit: type=1800 audit(1678856066.495:224): pid=6058 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop4" ino=19 res=0 errno=0 [pid 5084] rmdir("./37" [pid 6062] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6061] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6058] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6057] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... rmdir resumed>) = 0 [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6062] <... mmap resumed>) = 0x20000000 [pid 6061] <... futex resumed>) = 0 [pid 6058] <... open resumed>) = 6 [pid 5084] mkdir("./38", 0777 [pid 5083] unlink("./37/binderfs" [pid 6062] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6061] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6058] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... mkdir resumed>) = 0 [pid 6062] <... futex resumed>) = 0 [pid 6061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6058] <... futex resumed>) = 1 [pid 6057] <... futex resumed>) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5083] <... unlink resumed>) = 0 [pid 6062] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6061] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6058] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6057] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... openat resumed>) = 3 [pid 5083] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6070] munmap(0x7f56517c2000, 1048576 [pid 6062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6061] <... futex resumed>) = 0 [pid 5084] ioctl(3, LOOP_CLR_FD [pid 6070] <... munmap resumed>) = 0 [pid 6062] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6061] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6057] <... futex resumed>) = 0 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6070] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6069] munmap(0x7f56517c2000, 1048576 [pid 6062] <... open resumed>) = 5 [pid 5084] close(3 [pid 6070] <... openat resumed>) = 4 [pid 6069] <... munmap resumed>) = 0 [pid 6062] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... close resumed>) = 0 [pid 6070] ioctl(4, LOOP_SET_FD, 3 [pid 6069] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6062] <... futex resumed>) = 1 [pid 6061] <... futex resumed>) = 0 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6069] <... openat resumed>) = 4 [pid 6062] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6061] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6058] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6057] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6069] ioctl(4, LOOP_SET_FD, 3 [pid 6062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6061] <... futex resumed>) = 0 [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6071 [ 115.172178][ T46] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 115.177262][ T6070] loop0: detected capacity change from 0 to 2048 [ 115.195791][ T6069] loop5: detected capacity change from 0 to 2048 [pid 6062] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 6061] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6062] <... mount resumed>) = 0 [pid 6062] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6061] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6071 attached [pid 6062] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6061] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] set_robust_list(0x555556f1a5e0, 24 [pid 6062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6061] <... futex resumed>) = 0 [pid 6071] <... set_robust_list resumed>) = 0 [pid 6062] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6061] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6071] chdir("./38" [pid 6062] <... open resumed>) = 6 [pid 6071] <... chdir resumed>) = 0 [pid 6062] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6062] <... futex resumed>) = 1 [pid 6061] <... futex resumed>) = 0 [pid 6071] <... prctl resumed>) = 0 [pid 6062] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6061] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] setpgid(0, 0 [pid 6062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6061] <... futex resumed>) = 0 [pid 6071] <... setpgid resumed>) = 0 [pid 6062] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6061] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6069] <... ioctl resumed>) = 0 [pid 6071] write(3, "1000", 4 [pid 6069] close(3 [pid 6058] <... write resumed>) = 262144 [pid 6071] <... write resumed>) = 4 [pid 6069] <... close resumed>) = 0 [pid 6071] close(3 [pid 6069] mkdir("./bus", 0777 [pid 6058] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] <... close resumed>) = 0 [pid 6069] <... mkdir resumed>) = 0 [pid 6062] <... write resumed>) = 262144 [pid 6058] <... futex resumed>) = 1 [pid 6057] <... futex resumed>) = 0 [pid 6071] symlink("/dev/binderfs", "./binderfs" [pid 6069] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6058] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6057] exit_group(0 [pid 6062] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] <... symlink resumed>) = 0 [pid 6062] <... futex resumed>) = 1 [pid 6061] <... futex resumed>) = 0 [pid 6058] <... futex resumed>) = ? [pid 6057] <... exit_group resumed>) = ? [pid 6071] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6061] exit_group(0 [pid 6071] <... futex resumed>) = 0 [pid 6062] <... futex resumed>) = ? [pid 6061] <... exit_group resumed>) = ? [pid 6058] +++ exited with 0 +++ [pid 6057] +++ exited with 0 +++ [pid 6071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6057, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6071] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5085] umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6071] <... mprotect resumed>) = 0 [pid 6070] <... ioctl resumed>) = 0 [pid 6062] +++ exited with 0 +++ [pid 6061] +++ exited with 0 +++ [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6071] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6070] close(3 [pid 5085] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6070] <... close resumed>) = 0 [pid 5085] <... openat resumed>) = 3 [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6061, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6071] <... clone resumed>, parent_tid=[6074], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6074 [ 115.205856][ T27] audit: type=1800 audit(1678856066.575:225): pid=6062 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop1" ino=19 res=0 errno=0 [ 115.241330][ T46] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6070] mkdir("./bus", 0777 [pid 5085] fstat(3, [pid 5082] restart_syscall(<... resuming interrupted clone ...> [pid 6071] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] <... mkdir resumed>) = 0 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... restart_syscall resumed>) = 0 [pid 6071] <... futex resumed>) = 0 [pid 6070] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5085] getdents64(3, ./strace-static-x86_64: Process 6074 attached [pid 6071] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6074] set_robust_list(0x7f5659be29e0, 24 [pid 5085] umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6074] <... set_robust_list resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6074] memfd_create("syzkaller", 0 [pid 5085] lstat("./36/binderfs", [pid 5082] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6074] <... memfd_create resumed>) = 3 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] <... openat resumed>) = 3 [pid 6074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5085] unlink("./36/binderfs" [pid 5082] fstat(3, [pid 6074] <... mmap resumed>) = 0x7f56517c2000 [pid 5085] <... unlink resumed>) = 0 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6074] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6069] <... mount resumed>) = 0 [pid 5085] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] getdents64(3, [pid 6069] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6069] <... openat resumed>) = 3 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./37/binderfs", [pid 6069] chdir("./bus" [pid 5082] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 115.271616][ T46] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:3: mark_inode_dirty error [ 115.284690][ T6069] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/38/bus supports timestamps until 2038 (0x7fffffff) [ 115.291828][ T46] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 115.311125][ T46] EXT4-fs (loop2): This should not happen!! Data will be lost [ 115.311125][ T46] [pid 5082] unlink("./37/binderfs" [pid 6069] <... chdir resumed>) = 0 [pid 5082] <... unlink resumed>) = 0 [pid 5082] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6069] ioctl(4, LOOP_CLR_FD [pid 6074] <... write resumed>) = 1048576 [pid 6074] munmap(0x7f56517c2000, 1048576) = 0 [pid 6074] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6074] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6074] close(3) = 0 [pid 6074] mkdir("./bus", 0777) = 0 [ 115.327432][ T46] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 115.341357][ T9] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 115.351732][ T6074] loop3: detected capacity change from 0 to 2048 [ 115.361591][ T948] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 6074] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6069] <... ioctl resumed>) = 0 [pid 6069] close(4) = 0 [ 115.371913][ T46] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 115.389245][ T9] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 115.399045][ T948] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 115.410110][ T9] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [pid 6069] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6065] <... futex resumed>) = 0 [pid 6069] chdir("./file0" [pid 6065] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] <... chdir resumed>) = 0 [pid 6065] <... futex resumed>) = 0 [pid 6069] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6065] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6065] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] <... futex resumed>) = 0 [pid 6065] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6069] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6069] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6065] <... futex resumed>) = 0 [pid 6069] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6065] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [ 115.412751][ T6074] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/38/bus supports timestamps until 2038 (0x7fffffff) [ 115.422531][ T948] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [ 115.435638][ T6070] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/37/bus supports timestamps until 2038 (0x7fffffff) [ 115.445522][ T9] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 115.469420][ T9] EXT4-fs (loop4): This should not happen!! Data will be lost [pid 6069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6065] <... futex resumed>) = 0 [pid 6069] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 115.469420][ T9] [ 115.480673][ T9] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 115.493508][ T948] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 115.507796][ T9] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 115.514719][ T948] EXT4-fs (loop1): This should not happen!! Data will be lost [pid 6065] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6074] <... mount resumed>) = 0 [pid 6070] <... mount resumed>) = 0 [pid 6069] <... write resumed>) = 262144 [pid 6074] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6070] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6069] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6074] <... openat resumed>) = 3 [pid 6070] <... openat resumed>) = 3 [pid 6069] <... futex resumed>) = 1 [pid 6074] chdir("./bus" [pid 6070] chdir("./bus" [pid 6069] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6074] <... chdir resumed>) = 0 [pid 6070] <... chdir resumed>) = 0 [pid 6074] ioctl(4, LOOP_CLR_FD [pid 6070] ioctl(4, LOOP_CLR_FD [pid 6074] <... ioctl resumed>) = 0 [pid 6070] <... ioctl resumed>) = 0 [pid 6074] close(4 [pid 6070] close(4 [pid 6074] <... close resumed>) = 0 [pid 6070] <... close resumed>) = 0 [pid 6074] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6074] <... futex resumed>) = 1 [pid 6071] <... futex resumed>) = 0 [pid 6070] <... futex resumed>) = 1 [pid 6074] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6071] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6067] <... futex resumed>) = 0 [pid 6065] <... futex resumed>) = 0 [pid 6074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6074] chdir("./file0") = 0 [pid 6074] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6074] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6067] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6065] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6074] <... futex resumed>) = 0 [pid 6071] <... futex resumed>) = 1 [pid 6070] <... futex resumed>) = 0 [pid 6069] <... futex resumed>) = 0 [pid 6067] <... futex resumed>) = 1 [pid 6065] <... futex resumed>) = 1 [pid 6069] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6065] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6074] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6071] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] chdir("./file0" [pid 6069] <... mmap resumed>) = 0x20000000 [pid 6067] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6069] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6070] <... chdir resumed>) = 0 [pid 6069] <... futex resumed>) = 1 [pid 6065] <... futex resumed>) = 0 [pid 5085] <... umount2 resumed>) = 0 [pid 6069] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6065] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6065] <... futex resumed>) = 0 [pid 6069] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6065] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6071] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] <... open resumed>) = 5 [pid 5083] <... umount2 resumed>) = 0 [pid 6069] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6065] <... futex resumed>) = 0 [pid 6069] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6065] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6065] <... futex resumed>) = 0 [pid 6069] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 6065] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6069] <... mount resumed>) = 0 [pid 6069] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6065] <... futex resumed>) = 0 [pid 6069] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6065] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6065] <... futex resumed>) = 0 [pid 6069] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6065] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6069] <... open resumed>) = 6 [pid 5085] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6069] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6069] <... futex resumed>) = 1 [pid 6065] <... futex resumed>) = 0 [pid 5085] lstat("./36/bus", [pid 6069] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 115.514719][ T948] [ 115.540611][ T948] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 115.553981][ T27] audit: type=1800 audit(1678856066.945:226): pid=6069 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop5" ino=19 res=0 errno=0 [pid 6065] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6074] <... futex resumed>) = 0 [pid 6071] <... futex resumed>) = 1 [pid 6070] <... futex resumed>) = 1 [pid 6069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6067] <... futex resumed>) = 0 [pid 6065] <... futex resumed>) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6071] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6069] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6065] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] umount2("./36/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6074] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6070] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6067] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] openat(AT_FDCWD, "./36/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] fstat(4, [pid 6070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6069] <... write resumed>) = 262144 [pid 6067] <... futex resumed>) = 0 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] lstat("./37/bus", [pid 6074] <... openat resumed>) = 4 [pid 6070] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6069] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6069] <... futex resumed>) = 1 [pid 6065] <... futex resumed>) = 0 [pid 5085] getdents64(4, [pid 5083] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6074] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] <... openat resumed>) = 4 [pid 6069] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6065] exit_group(0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6074] <... futex resumed>) = 1 [pid 6071] <... futex resumed>) = 0 [pid 6070] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... umount2 resumed>) = 0 [pid 6074] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6070] <... futex resumed>) = 1 [pid 6067] <... futex resumed>) = 0 [pid 6070] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6067] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6067] <... futex resumed>) = 0 [pid 6070] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6067] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6065] <... exit_group resumed>) = ? [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6071] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] <... write resumed>) = 262144 [pid 6069] <... futex resumed>) = ? [pid 5085] close(4 [pid 5083] openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] lstat("./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6074] <... futex resumed>) = 0 [pid 6071] <... futex resumed>) = 1 [pid 5082] openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 115.575220][ T948] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 6074] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5082] <... openat resumed>) = 4 [pid 6071] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6069] +++ exited with 0 +++ [pid 6065] +++ exited with 0 +++ [pid 5085] <... close resumed>) = 0 [pid 5083] <... openat resumed>) = 4 [pid 5082] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5085] rmdir("./36/bus" [pid 5083] fstat(4, [pid 5082] getdents64(4, [pid 6070] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6065, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6070] <... futex resumed>) = 1 [pid 6067] <... futex resumed>) = 0 [pid 5082] close(4 [pid 6070] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6067] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] restart_syscall(<... resuming interrupted clone ...> [pid 5085] <... rmdir resumed>) = 0 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... close resumed>) = 0 [pid 6074] <... write resumed>) = 262144 [pid 6070] <... mmap resumed>) = 0x20000000 [pid 6067] <... futex resumed>) = 0 [pid 5086] <... restart_syscall resumed>) = 0 [pid 5085] getdents64(3, [pid 5083] getdents64(4, [pid 5082] rmdir("./37/bus" [pid 6074] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5082] <... rmdir resumed>) = 0 [pid 6074] <... futex resumed>) = 1 [pid 6071] <... futex resumed>) = 0 [pid 6070] <... futex resumed>) = 0 [pid 6067] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] close(3 [pid 5083] getdents64(4, [pid 5082] getdents64(3, [pid 6074] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6071] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6067] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... close resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6074] <... mmap resumed>) = 0x20000000 [pid 6071] <... futex resumed>) = 0 [pid 6070] <... open resumed>) = 5 [pid 6067] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] rmdir("./36" [pid 5083] close(4 [pid 5082] close(3 [pid 6074] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] <... close resumed>) = 0 [pid 6074] <... futex resumed>) = 0 [pid 6071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6070] <... futex resumed>) = 0 [pid 6067] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] <... rmdir resumed>) = 0 [pid 5083] <... close resumed>) = 0 [pid 5082] rmdir("./37" [pid 6074] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6071] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6067] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... openat resumed>) = 3 [pid 5085] mkdir("./37", 0777 [pid 5083] rmdir("./37/bus" [pid 5082] <... rmdir resumed>) = 0 [pid 6074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6071] <... futex resumed>) = 0 [pid 6070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6067] <... futex resumed>) = 0 [pid 5086] fstat(3, [pid 5082] mkdir("./38", 0777 [pid 6074] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6070] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6067] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... mkdir resumed>) = 0 [pid 5082] <... mkdir resumed>) = 0 [pid 6074] <... open resumed>) = 5 [pid 6071] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] <... mount resumed>) = 0 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5083] <... rmdir resumed>) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6074] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6070] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] getdents64(3, [pid 5085] <... openat resumed>) = 3 [pid 5083] getdents64(3, [pid 5082] <... openat resumed>) = 3 [pid 6074] <... futex resumed>) = 0 [pid 6071] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] <... futex resumed>) = 1 [pid 6067] <... futex resumed>) = 0 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] ioctl(3, LOOP_CLR_FD [pid 6074] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 6071] <... futex resumed>) = 0 [pid 6070] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6067] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] ioctl(3, LOOP_CLR_FD [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6074] <... mount resumed>) = 0 [pid 6071] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6067] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5083] close(3 [pid 5082] close(3 [pid 6074] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6070] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6067] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] lstat("./38/binderfs", [pid 5085] close(3 [pid 5083] <... close resumed>) = 0 [pid 5082] <... close resumed>) = 0 [pid 6074] <... futex resumed>) = 0 [pid 6071] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] <... open resumed>) = 6 [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] <... close resumed>) = 0 [pid 5083] rmdir("./37" [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6074] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6071] <... futex resumed>) = 0 [pid 6070] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] unlink("./38/binderfs" [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5083] <... rmdir resumed>) = 0 [pid 6074] <... open resumed>) = 6 [pid 6071] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] <... futex resumed>) = 1 [pid 6067] <... futex resumed>) = 0 [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6079 [pid 6074] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6067] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... unlink resumed>) = 0 [pid 6074] <... futex resumed>) = 0 [pid 6070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6067] <... futex resumed>) = 0 [pid 6071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] mkdir("./38", 0777 [pid 5086] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6074] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6071] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6067] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6071] <... futex resumed>) = 0 [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6080 [pid 5083] <... mkdir resumed>) = 0 [pid 6074] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6071] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6080 attached ./strace-static-x86_64: Process 6079 attached [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6079] set_robust_list(0x555556f1a5e0, 24 [pid 6070] <... write resumed>) = 262144 [pid 6080] set_robust_list(0x555556f1a5e0, 24 [pid 6079] <... set_robust_list resumed>) = 0 [pid 6074] <... write resumed>) = 262144 [pid 6070] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5083] <... openat resumed>) = 3 [pid 6079] chdir("./38" [pid 6070] <... futex resumed>) = 0 [pid 6067] exit_group(0 [pid 6079] <... chdir resumed>) = 0 [pid 6067] <... exit_group resumed>) = ? [pid 6080] <... set_robust_list resumed>) = 0 [pid 6079] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6074] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] +++ exited with 0 +++ [pid 6067] +++ exited with 0 +++ [pid 5083] ioctl(3, LOOP_CLR_FD [pid 6080] chdir("./37" [pid 6079] <... prctl resumed>) = 0 [pid 6074] <... futex resumed>) = 1 [pid 6071] <... futex resumed>) = 0 [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6067, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 6079] setpgid(0, 0 [pid 6074] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6071] exit_group(0 [pid 5083] close(3 [pid 6080] <... chdir resumed>) = 0 [pid 5081] restart_syscall(<... resuming interrupted clone ...> [pid 6079] <... setpgid resumed>) = 0 [pid 5081] <... restart_syscall resumed>) = 0 [pid 6079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6079] write(3, "1000", 4 [pid 5081] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6080] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6079] <... write resumed>) = 4 [pid 6074] <... futex resumed>) = ? [pid 6071] <... exit_group resumed>) = ? [pid 5083] <... close resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6079] close(3 [pid 6074] +++ exited with 0 +++ [pid 5081] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6079] <... close resumed>) = 0 [pid 6071] +++ exited with 0 +++ [pid 5081] <... openat resumed>) = 3 [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6071, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6080] <... prctl resumed>) = 0 [pid 6079] symlink("/dev/binderfs", "./binderfs" [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5081] fstat(3, [pid 6080] setpgid(0, 0 [pid 6079] <... symlink resumed>) = 0 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6079] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] getdents64(3, [pid 6079] <... futex resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6080] <... setpgid resumed>) = 0 [pid 6079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5084] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6081 [pid 5081] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6079] <... mmap resumed>) = 0x7f5659bc2000 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6079] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5081] lstat("./37/binderfs", ./strace-static-x86_64: Process 6081 attached [pid 6080] <... openat resumed>) = 3 [pid 6079] <... mprotect resumed>) = 0 [pid 5084] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6081] set_robust_list(0x555556f1a5e0, 24 [pid 6080] write(3, "1000", 4 [pid 6079] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5084] <... openat resumed>) = 3 [pid 5081] unlink("./37/binderfs" [pid 6081] <... set_robust_list resumed>) = 0 [pid 6080] <... write resumed>) = 4 [ 115.713132][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [pid 5084] fstat(3, [pid 5081] <... unlink resumed>) = 0 [pid 6081] chdir("./38" [pid 6080] close(3 [pid 6079] <... clone resumed>, parent_tid=[6082], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6082 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6082 attached [pid 6081] <... chdir resumed>) = 0 [pid 6080] <... close resumed>) = 0 [pid 6079] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] getdents64(3, [pid 6081] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6079] <... futex resumed>) = 0 [pid 6081] <... prctl resumed>) = 0 [pid 6079] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6081] setpgid(0, 0) = 0 [pid 6082] set_robust_list(0x7f5659be29e0, 24 [pid 6081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6080] symlink("/dev/binderfs", "./binderfs" [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6081] <... openat resumed>) = 3 [pid 6080] <... symlink resumed>) = 0 [pid 5084] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6081] write(3, "1000", 4 [pid 6080] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6081] <... write resumed>) = 4 [pid 6080] <... futex resumed>) = 0 [pid 5084] lstat("./38/binderfs", [pid 6081] close(3 [pid 6080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6081] <... close resumed>) = 0 [pid 6080] <... mmap resumed>) = 0x7f5659bc2000 [pid 5084] unlink("./38/binderfs" [pid 6081] symlink("/dev/binderfs", "./binderfs" [pid 6080] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5084] <... unlink resumed>) = 0 [pid 6081] <... symlink resumed>) = 0 [pid 6080] <... mprotect resumed>) = 0 [pid 5084] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6081] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6080] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6082] <... set_robust_list resumed>) = 0 [pid 6081] <... futex resumed>) = 0 [pid 6081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6080] <... clone resumed>, parent_tid=[6083], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6083 [pid 6082] memfd_create("syzkaller", 0 [pid 6081] <... mmap resumed>) = 0x7f5659bc2000 [pid 6080] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6080] <... futex resumed>) = 0 [pid 6081] <... mprotect resumed>) = 0 [pid 6080] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6081] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6084], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6084 [pid 6081] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 115.773942][ T75] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 115.790643][ T1062] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 115.801273][ T948] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 6081] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6082] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 6083 attached [pid 6083] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6083] memfd_create("syzkaller", 0) = 3 [pid 6083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 6084 attached [pid 6082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6084] set_robust_list(0x7f5659be29e0, 24 [pid 6082] <... mmap resumed>) = 0x7f56517c2000 [pid 6084] <... set_robust_list resumed>) = 0 [ 115.820093][ T75] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 115.837574][ T1062] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:6: mark_inode_dirty error [ 115.849401][ T948] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6084] memfd_create("syzkaller", 0) = 3 [pid 6084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6083] <... write resumed>) = 1048576 [ 115.865549][ T75] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [ 115.870187][ T1062] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 115.888631][ T948] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [ 115.899975][ T1062] EXT4-fs (loop5): This should not happen!! Data will be lost [ 115.899975][ T1062] [ 115.914000][ T6083] loop4: detected capacity change from 0 to 2048 [pid 6083] munmap(0x7f56517c2000, 1048576) = 0 [pid 6083] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6084] <... mmap resumed>) = 0x7f56517c2000 [pid 6083] <... openat resumed>) = 4 [pid 6083] ioctl(4, LOOP_SET_FD, 3 [pid 6084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6082] <... write resumed>) = 1048576 [pid 6083] <... ioctl resumed>) = 0 [pid 6083] close(3) = 0 [pid 6083] mkdir("./bus", 0777) = 0 [ 115.922069][ T75] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 115.932208][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 115.941221][ T75] EXT4-fs (loop0): This should not happen!! Data will be lost [ 115.941221][ T75] [ 115.958915][ T948] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 6083] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6084] <... write resumed>) = 1048576 [pid 6082] munmap(0x7f56517c2000, 1048576 [pid 6084] munmap(0x7f56517c2000, 1048576 [pid 6082] <... munmap resumed>) = 0 [pid 6084] <... munmap resumed>) = 0 [pid 6082] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6084] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6082] <... openat resumed>) = 4 [pid 6084] <... openat resumed>) = 4 [ 115.959902][ T75] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 115.985924][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 115.986806][ T948] EXT4-fs (loop3): This should not happen!! Data will be lost [ 115.986806][ T948] [ 116.000337][ T75] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 6082] ioctl(4, LOOP_SET_FD, 3 [pid 6084] ioctl(4, LOOP_SET_FD, 3 [pid 6082] <... ioctl resumed>) = 0 [pid 6084] <... ioctl resumed>) = 0 [pid 6082] close(3) = 0 [pid 6083] <... mount resumed>) = 0 [pid 6083] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6083] chdir("./bus" [pid 6082] mkdir("./bus", 0777 [pid 6083] <... chdir resumed>) = 0 [pid 6083] ioctl(4, LOOP_CLR_FD) = 0 [pid 6083] close(4) = 0 [pid 6083] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6080] <... futex resumed>) = 0 [pid 6082] <... mkdir resumed>) = 0 [pid 6083] chdir("./file0" [pid 6080] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6080] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6084] close(3) = 0 [ 116.024649][ T6082] loop1: detected capacity change from 0 to 2048 [ 116.027246][ T6083] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/37/bus supports timestamps until 2038 (0x7fffffff) [ 116.031394][ T6084] loop2: detected capacity change from 0 to 2048 [ 116.061245][ T948] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 6084] mkdir("./bus", 0777 [pid 6083] <... chdir resumed>) = 0 [pid 6082] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6083] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6080] <... futex resumed>) = 0 [pid 6083] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6080] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6080] <... futex resumed>) = 0 [pid 6083] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6080] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] <... openat resumed>) = 4 [pid 6083] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... umount2 resumed>) = 0 [pid 6083] <... futex resumed>) = 1 [pid 6080] <... futex resumed>) = 0 [pid 6083] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6080] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6080] <... futex resumed>) = 0 [pid 6083] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 116.080778][ T948] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 6080] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6084] <... mkdir resumed>) = 0 [pid 5084] <... umount2 resumed>) = 0 [pid 6084] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5081] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] <... umount2 resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] lstat("./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6083] <... write resumed>) = 262144 [pid 5084] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6083] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6083] <... futex resumed>) = 1 [pid 6080] <... futex resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6083] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6080] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] lstat("./38/bus", [pid 6083] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6080] <... futex resumed>) = 0 [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6083] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5084] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6083] <... mmap resumed>) = 0x20000000 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6083] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6083] <... futex resumed>) = 0 [pid 5084] <... openat resumed>) = 4 [pid 6083] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5084] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5084] close(4) = 0 [pid 5084] rmdir("./38/bus") = 0 [pid 5084] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5084] close(3) = 0 [pid 5084] rmdir("./38") = 0 [pid 5084] mkdir("./39", 0777) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5084] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5084] close(3) = 0 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 6090 [pid 6080] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6080] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... futex resumed>) = 0 [pid 6080] <... futex resumed>) = 1 [pid 6083] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6080] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] <... open resumed>) = 5 [pid 5081] openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6083] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6080] <... futex resumed>) = 0 [pid 6083] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6080] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6080] <... futex resumed>) = 0 [pid 6083] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL) = 0 [pid 6080] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6083] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5081] <... openat resumed>) = 4 [pid 6083] <... futex resumed>) = 0 [pid 6080] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] fstat(4, [pid 6083] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6080] <... futex resumed>) = 0 [pid 5086] lstat("./38/bus", [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6083] <... open resumed>) = 6 [pid 6080] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] getdents64(4, [pid 6083] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6083] <... futex resumed>) = 0 [pid 6080] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6083] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6080] <... futex resumed>) = 0 [pid 5086] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] getdents64(4, [pid 6080] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [ 116.175777][ T6082] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/38/bus supports timestamps until 2038 (0x7fffffff) [pid 5081] close(4./strace-static-x86_64: Process 6090 attached [pid 6082] <... mount resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6090] set_robust_list(0x555556f1a5e0, 24 [pid 6082] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6090] <... set_robust_list resumed>) = 0 [pid 6083] <... write resumed>) = 262144 [pid 6082] <... openat resumed>) = 3 [pid 5081] <... close resumed>) = 0 [pid 6090] chdir("./39" [pid 6083] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] chdir("./bus" [pid 5081] rmdir("./37/bus" [pid 6090] <... chdir resumed>) = 0 [pid 6083] <... futex resumed>) = 1 [pid 6082] <... chdir resumed>) = 0 [pid 6080] <... futex resumed>) = 0 [pid 6090] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6083] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6082] ioctl(4, LOOP_CLR_FD [pid 6080] exit_group(0 [pid 6090] <... prctl resumed>) = 0 [pid 6082] <... ioctl resumed>) = 0 [pid 6080] <... exit_group resumed>) = ? [pid 6083] <... futex resumed>) = ? [pid 5081] <... rmdir resumed>) = 0 [pid 6090] setpgid(0, 0 [pid 6082] close(4 [pid 6090] <... setpgid resumed>) = 0 [pid 6082] <... close resumed>) = 0 [pid 6090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6082] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6090] <... openat resumed>) = 3 [pid 6082] <... futex resumed>) = 1 [pid 6079] <... futex resumed>) = 0 [pid 6090] write(3, "1000", 4 [pid 6082] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6079] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6090] <... write resumed>) = 4 [pid 6083] +++ exited with 0 +++ [pid 6082] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6080] +++ exited with 0 +++ [pid 6079] <... futex resumed>) = 0 [pid 5081] getdents64(3, [pid 6090] close(3 [pid 6082] chdir("./file0" [pid 6079] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6080, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6090] <... close resumed>) = 0 [pid 5086] openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6090] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6090] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6090] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6092], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6092 [pid 6090] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6090] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6092 attached [pid 6084] <... mount resumed>) = 0 [pid 6082] <... chdir resumed>) = 0 [pid 5086] <... openat resumed>) = 4 [pid 5085] restart_syscall(<... resuming interrupted clone ...> [pid 5081] close(3 [pid 6092] set_robust_list(0x7f5659be29e0, 24 [pid 6082] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] fstat(4, [pid 5085] <... restart_syscall resumed>) = 0 [pid 5081] <... close resumed>) = 0 [pid 6092] <... set_robust_list resumed>) = 0 [pid 6082] <... futex resumed>) = 1 [pid 6079] <... futex resumed>) = 0 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] rmdir("./37" [pid 6092] memfd_create("syzkaller", 0 [pid 6082] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6079] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] getdents64(4, [pid 5081] <... rmdir resumed>) = 0 [pid 6092] <... memfd_create resumed>) = 3 [pid 6082] <... openat resumed>) = 4 [pid 6079] <... futex resumed>) = 0 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5085] umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6082] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] getdents64(4, [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] mkdir("./38", 0777 [pid 6092] <... mmap resumed>) = 0x7f56517c2000 [pid 6082] <... futex resumed>) = 0 [pid 6079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5085] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5081] <... mkdir resumed>) = 0 [pid 6092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6084] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6082] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6079] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] close(4 [pid 5085] <... openat resumed>) = 3 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6082] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6079] <... futex resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5085] fstat(3, [pid 5081] <... openat resumed>) = 3 [ 116.214955][ T6084] ext4 filesystem being mounted at /root/syzkaller.22hR0w/38/bus supports timestamps until 2038 (0x7fffffff) [pid 6079] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] rmdir("./38/bus" [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6082] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5081] ioctl(3, LOOP_CLR_FD [pid 6084] <... openat resumed>) = 3 [pid 5086] <... rmdir resumed>) = 0 [pid 5085] getdents64(3, [pid 6084] chdir("./bus" [pid 5086] getdents64(3, [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6084] <... chdir resumed>) = 0 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5081] close(3 [pid 5085] umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6092] <... write resumed>) = 1048576 [pid 6084] ioctl(4, LOOP_CLR_FD [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] <... close resumed>) = 0 [pid 6084] <... ioctl resumed>) = 0 [pid 5085] lstat("./37/binderfs", [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6084] close(4 [pid 5086] close(3 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6084] <... close resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5085] unlink("./37/binderfs" [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6093 [pid 6084] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... unlink resumed>) = 0 [pid 6084] <... futex resumed>) = 1 [pid 6081] <... futex resumed>) = 0 [pid 6084] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6081] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] rmdir("./38" [pid 5085] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6081] <... futex resumed>) = 0 [pid 6082] <... write resumed>) = 262144 [pid 6082] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... rmdir resumed>) = 0 [pid 6081] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6084] chdir("./file0" [pid 6082] <... futex resumed>) = 1 [pid 6079] <... futex resumed>) = 0 [pid 6082] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6093 attached [pid 6093] set_robust_list(0x555556f1a5e0, 24 [pid 6079] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6084] <... chdir resumed>) = 0 [pid 6079] <... futex resumed>) = 1 [pid 6082] <... futex resumed>) = 0 [pid 6093] <... set_robust_list resumed>) = 0 [pid 6082] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6093] chdir("./38") = 0 [pid 6093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6093] setpgid(0, 0) = 0 [pid 6093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6093] write(3, "1000", 4) = 4 [pid 6093] close(3) = 0 [pid 6093] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6093] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6093] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6093] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6094], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6094 [pid 6093] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6093] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6094 attached [pid 6094] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6094] memfd_create("syzkaller", 0) = 3 [pid 6094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6082] <... mmap resumed>) = 0x20000000 [pid 6079] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6084] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6084] <... futex resumed>) = 1 [pid 6081] <... futex resumed>) = 0 [pid 6079] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] mkdir("./39", 0777 [pid 6082] <... futex resumed>) = 0 [pid 6084] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6081] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] <... futex resumed>) = 0 [pid 6082] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5086] <... mkdir resumed>) = 0 [pid 6081] <... futex resumed>) = 0 [pid 6079] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6081] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6082] <... open resumed>) = 5 [pid 6084] <... openat resumed>) = 4 [pid 6082] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6084] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6079] <... futex resumed>) = 0 [pid 6082] <... futex resumed>) = 1 [pid 6079] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6079] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 5086] <... openat resumed>) = 3 [pid 6082] <... mount resumed>) = 0 [pid 5086] ioctl(3, LOOP_CLR_FD [pid 6084] <... futex resumed>) = 1 [pid 6082] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] <... futex resumed>) = 0 [pid 5086] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6081] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6084] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6081] <... futex resumed>) = 0 [pid 6079] <... futex resumed>) = 0 [pid 5086] close(3 [pid 6082] <... futex resumed>) = 1 [pid 6081] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6079] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... close resumed>) = 0 [pid 6082] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6079] <... futex resumed>) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6079] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] <... open resumed>) = 6 [pid 6082] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6079] <... futex resumed>) = 0 [pid 6079] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6079] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651./strace-static-x86_64: Process 6095 attached [pid 6095] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 6095] chdir("./39") = 0 [pid 6094] <... write resumed>) = 1048576 [pid 6095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6095] setpgid(0, 0) = 0 [pid 6095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6095] write(3, "1000", 4) = 4 [pid 6095] close(3) = 0 [pid 6095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6095] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6094] munmap(0x7f56517c2000, 1048576 [pid 6095] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6094] <... munmap resumed>) = 0 [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6095 [pid 6095] <... mprotect resumed>) = 0 [pid 6095] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6095] <... clone resumed>, parent_tid=[6096], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6096 [pid 6094] ioctl(4, LOOP_SET_FD, 3 [ 116.296969][ T75] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 6095] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6094] <... ioctl resumed>) = 0 [pid 6095] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6094] close(3) = 0 [pid 6094] mkdir("./bus", 0777) = 0 [pid 6094] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6092] munmap(0x7f56517c2000, 1048576./strace-static-x86_64: Process 6096 attached ) = 0 [pid 6084] <... write resumed>) = 262144 [pid 6082] <... write resumed>) = 262144 [pid 6081] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6081] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6096] set_robust_list(0x7f5659be29e0, 24 [pid 6092] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6081] <... futex resumed>) = 0 [pid 6096] <... set_robust_list resumed>) = 0 [pid 6092] <... openat resumed>) = 4 [pid 6084] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6082] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [ 116.349719][ T6094] loop0: detected capacity change from 0 to 2048 [ 116.369301][ T75] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 116.382809][ T75] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [pid 6081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6096] memfd_create("syzkaller", 0 [pid 6092] ioctl(4, LOOP_SET_FD, 3 [pid 6084] <... futex resumed>) = 0 [pid 6082] <... futex resumed>) = 0 [pid 6081] <... mmap resumed>) = 0x7f56518a1000 [pid 6079] exit_group(0 [pid 6084] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6082] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6096] <... memfd_create resumed>) = 3 [pid 6092] <... ioctl resumed>) = 0 [pid 6082] <... futex resumed>) = ? [pid 6081] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 6079] <... exit_group resumed>) = ? [pid 6096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6092] close(3 [pid 6082] +++ exited with 0 +++ [pid 6081] <... mprotect resumed>) = 0 [pid 6079] +++ exited with 0 +++ [pid 6081] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6096] <... mmap resumed>) = 0x7f56517c2000 [pid 6092] <... close resumed>) = 0 [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6079, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 6081] <... clone resumed>, parent_tid=[6099], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 6099 [pid 5082] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6081] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6081] <... futex resumed>) = 0 [pid 5082] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6092] mkdir("./bus", 0777 [pid 6081] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... openat resumed>) = 3 [pid 5082] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] unlink("./38/binderfs" [pid 6092] <... mkdir resumed>) = 0 [pid 5082] <... unlink resumed>) = 0 [ 116.397432][ T6092] loop3: detected capacity change from 0 to 2048 [ 116.399352][ T6094] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/38/bus supports timestamps until 2038 (0x7fffffff) [ 116.416100][ T75] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5082] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6092] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue"./strace-static-x86_64: Process 6099 attached [pid 6096] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6081] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6081] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6081] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] <... mount resumed>) = 0 [pid 6094] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6084] <... futex resumed>) = 0 [pid 6099] set_robust_list(0x7f56518c19e0, 24 [ 116.442602][ T948] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 116.443512][ T75] EXT4-fs (loop4): This should not happen!! Data will be lost [ 116.443512][ T75] [ 116.472254][ T75] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 6084] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6099] <... set_robust_list resumed>) = 0 [pid 6084] <... open resumed>) = 5 [pid 6094] <... openat resumed>) = 3 [pid 6094] chdir("./bus") = 0 [pid 6094] ioctl(4, LOOP_CLR_FD) = 0 [pid 6094] close(4) = 0 [pid 6094] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6093] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] <... futex resumed>) = 1 [pid 6094] chdir("./file0") = 0 [pid 6099] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6094] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6094] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6093] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6094] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6084] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6084] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6084] <... mount resumed>) = 0 [pid 6099] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6094] <... openat resumed>) = 4 [pid 6084] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6099] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6094] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6084] <... futex resumed>) = 1 [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6084] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6094] <... futex resumed>) = 1 [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] <... write resumed>) = 1048576 [pid 6093] <... futex resumed>) = 0 [pid 6096] munmap(0x7f56517c2000, 1048576 [pid 6094] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6093] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6084] <... open resumed>) = 6 [pid 6096] <... munmap resumed>) = 0 [pid 6096] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 116.491826][ T75] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 116.499741][ T948] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 116.520366][ T6092] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/39/bus supports timestamps until 2038 (0x7fffffff) [pid 6084] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] ioctl(4, LOOP_SET_FD, 3 [pid 6084] <... futex resumed>) = 1 [pid 6081] <... futex resumed>) = 0 [pid 6084] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6081] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6081] <... futex resumed>) = 0 [pid 6084] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6081] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6096] <... ioctl resumed>) = 0 [pid 6096] close(3) = 0 [pid 6096] mkdir("./bus", 0777) = 0 [pid 6096] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6094] <... write resumed>) = 262144 [pid 6092] <... mount resumed>) = 0 [pid 6092] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6092] chdir("./bus") = 0 [pid 6092] ioctl(4, LOOP_CLR_FD) = 0 [pid 6092] close(4) = 0 [pid 6092] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6090] <... futex resumed>) = 0 [pid 6090] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6090] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6092] <... futex resumed>) = 1 [pid 6092] chdir("./file0" [pid 6093] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6092] <... chdir resumed>) = 0 [pid 6093] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6093] <... futex resumed>) = 0 [pid 6092] <... futex resumed>) = 1 [pid 6090] <... futex resumed>) = 0 [pid 6093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6092] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6090] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6093] <... mmap resumed>) = 0x7f56518a1000 [pid 6092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6090] <... futex resumed>) = 0 [pid 6093] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 6092] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6090] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6093] <... mprotect resumed>) = 0 [pid 6093] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6104], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 6104 [pid 6093] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6093] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6092] <... openat resumed>) = 4 [pid 6092] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6090] <... futex resumed>) = 0 [pid 6092] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6090] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6090] <... futex resumed>) = 0 [pid 6092] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6090] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6081] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6094] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6084] <... write resumed>) = 262144 [pid 6084] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] exit_group(0 [pid 6084] <... futex resumed>) = ? [pid 6099] <... futex resumed>) = ? [pid 6081] <... exit_group resumed>) = ? [pid 6084] +++ exited with 0 +++ [pid 6094] <... futex resumed>) = 0 [pid 6094] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6099] +++ exited with 0 +++ [pid 6081] +++ exited with 0 +++ [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6081, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5083] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 116.550895][ T6096] loop5: detected capacity change from 0 to 2048 [ 116.571310][ T948] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [ 116.585388][ T948] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 116.623463][ T948] EXT4-fs (loop1): This should not happen!! Data will be lost [ 116.623463][ T948] [ 116.623627][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 116.637384][ T948] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 116.659727][ T948] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 5083] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5083] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5083] lstat("./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5083] unlink("./38/binderfs") = 0 [pid 5083] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... umount2 resumed>) = 0 [pid 5085] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./37/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] umount2("./37/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./37/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 ./strace-static-x86_64: Process 6104 attached [pid 6093] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6092] <... write resumed>) = 262144 [pid 6090] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5085] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./37/bus") = 0 [pid 5085] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5085] close(3 [pid 6104] set_robust_list(0x7f56518c19e0, 24 [pid 6093] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6090] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6104] <... set_robust_list resumed>) = 0 [pid 6094] <... futex resumed>) = 0 [pid 6093] <... futex resumed>) = 1 [pid 6092] <... futex resumed>) = 0 [pid 6090] <... futex resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 6104] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6094] open("", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6093] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6092] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6090] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] rmdir("./37" [pid 6104] <... mmap resumed>) = 0x20000000 [pid 6094] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 6092] <... mmap resumed>) = 0x20000000 [pid 6104] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6104] <... futex resumed>) = 0 [pid 6094] <... futex resumed>) = 1 [pid 6093] <... futex resumed>) = 0 [pid 6092] <... futex resumed>) = 1 [pid 6090] <... futex resumed>) = 0 [pid 5085] <... rmdir resumed>) = 0 [pid 6104] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6094] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6090] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] mkdir("./38", 0777 [pid 6094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6093] <... futex resumed>) = 0 [pid 6092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6090] <... futex resumed>) = 0 [pid 6094] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6093] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 116.673377][ T11] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 116.674887][ T6096] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/39/bus supports timestamps until 2038 (0x7fffffff) [ 116.695192][ T11] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [pid 6092] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6090] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] <... mount resumed>) = -1 ENOENT (No such file or directory) [pid 6092] <... open resumed>) = 5 [pid 5085] <... mkdir resumed>) = 0 [pid 6094] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] <... futex resumed>) = 1 [pid 6093] <... futex resumed>) = 0 [pid 6092] <... futex resumed>) = 1 [pid 6090] <... futex resumed>) = 0 [pid 6094] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6090] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6093] <... futex resumed>) = 0 [pid 6092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6090] <... futex resumed>) = 0 [pid 6094] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6093] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6092] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 6090] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 6092] <... mount resumed>) = 0 [pid 6094] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] <... futex resumed>) = 1 [pid 6093] <... futex resumed>) = 0 [pid 6092] <... futex resumed>) = 1 [pid 6090] <... futex resumed>) = 0 [pid 6094] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6090] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6093] <... futex resumed>) = 0 [pid 6092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6090] <... futex resumed>) = 0 [pid 6094] write(-1, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6093] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6092] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6090] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6092] <... open resumed>) = 6 [pid 6094] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] <... futex resumed>) = 1 [pid 6093] <... futex resumed>) = 0 [pid 6092] <... futex resumed>) = 1 [pid 6090] <... futex resumed>) = 0 [pid 6094] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] exit_group(0 [pid 6092] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6090] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6104] <... futex resumed>) = ? [pid 6094] <... futex resumed>) = ? [pid 6093] <... exit_group resumed>) = ? [pid 6092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6090] <... futex resumed>) = 0 [pid 6104] +++ exited with 0 +++ [pid 6094] +++ exited with 0 +++ [pid 6093] +++ exited with 0 +++ [pid 6092] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6090] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6096] <... mount resumed>) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6096] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5085] <... openat resumed>) = 3 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6093, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6096] <... openat resumed>) = 3 [pid 5085] ioctl(3, LOOP_CLR_FD [pid 5081] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6096] chdir("./bus" [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6096] <... chdir resumed>) = 0 [pid 5085] close(3 [pid 5081] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6096] ioctl(4, LOOP_CLR_FD [pid 5085] <... close resumed>) = 0 [pid 5081] <... openat resumed>) = 3 [pid 6096] <... ioctl resumed>) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5081] fstat(3, [pid 6096] close(4 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6096] <... close resumed>) = 0 [ 116.722920][ T11] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6105 [pid 5081] getdents64(3, ./strace-static-x86_64: Process 6105 attached [pid 6105] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 6105] chdir("./38" [pid 6096] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] <... write resumed>) = 262144 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6096] <... futex resumed>) = 1 [pid 6095] <... futex resumed>) = 0 [pid 6092] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] chdir("./file0" [pid 6095] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6096] <... chdir resumed>) = 0 [pid 6095] <... futex resumed>) = 0 [pid 6092] <... futex resumed>) = 1 [pid 6090] <... futex resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6095] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6092] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6090] exit_group(0 [pid 6092] <... futex resumed>) = ? [pid 6090] <... exit_group resumed>) = ? [pid 6096] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [ 116.739769][ T11] EXT4-fs (loop2): This should not happen!! Data will be lost [ 116.739769][ T11] [ 116.781115][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 6092] +++ exited with 0 +++ [pid 6090] +++ exited with 0 +++ [pid 5082] <... umount2 resumed>) = 0 [pid 5081] lstat("./38/binderfs", [pid 6105] <... chdir resumed>) = 0 [pid 6096] <... futex resumed>) = 1 [pid 6095] <... futex resumed>) = 0 [pid 6105] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6095] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] <... prctl resumed>) = 0 [pid 6095] <... futex resumed>) = 0 [pid 6105] setpgid(0, 0 [pid 6095] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6105] <... setpgid resumed>) = 0 [pid 6105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6105] write(3, "1000", 4) = 4 [pid 6105] close(3) = 0 [pid 6105] symlink("/dev/binderfs", "./binderfs" [pid 6096] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6090, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5082] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6105] <... symlink resumed>) = 0 [pid 6105] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6105] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6105] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6096] <... openat resumed>) = 4 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] unlink("./38/binderfs" [pid 6105] <... clone resumed>, parent_tid=[6106], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6106 [pid 6096] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] <... futex resumed>) = 1 [pid 6095] <... futex resumed>) = 0 [pid 6105] <... futex resumed>) = 0 [pid 6096] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6095] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... unlink resumed>) = 0 [pid 6105] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6095] <... futex resumed>) = 0 [pid 5082] lstat("./38/bus", [pid 6096] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6095] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6106 attached [pid 5084] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6106] set_robust_list(0x7f5659be29e0, 24 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6106] <... set_robust_list resumed>) = 0 [pid 5084] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6106] memfd_create("syzkaller", 0 [pid 5084] <... openat resumed>) = 3 [pid 5082] openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6106] <... memfd_create resumed>) = 3 [pid 5084] fstat(3, [pid 5082] <... openat resumed>) = 4 [pid 6106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] fstat(4, [pid 6106] <... mmap resumed>) = 0x7f56517c2000 [ 116.798778][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 5084] getdents64(3, [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] getdents64(4, [pid 6106] <... write resumed>) = 1048576 [pid 6096] <... write resumed>) = 262144 [pid 5084] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] getdents64(4, [pid 5084] lstat("./39/binderfs", [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] close(4 [pid 6095] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5084] unlink("./39/binderfs" [pid 5082] <... close resumed>) = 0 [pid 5081] <... umount2 resumed>) = 0 [pid 5084] <... unlink resumed>) = 0 [pid 5082] rmdir("./38/bus" [pid 6095] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... rmdir resumed>) = 0 [pid 5081] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6095] <... futex resumed>) = 0 [pid 5082] getdents64(3, [pid 6095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6095] <... mmap resumed>) = 0x7f56518a1000 [pid 5082] close(3 [pid 5081] lstat("./38/bus", [pid 6095] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 5082] <... close resumed>) = 0 [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6096] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6095] <... mprotect resumed>) = 0 [pid 5082] rmdir("./38" [pid 5081] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6096] <... futex resumed>) = 0 [pid 6095] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5083] <... umount2 resumed>) = 0 [pid 5082] <... rmdir resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6106] munmap(0x7f56517c2000, 1048576 [pid 6096] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6106] <... munmap resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] lstat("./38/bus", [pid 6106] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6106] <... openat resumed>) = 4 [pid 5083] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6106] ioctl(4, LOOP_SET_FD, 3 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6107 attached [pid 5083] openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] mkdir("./39", 0777 [pid 5081] openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6107] set_robust_list(0x7f56518c19e0, 24 [pid 6095] <... clone resumed>, parent_tid=[6107], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 6107 [pid 5083] <... openat resumed>) = 4 [pid 5082] <... mkdir resumed>) = 0 [pid 5081] <... openat resumed>) = 4 [pid 6107] <... set_robust_list resumed>) = 0 [pid 6095] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] fstat(4, [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5081] fstat(4, [pid 6107] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6095] <... futex resumed>) = 0 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... openat resumed>) = 3 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 116.940244][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 116.948030][ T6106] loop4: detected capacity change from 0 to 2048 [ 116.963364][ T11] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6107] <... mmap resumed>) = 0x20000000 [pid 6106] <... ioctl resumed>) = 0 [pid 6095] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] ioctl(3, LOOP_CLR_FD [pid 5081] getdents64(4, [pid 6107] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6095] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6107] <... futex resumed>) = 0 [pid 6095] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] close(3 [pid 5081] getdents64(4, [pid 6107] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6096] <... futex resumed>) = 0 [pid 6095] <... futex resumed>) = 1 [pid 5082] <... close resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6106] close(3 [pid 6096] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6095] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] getdents64(4, [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5081] close(4 [pid 6106] <... close resumed>) = 0 [pid 6096] <... open resumed>) = 5 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5081] <... close resumed>) = 0 [pid 6106] mkdir("./bus", 0777 [pid 6096] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] getdents64(4, [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6108 [pid 5081] rmdir("./38/bus" [pid 6106] <... mkdir resumed>) = 0 [pid 6096] <... futex resumed>) = 1 [pid 6095] <... futex resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5081] <... rmdir resumed>) = 0 [pid 6106] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6096] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6095] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] close(4 [pid 5081] getdents64(3, ./strace-static-x86_64: Process 6108 attached [pid 6096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6095] <... futex resumed>) = 0 [pid 5083] <... close resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6108] set_robust_list(0x555556f1a5e0, 24 [pid 6096] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 6095] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] rmdir("./38/bus" [pid 5081] close(3 [pid 6108] <... set_robust_list resumed>) = 0 [pid 6096] <... mount resumed>) = 0 [pid 5081] <... close resumed>) = 0 [pid 6108] chdir("./39" [pid 6096] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... rmdir resumed>) = 0 [pid 5081] rmdir("./38" [pid 6108] <... chdir resumed>) = 0 [pid 6096] <... futex resumed>) = 1 [pid 6095] <... futex resumed>) = 0 [pid 5083] getdents64(3, [pid 5081] <... rmdir resumed>) = 0 [pid 6108] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6096] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6095] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5081] mkdir("./39", 0777 [pid 6108] <... prctl resumed>) = 0 [pid 6096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6095] <... futex resumed>) = 0 [pid 5081] <... mkdir resumed>) = 0 [pid 6108] setpgid(0, 0 [pid 6096] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6095] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6108] <... setpgid resumed>) = 0 [pid 6096] <... open resumed>) = 6 [pid 5081] <... openat resumed>) = 3 [pid 6108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6096] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] ioctl(3, LOOP_CLR_FD [pid 6108] <... openat resumed>) = 3 [pid 6096] <... futex resumed>) = 1 [pid 6095] <... futex resumed>) = 0 [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6108] write(3, "1000", 4 [pid 6096] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6095] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] close(3 [pid 6108] <... write resumed>) = 4 [pid 6096] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6095] <... futex resumed>) = 0 [pid 5083] close(3 [pid 5081] <... close resumed>) = 0 [pid 6108] close(3 [pid 6096] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6095] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6108] <... close resumed>) = 0 [pid 6096] <... write resumed>) = 262144 [pid 5083] <... close resumed>) = 0 [pid 6108] symlink("/dev/binderfs", "./binderfs" [pid 6096] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] rmdir("./38" [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6111 [ 116.987837][ T11] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 117.026290][ T11] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 6108] <... symlink resumed>) = 0 [pid 6096] <... futex resumed>) = 1 [pid 6095] <... futex resumed>) = 0 [pid 6108] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6095] exit_group(0 [pid 6108] <... futex resumed>) = 0 [pid 6107] <... futex resumed>) = ? [pid 6096] <... futex resumed>) = ? [pid 6095] <... exit_group resumed>) = ? [pid 6108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6107] +++ exited with 0 +++ [pid 6096] +++ exited with 0 +++ [pid 6095] +++ exited with 0 +++ [pid 6108] <... mmap resumed>) = 0x7f5659bc2000 [pid 6108] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6095, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6108] <... mprotect resumed>) = 0 [pid 5086] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6111 attached [pid 6108] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] mkdir("./39", 0777 [pid 5086] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6108] <... clone resumed>, parent_tid=[6112], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6112 [pid 5086] <... openat resumed>) = 3 [pid 6108] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] fstat(3, [pid 6108] <... futex resumed>) = 0 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6108] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5086] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5086] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... mkdir resumed>) = 0 [pid 6111] set_robust_list(0x555556f1a5e0, 24 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 6112 attached [pid 6111] <... set_robust_list resumed>) = 0 [pid 5086] lstat("./39/binderfs", [pid 5083] <... openat resumed>) = 3 [pid 6112] set_robust_list(0x7f5659be29e0, 24 [pid 6111] chdir("./39" [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5083] ioctl(3, LOOP_CLR_FD [pid 6112] <... set_robust_list resumed>) = 0 [pid 6111] <... chdir resumed>) = 0 [pid 6106] <... mount resumed>) = 0 [pid 5086] unlink("./39/binderfs" [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6112] memfd_create("syzkaller", 0 [pid 6111] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6106] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5086] <... unlink resumed>) = 0 [pid 5083] close(3 [pid 6112] <... memfd_create resumed>) = 3 [pid 5086] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [ 117.056109][ T6106] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/38/bus supports timestamps until 2038 (0x7fffffff) [ 117.087868][ T11] EXT4-fs (loop3): This should not happen!! Data will be lost [ 117.087868][ T11] [pid 6112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6111] <... prctl resumed>) = 0 [pid 6106] <... openat resumed>) = 3 [pid 5083] <... close resumed>) = 0 [pid 6111] setpgid(0, 0 [pid 6106] chdir("./bus" [pid 6111] <... setpgid resumed>) = 0 [pid 6106] <... chdir resumed>) = 0 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6106] ioctl(4, LOOP_CLR_FD [pid 6111] <... openat resumed>) = 3 [ 117.099601][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 117.113418][ T1062] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 117.126220][ T1062] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:6: mark_inode_dirty error [pid 6106] <... ioctl resumed>) = 0 [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6113 ./strace-static-x86_64: Process 6113 attached [pid 6111] write(3, "1000", 4 [pid 6106] close(4 [pid 6113] set_robust_list(0x555556f1a5e0, 24 [pid 6111] <... write resumed>) = 4 [pid 6106] <... close resumed>) = 0 [pid 6111] close(3 [pid 6106] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6111] <... close resumed>) = 0 [pid 6106] <... futex resumed>) = 1 [pid 6111] symlink("/dev/binderfs", "./binderfs" [pid 6106] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6113] <... set_robust_list resumed>) = 0 [pid 6111] <... symlink resumed>) = 0 [pid 6105] <... futex resumed>) = 0 [pid 6113] chdir("./39" [pid 6112] <... write resumed>) = 1048576 [pid 6111] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6113] <... chdir resumed>) = 0 [pid 6112] munmap(0x7f56517c2000, 1048576 [pid 6111] <... futex resumed>) = 0 [ 117.144529][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 117.149201][ T1062] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 117.169976][ T1062] EXT4-fs (loop5): This should not happen!! Data will be lost [ 117.169976][ T1062] [ 117.182310][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [pid 6113] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6112] <... munmap resumed>) = 0 [pid 6111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6113] <... prctl resumed>) = 0 [pid 6112] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6111] <... mmap resumed>) = 0x7f5659bc2000 [pid 6105] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6113] setpgid(0, 0 [pid 6112] <... openat resumed>) = 4 [pid 6111] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6113] <... setpgid resumed>) = 0 [pid 6112] ioctl(4, LOOP_SET_FD, 3 [pid 6111] <... mprotect resumed>) = 0 [pid 6113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6111] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6106] <... futex resumed>) = 0 [pid 6105] <... futex resumed>) = 1 [pid 6105] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6112] <... ioctl resumed>) = 0 [pid 6112] close(3) = 0 [pid 6112] mkdir("./bus", 0777 [pid 6106] chdir("./file0" [pid 6112] <... mkdir resumed>) = 0 [pid 6106] <... chdir resumed>) = 0 [pid 6112] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue"./strace-static-x86_64: Process 6114 attached [pid 6111] <... clone resumed>, parent_tid=[6114], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6114 [pid 6106] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6111] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6114] memfd_create("syzkaller", 0) = 3 [pid 6114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6111] <... futex resumed>) = 0 [pid 6106] <... futex resumed>) = 1 [pid 6105] <... futex resumed>) = 0 [pid 6111] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6105] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] <... mmap resumed>) = 0x7f56517c2000 [pid 6105] <... futex resumed>) = 0 [pid 6105] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6106] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6113] <... openat resumed>) = 3 [pid 6106] <... openat resumed>) = 4 [pid 6113] write(3, "1000", 4) = 4 [pid 6113] close(3 [pid 6106] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6113] <... close resumed>) = 0 [pid 6113] symlink("/dev/binderfs", "./binderfs" [pid 6105] <... futex resumed>) = 0 [pid 6106] <... futex resumed>) = 1 [pid 6105] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6105] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6113] <... symlink resumed>) = 0 [pid 6113] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6106] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6113] <... futex resumed>) = 0 [pid 6113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6113] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [ 117.196704][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 117.210379][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 117.217448][ T6112] loop1: detected capacity change from 0 to 2048 [pid 6114] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6113] <... mprotect resumed>) = 0 [pid 6113] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6117], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6117 [pid 6113] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6117 attached ) = 0 [pid 6106] <... write resumed>) = 262144 [pid 6105] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6117] set_robust_list(0x7f5659be29e0, 24 [pid 6113] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6106] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] <... set_robust_list resumed>) = 0 [pid 6106] <... futex resumed>) = 0 [pid 6105] <... futex resumed>) = 0 [pid 6117] memfd_create("syzkaller", 0 [pid 6114] <... write resumed>) = 1048576 [pid 6112] <... mount resumed>) = 0 [pid 6106] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6105] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... umount2 resumed>) = 0 [pid 6117] <... memfd_create resumed>) = 3 [pid 6114] munmap(0x7f56517c2000, 1048576 [pid 5086] <... umount2 resumed>) = 0 [pid 6117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6114] <... munmap resumed>) = 0 [pid 6112] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6106] <... mmap resumed>) = 0x20000000 [pid 5086] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6117] <... mmap resumed>) = 0x7f56517c2000 [pid 6114] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6112] <... openat resumed>) = 3 [pid 6106] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [ 117.277997][ T6112] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/39/bus supports timestamps until 2038 (0x7fffffff) [pid 6114] <... openat resumed>) = 4 [pid 6112] chdir("./bus" [pid 6106] <... futex resumed>) = 1 [pid 6105] <... futex resumed>) = 0 [pid 5086] lstat("./39/bus", [pid 5084] lstat("./39/bus", [pid 6114] ioctl(4, LOOP_SET_FD, 3 [pid 6112] <... chdir resumed>) = 0 [pid 6106] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6105] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6114] <... ioctl resumed>) = 0 [pid 6105] <... futex resumed>) = 0 [pid 6112] ioctl(4, LOOP_CLR_FD [pid 6106] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6105] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6112] <... ioctl resumed>) = 0 [pid 6106] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6112] close(4 [pid 5086] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6106] <... open resumed>) = 5 [pid 6112] <... close resumed>) = 0 [pid 6112] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6112] <... futex resumed>) = 1 [pid 6108] <... futex resumed>) = 0 [pid 6112] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6112] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6108] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6112] chdir("./file0" [pid 6108] <... futex resumed>) = 0 [pid 5084] <... openat resumed>) = 4 [pid 6117] <... write resumed>) = 1048576 [pid 6112] <... chdir resumed>) = 0 [pid 6108] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6106] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] fstat(4, [pid 6112] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6112] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] close(3) = 0 [pid 6114] mkdir("./bus", 0777) = 0 [pid 6108] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6108] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] getdents64(4, [pid 6112] <... futex resumed>) = 0 [pid 6108] <... futex resumed>) = 1 [pid 6106] <... futex resumed>) = 1 [pid 6105] <... futex resumed>) = 0 [pid 5086] openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6112] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6117] munmap(0x7f56517c2000, 1048576 [pid 6112] <... openat resumed>) = 4 [pid 6108] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6106] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 6105] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... openat resumed>) = 4 [pid 6112] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6108] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] getdents64(4, [pid 6112] <... futex resumed>) = 0 [pid 6106] <... mount resumed>) = 0 [pid 6105] <... futex resumed>) = 0 [pid 5086] fstat(4, [pid 6112] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6108] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6112] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6108] <... futex resumed>) = 0 [pid 6106] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] getdents64(4, [pid 5084] close(4 [pid 6117] <... munmap resumed>) = 0 [pid 6114] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6112] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6108] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6106] <... futex resumed>) = 0 [pid 6105] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5084] <... close resumed>) = 0 [pid 6117] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6106] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6105] <... futex resumed>) = 0 [pid 5086] getdents64(4, [pid 5084] rmdir("./39/bus" [pid 6117] <... openat resumed>) = 4 [pid 6106] <... open resumed>) = 6 [pid 6105] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5084] <... rmdir resumed>) = 0 [ 117.340058][ T6114] loop0: detected capacity change from 0 to 2048 [pid 6117] ioctl(4, LOOP_SET_FD, 3 [pid 6112] <... write resumed>) = 262144 [pid 6106] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] close(4 [pid 5084] getdents64(3, [pid 6112] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6108] <... futex resumed>) = 0 [pid 6112] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6108] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6112] <... mmap resumed>) = 0x20000000 [pid 6108] <... futex resumed>) = 0 [pid 6112] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6108] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6112] <... futex resumed>) = 0 [pid 6108] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6112] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6108] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6112] <... open resumed>) = 5 [pid 6108] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6106] <... futex resumed>) = 0 [pid 6105] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... close resumed>) = 0 [pid 6112] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6106] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6105] <... futex resumed>) = 0 [pid 5086] rmdir("./39/bus" [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6112] <... futex resumed>) = 1 [pid 6108] <... futex resumed>) = 0 [pid 6112] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 6108] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6112] <... mount resumed>) = 0 [pid 6108] <... futex resumed>) = 0 [pid 6112] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6108] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6112] <... futex resumed>) = 0 [pid 6108] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6112] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6108] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6112] <... open resumed>) = 6 [pid 6108] <... futex resumed>) = 0 [pid 6112] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6108] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6112] <... futex resumed>) = 0 [pid 6108] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6112] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6108] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6108] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6105] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... rmdir resumed>) = 0 [pid 5084] close(3 [pid 5086] getdents64(3, [pid 5084] <... close resumed>) = 0 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5084] rmdir("./39" [pid 5086] close(3 [pid 6117] <... ioctl resumed>) = 0 [pid 6117] close(3) = 0 [pid 6117] mkdir("./bus", 0777) = 0 [pid 6117] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5084] <... rmdir resumed>) = 0 [pid 5084] mkdir("./40", 0777 [pid 5086] <... close resumed>) = 0 [pid 5084] <... mkdir resumed>) = 0 [pid 5086] rmdir("./39" [pid 6112] <... write resumed>) = 262144 [pid 6112] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... rmdir resumed>) = 0 [pid 6112] <... futex resumed>) = 1 [pid 6108] <... futex resumed>) = 0 [pid 6108] exit_group(0 [pid 6112] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6108] <... exit_group resumed>) = ? [pid 6112] <... futex resumed>) = ? [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5086] mkdir("./40", 0777) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 6112] +++ exited with 0 +++ [pid 6108] +++ exited with 0 +++ [pid 5086] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6108, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5086] close(3) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5084] <... openat resumed>) = 3 [pid 5082] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6120 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5084] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5082] <... openat resumed>) = 3 ./strace-static-x86_64: Process 6120 attached [pid 6120] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 6120] chdir("./40") = 0 [pid 6120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6120] setpgid(0, 0) = 0 [pid 6120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 117.397517][ T6117] loop2: detected capacity change from 0 to 2048 [pid 6120] write(3, "1000", 4 [pid 6106] <... write resumed>) = 262144 [pid 6106] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] close(3 [pid 5082] fstat(3, [pid 6106] <... futex resumed>) = 1 [pid 6105] <... futex resumed>) = 0 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6106] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6105] exit_group(0) = ? [pid 6106] <... futex resumed>) = ? [pid 5084] <... close resumed>) = 0 [pid 5082] getdents64(3, [pid 6120] <... write resumed>) = 4 [pid 6120] close(3) = 0 [pid 6106] +++ exited with 0 +++ [pid 6105] +++ exited with 0 +++ [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6120] symlink("/dev/binderfs", "./binderfs" [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6105, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5082] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6120] <... symlink resumed>) = 0 [pid 5085] restart_syscall(<... resuming interrupted clone ...> [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6120] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... restart_syscall resumed>) = 0 [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6121 [pid 5082] lstat("./39/binderfs", [pid 6120] <... futex resumed>) = 0 [pid 5082] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5082] unlink("./39/binderfs" [pid 6120] <... mmap resumed>) = 0x7f5659bc2000 [pid 5085] umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6120] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... unlink resumed>) = 0 [pid 6120] <... mprotect resumed>) = 0 [pid 5085] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6121 attached [pid 6120] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5085] <... openat resumed>) = 3 [pid 6121] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 6120] <... clone resumed>, parent_tid=[6123], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6123 [pid 6121] chdir("./40" [pid 6120] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6121] <... chdir resumed>) = 0 [pid 6120] <... futex resumed>) = 0 [pid 6121] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6120] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6121] <... prctl resumed>) = 0 [pid 6121] setpgid(0, 0./strace-static-x86_64: Process 6123 attached ) = 0 [pid 6123] set_robust_list(0x7f5659be29e0, 24 [pid 6121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6123] <... set_robust_list resumed>) = 0 [pid 6121] <... openat resumed>) = 3 [pid 6123] memfd_create("syzkaller", 0 [pid 6121] write(3, "1000", 4 [pid 6123] <... memfd_create resumed>) = 3 [pid 6121] <... write resumed>) = 4 [pid 6123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6121] close(3 [pid 5085] fstat(3, [pid 6123] <... mmap resumed>) = 0x7f56517c2000 [pid 6121] <... close resumed>) = 0 [ 117.436978][ T6114] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/39/bus supports timestamps until 2038 (0x7fffffff) [ 117.467738][ T11] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 6121] symlink("/dev/binderfs", "./binderfs" [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6121] <... symlink resumed>) = 0 [pid 5085] getdents64(3, [pid 6121] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6114] <... mount resumed>) = 0 [pid 5085] umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6121] <... mmap resumed>) = 0x7f5659bc2000 [pid 6114] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6121] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6114] <... openat resumed>) = 3 [pid 5085] lstat("./38/binderfs", [pid 6123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6121] <... mprotect resumed>) = 0 [pid 6114] chdir("./bus" [pid 6121] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6125], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6125 [pid 6121] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6121] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6125 attached [pid 6125] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6125] memfd_create("syzkaller", 0) = 3 [pid 6125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6114] <... chdir resumed>) = 0 [pid 6114] ioctl(4, LOOP_CLR_FD [pid 5085] unlink("./38/binderfs" [pid 6125] <... mmap resumed>) = 0x7f56517c2000 [pid 6114] <... ioctl resumed>) = 0 [pid 5085] <... unlink resumed>) = 0 [pid 6125] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6114] close(4 [pid 5085] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6114] <... close resumed>) = 0 [ 117.497217][ T11] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 117.498797][ T6117] ext4 filesystem being mounted at /root/syzkaller.22hR0w/39/bus supports timestamps until 2038 (0x7fffffff) [ 117.525826][ T11] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [pid 6114] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] <... mount resumed>) = 0 [pid 6117] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6117] chdir("./bus") = 0 [pid 6117] ioctl(4, LOOP_CLR_FD) = 0 [pid 6117] close(4 [pid 6114] <... futex resumed>) = 1 [pid 6114] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6111] <... futex resumed>) = 0 [pid 6111] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] <... futex resumed>) = 0 [pid 6111] <... futex resumed>) = 1 [pid 6114] chdir("./file0" [pid 6111] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6123] <... write resumed>) = 1048576 [pid 6114] <... chdir resumed>) = 0 [pid 6123] munmap(0x7f56517c2000, 1048576 [pid 6114] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6111] <... futex resumed>) = 0 [pid 6114] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] <... munmap resumed>) = 0 [pid 6111] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6111] <... futex resumed>) = 0 [pid 6123] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6114] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6111] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6117] <... close resumed>) = 0 [pid 6114] <... openat resumed>) = 4 [pid 6117] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] <... futex resumed>) = 1 [pid 6114] <... futex resumed>) = 1 [pid 6113] <... futex resumed>) = 0 [pid 6111] <... futex resumed>) = 0 [pid 6117] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6113] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6111] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] <... openat resumed>) = 4 [pid 6123] ioctl(4, LOOP_SET_FD, 3 [pid 6117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6113] <... futex resumed>) = 0 [pid 6111] <... futex resumed>) = 0 [ 117.550812][ T1062] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 117.575079][ T11] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 117.590412][ T6123] loop5: detected capacity change from 0 to 2048 [pid 6117] chdir("./file0" [pid 6114] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6113] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6111] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6123] <... ioctl resumed>) = 0 [pid 6117] <... chdir resumed>) = 0 [pid 6114] <... write resumed>) = 262144 [pid 6117] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6113] <... futex resumed>) = 0 [pid 6123] close(3 [pid 6117] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6113] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6113] <... futex resumed>) = 0 [pid 6123] <... close resumed>) = 0 [pid 6123] mkdir("./bus", 0777 [pid 6117] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6113] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6123] <... mkdir resumed>) = 0 [pid 6117] <... openat resumed>) = 4 [pid 6125] <... write resumed>) = 1048576 [pid 6117] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6113] <... futex resumed>) = 0 [pid 6117] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6113] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6113] <... futex resumed>) = 0 [pid 6117] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6114] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6113] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6123] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6117] <... write resumed>) = 262144 [pid 6114] <... futex resumed>) = 1 [pid 6111] <... futex resumed>) = 0 [pid 6125] munmap(0x7f56517c2000, 1048576 [pid 6114] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6111] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6125] <... munmap resumed>) = 0 [pid 6114] <... mmap resumed>) = 0x20000000 [pid 6111] <... futex resumed>) = 0 [pid 6125] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6114] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6111] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6125] <... openat resumed>) = 4 [pid 6114] <... futex resumed>) = 0 [pid 6111] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 117.597069][ T1062] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 117.639986][ T1062] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:6: mark_inode_dirty error [pid 6125] ioctl(4, LOOP_SET_FD, 3 [pid 6114] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6111] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] <... open resumed>) = 5 [pid 6111] <... futex resumed>) = 0 [pid 6114] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6111] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6114] <... futex resumed>) = 0 [pid 6111] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6114] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6111] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] <... mount resumed>) = 0 [pid 6111] <... futex resumed>) = 0 [pid 6114] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6111] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6114] <... futex resumed>) = 0 [pid 6111] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6114] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6111] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] <... open resumed>) = 6 [pid 6111] <... futex resumed>) = 0 [pid 6114] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6111] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6114] <... futex resumed>) = 0 [pid 6111] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6117] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6111] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] <... futex resumed>) = 1 [pid 6114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6113] <... futex resumed>) = 0 [pid 6111] <... futex resumed>) = 0 [pid 6117] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6113] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6111] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6125] <... ioctl resumed>) = 0 [pid 6117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6113] <... futex resumed>) = 0 [pid 6125] close(3 [pid 6117] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6113] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6125] <... close resumed>) = 0 [pid 6117] <... mmap resumed>) = 0x20000000 [pid 6125] mkdir("./bus", 0777 [pid 6117] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6125] <... mkdir resumed>) = 0 [pid 6117] <... futex resumed>) = 1 [pid 6113] <... futex resumed>) = 0 [pid 6125] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6117] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6113] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6113] <... futex resumed>) = 0 [ 117.647381][ T6125] loop3: detected capacity change from 0 to 2048 [ 117.652457][ T11] EXT4-fs (loop1): This should not happen!! Data will be lost [ 117.652457][ T11] [ 117.684442][ T1062] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 6117] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6113] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6114] <... write resumed>) = 262144 [pid 6111] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6117] <... open resumed>) = 5 [pid 6114] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6114] <... futex resumed>) = 0 [pid 6111] exit_group(0) = ? [pid 6117] <... futex resumed>) = 1 [pid 6113] <... futex resumed>) = 0 [ 117.702458][ T6123] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/40/bus supports timestamps until 2038 (0x7fffffff) [ 117.715997][ T11] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 117.726315][ T1062] EXT4-fs (loop4): This should not happen!! Data will be lost [ 117.726315][ T1062] [pid 6123] <... mount resumed>) = 0 [ 117.756112][ T11] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 117.761339][ T6125] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/40/bus supports timestamps until 2038 (0x7fffffff) [ 117.770241][ T1062] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [pid 6117] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 6114] +++ exited with 0 +++ [pid 6113] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6111] +++ exited with 0 +++ [pid 6123] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6117] <... mount resumed>) = 0 [pid 6113] <... futex resumed>) = 0 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6111, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6125] <... mount resumed>) = 0 [pid 6125] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6123] <... openat resumed>) = 3 [pid 6117] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6113] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6125] <... openat resumed>) = 3 [pid 6123] chdir("./bus" [pid 6117] <... futex resumed>) = 0 [pid 6113] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6125] chdir("./bus" [pid 6123] <... chdir resumed>) = 0 [pid 6117] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6113] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6125] <... chdir resumed>) = 0 [pid 6123] ioctl(4, LOOP_CLR_FD [pid 6117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6113] <... futex resumed>) = 0 [pid 5081] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6125] ioctl(4, LOOP_CLR_FD [pid 6123] <... ioctl resumed>) = 0 [pid 6117] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6113] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6125] <... ioctl resumed>) = 0 [pid 6123] close(4 [pid 6117] <... open resumed>) = 6 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6125] close(4 [pid 6123] <... close resumed>) = 0 [pid 6117] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6125] <... close resumed>) = 0 [pid 6123] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] <... futex resumed>) = 1 [pid 6113] <... futex resumed>) = 0 [ 117.794551][ T1062] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [pid 5081] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6125] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] <... futex resumed>) = 1 [pid 6120] <... futex resumed>) = 0 [pid 6117] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6113] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... umount2 resumed>) = 0 [pid 5081] <... openat resumed>) = 3 [pid 5081] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] lstat("./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5081] unlink("./39/binderfs") = 0 [pid 5081] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6125] <... futex resumed>) = 1 [pid 6123] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6121] <... futex resumed>) = 0 [pid 6120] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6113] <... futex resumed>) = 0 [pid 5085] <... umount2 resumed>) = 0 [pid 5082] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6125] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6121] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] <... futex resumed>) = 0 [pid 6117] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6113] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6125] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6123] chdir("./file0" [pid 6121] <... futex resumed>) = 0 [pid 6120] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] lstat("./38/bus", [pid 5082] lstat("./39/bus", [pid 6125] chdir("./file0" [pid 6121] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6123] <... chdir resumed>) = 0 [pid 6117] <... write resumed>) = 262144 [pid 6125] <... chdir resumed>) = 0 [pid 6123] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] umount2("./38/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6125] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] <... futex resumed>) = 1 [pid 6120] <... futex resumed>) = 0 [pid 6117] <... futex resumed>) = 1 [pid 6113] <... futex resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6125] <... futex resumed>) = 1 [pid 6123] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6121] <... futex resumed>) = 0 [pid 6120] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6113] exit_group(0 [pid 5085] openat(AT_FDCWD, "./38/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6125] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6121] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] <... futex resumed>) = 0 [pid 6117] <... futex resumed>) = ? [pid 6113] <... exit_group resumed>) = ? [pid 5085] <... openat resumed>) = 4 [pid 5082] openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6125] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6123] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6121] <... futex resumed>) = 0 [pid 6120] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6117] +++ exited with 0 +++ [pid 6125] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6123] <... openat resumed>) = 4 [pid 6121] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6113] +++ exited with 0 +++ [pid 5085] fstat(4, [pid 5082] <... openat resumed>) = 4 [pid 6125] <... openat resumed>) = 4 [pid 6123] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6113, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] fstat(4, [pid 6125] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] <... futex resumed>) = 1 [pid 6120] <... futex resumed>) = 0 [pid 5085] getdents64(4, [pid 5083] restart_syscall(<... resuming interrupted clone ...> [pid 6125] <... futex resumed>) = 1 [pid 6123] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6121] <... futex resumed>) = 0 [pid 6120] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... restart_syscall resumed>) = 0 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6125] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6121] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] <... futex resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5082] getdents64(4, [pid 6125] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6123] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6121] <... futex resumed>) = 0 [pid 6120] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] getdents64(4, [pid 6125] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6121] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5083] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6125] <... write resumed>) = 262144 [pid 6123] <... write resumed>) = 262144 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5083] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 117.856604][ T11] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 117.873664][ T11] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6125] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] close(4 [pid 5083] getdents64(3, [pid 5082] getdents64(4, [pid 6125] <... futex resumed>) = 1 [pid 6123] <... futex resumed>) = 1 [pid 6121] <... futex resumed>) = 0 [pid 6120] <... futex resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6125] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6121] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] rmdir("./38/bus" [pid 5083] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] close(4 [pid 6125] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6121] <... futex resumed>) = 0 [pid 6120] <... futex resumed>) = 0 [pid 6125] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6123] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6121] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... rmdir resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... close resumed>) = 0 [pid 6125] <... mmap resumed>) = 0x20000000 [pid 6123] <... mmap resumed>) = 0x20000000 [pid 5085] getdents64(3, [pid 5083] lstat("./39/binderfs", [pid 5082] rmdir("./39/bus" [pid 6125] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6125] <... futex resumed>) = 1 [pid 6123] <... futex resumed>) = 1 [pid 6121] <... futex resumed>) = 0 [pid 6120] <... futex resumed>) = 0 [pid 5085] close(3 [pid 5083] unlink("./39/binderfs" [pid 5082] <... rmdir resumed>) = 0 [pid 6125] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6121] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... close resumed>) = 0 [pid 6125] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 117.931167][ T11] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [pid 6121] <... futex resumed>) = 0 [pid 6120] <... futex resumed>) = 0 [pid 5085] rmdir("./38" [pid 5083] <... unlink resumed>) = 0 [pid 5082] getdents64(3, [pid 6125] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6123] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6121] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6125] <... open resumed>) = 5 [pid 6123] <... open resumed>) = 5 [pid 6125] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6125] <... futex resumed>) = 1 [pid 6123] <... futex resumed>) = 1 [pid 6121] <... futex resumed>) = 0 [pid 6120] <... futex resumed>) = 0 [pid 6125] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6121] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6125] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6121] <... futex resumed>) = 0 [pid 6120] <... futex resumed>) = 0 [pid 6125] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 6123] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 6121] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... rmdir resumed>) = 0 [pid 5083] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6125] <... mount resumed>) = 0 [pid 6123] <... mount resumed>) = 0 [pid 6125] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6125] <... futex resumed>) = 1 [pid 6123] <... futex resumed>) = 1 [pid 6121] <... futex resumed>) = 0 [pid 6120] <... futex resumed>) = 0 [pid 6125] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6121] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6125] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6121] <... futex resumed>) = 0 [pid 6120] <... futex resumed>) = 0 [pid 6125] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6123] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6121] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6125] <... open resumed>) = 6 [pid 6123] <... open resumed>) = 6 [pid 5085] mkdir("./39", 0777 [pid 5082] close(3 [pid 6125] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6125] <... futex resumed>) = 1 [pid 6123] <... futex resumed>) = 1 [pid 6121] <... futex resumed>) = 0 [pid 6120] <... futex resumed>) = 0 [pid 6125] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6121] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6125] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 117.987256][ T11] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 118.002150][ T11] EXT4-fs (loop0): This should not happen!! Data will be lost [ 118.002150][ T11] [ 118.013779][ T1062] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 118.028341][ T1062] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6121] <... futex resumed>) = 0 [pid 6120] <... futex resumed>) = 0 [pid 6125] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6123] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6121] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... mkdir resumed>) = 0 [pid 5082] <... close resumed>) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5085] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5085] close(3) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 6130 [pid 5082] rmdir("./39") = 0 [pid 5082] mkdir("./40", 0777) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5082] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 6125] <... write resumed>) = 262144 [pid 6123] <... write resumed>) = 262144 [pid 5082] close(3./strace-static-x86_64: Process 6130 attached [pid 6125] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... close resumed>) = 0 [pid 6130] set_robust_list(0x555556f1a5e0, 24 [pid 6125] <... futex resumed>) = 1 [pid 6123] <... futex resumed>) = 1 [pid 6121] <... futex resumed>) = 0 [pid 6120] <... futex resumed>) = 0 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6130] <... set_robust_list resumed>) = 0 [pid 6125] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6121] exit_group(0 [pid 6120] exit_group(0 [pid 6130] chdir("./39" [pid 6125] <... futex resumed>) = ? [pid 6123] <... futex resumed>) = ? [pid 6121] <... exit_group resumed>) = ? [pid 6120] <... exit_group resumed>) = ? [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6131 [pid 6130] <... chdir resumed>) = 0 [pid 6125] +++ exited with 0 +++ [pid 6123] +++ exited with 0 +++ [pid 6121] +++ exited with 0 +++ [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6121, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- ./strace-static-x86_64: Process 6131 attached [pid 6130] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6120] +++ exited with 0 +++ [pid 5084] restart_syscall(<... resuming interrupted clone ...> [pid 6131] set_robust_list(0x555556f1a5e0, 24 [pid 6130] <... prctl resumed>) = 0 [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6120, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5084] <... restart_syscall resumed>) = 0 [pid 6131] <... set_robust_list resumed>) = 0 [pid 6130] setpgid(0, 0 [pid 6131] chdir("./40" [pid 6130] <... setpgid resumed>) = 0 [pid 6131] <... chdir resumed>) = 0 [pid 6130] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5084] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6131] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6131] <... prctl resumed>) = 0 [pid 6130] <... openat resumed>) = 3 [pid 5086] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6131] setpgid(0, 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] <... openat resumed>) = 3 [pid 6131] <... setpgid resumed>) = 0 [pid 5086] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5084] fstat(3, [pid 6131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6130] write(3, "1000", 4 [pid 5086] <... openat resumed>) = 3 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6131] <... openat resumed>) = 3 [pid 6130] <... write resumed>) = 4 [pid 5086] fstat(3, [pid 5084] getdents64(3, [pid 6131] write(3, "1000", 4 [pid 6130] close(3 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6131] <... write resumed>) = 4 [ 118.029960][ T11] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 118.051931][ T11] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 118.070487][ T1062] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:6: mark_inode_dirty error [pid 6130] <... close resumed>) = 0 [pid 5086] getdents64(3, [pid 5084] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6131] close(3 [pid 6130] symlink("/dev/binderfs", "./binderfs" [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] <... umount2 resumed>) = 0 [pid 6131] <... close resumed>) = 0 [pid 6130] <... symlink resumed>) = 0 [pid 5086] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] lstat("./40/binderfs", [pid 6131] symlink("/dev/binderfs", "./binderfs" [pid 6130] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6131] <... symlink resumed>) = 0 [pid 6130] <... futex resumed>) = 0 [pid 5086] lstat("./40/binderfs", [pid 5084] unlink("./40/binderfs" [pid 5081] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6131] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6130] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5084] <... unlink resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6131] <... futex resumed>) = 0 [pid 6130] <... mmap resumed>) = 0x7f5659bc2000 [pid 5086] unlink("./40/binderfs" [pid 5084] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] lstat("./39/bus", [pid 6131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6130] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5086] <... unlink resumed>) = 0 [pid 6131] <... mmap resumed>) = 0x7f5659bc2000 [pid 5086] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6131] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6131] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6132], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6132 [pid 6131] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6131] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6130] <... mprotect resumed>) = 0 [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 ./strace-static-x86_64: Process 6132 attached [pid 6130] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [ 118.117851][ T1062] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 118.144533][ T5118] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 118.154319][ T1062] EXT4-fs (loop2): This should not happen!! Data will be lost [ 118.154319][ T1062] [pid 5081] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6132] set_robust_list(0x7f5659be29e0, 24 [pid 6130] <... clone resumed>, parent_tid=[6133], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6133 [pid 5081] openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 6133 attached [pid 6133] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6133] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6132] <... set_robust_list resumed>) = 0 [pid 6130] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... openat resumed>) = 4 [pid 6133] <... futex resumed>) = 0 [pid 6132] memfd_create("syzkaller", 0 [pid 6130] <... futex resumed>) = 1 [pid 5081] fstat(4, [pid 6132] <... memfd_create resumed>) = 3 [pid 6130] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6133] memfd_create("syzkaller", 0 [pid 6132] <... mmap resumed>) = 0x7f56517c2000 [pid 5081] getdents64(4, [pid 6133] <... memfd_create resumed>) = 3 [pid 6133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6133] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6132] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5081] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [ 118.168636][ T75] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 118.173215][ T1062] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 118.195558][ T5118] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 118.202620][ T1062] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [pid 5081] close(4) = 0 [pid 5081] rmdir("./39/bus") = 0 [pid 5081] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5081] close(3) = 0 [pid 5081] rmdir("./39") = 0 [pid 5081] mkdir("./40", 0777 [pid 6133] <... write resumed>) = 1048576 [pid 6133] munmap(0x7f56517c2000, 1048576 [pid 5081] <... mkdir resumed>) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5081] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5081] close(3) = 0 [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 6134 [pid 6133] <... munmap resumed>) = 0 [ 118.250253][ T75] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 118.271268][ T5118] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [pid 6133] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6133] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6134 attached [pid 6132] <... write resumed>) = 1048576 [pid 6133] <... ioctl resumed>) = 0 [pid 6133] close(3) = 0 [pid 6133] mkdir("./bus", 0777) = 0 [ 118.297350][ T75] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [ 118.305807][ T6133] loop4: detected capacity change from 0 to 2048 [ 118.316325][ T5118] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 118.325444][ T75] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 118.332980][ T5118] EXT4-fs (loop3): This should not happen!! Data will be lost [ 118.332980][ T5118] [pid 6133] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6134] set_robust_list(0x555556f1a5e0, 24 [pid 6132] munmap(0x7f56517c2000, 1048576 [pid 6134] <... set_robust_list resumed>) = 0 [pid 6134] chdir("./40" [pid 6132] <... munmap resumed>) = 0 [pid 5083] <... umount2 resumed>) = 0 [pid 6134] <... chdir resumed>) = 0 [pid 6132] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6134] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6132] <... openat resumed>) = 4 [pid 6134] <... prctl resumed>) = 0 [pid 6132] ioctl(4, LOOP_SET_FD, 3 [pid 6134] setpgid(0, 0) = 0 [ 118.354143][ T75] EXT4-fs (loop5): This should not happen!! Data will be lost [ 118.354143][ T75] [ 118.367070][ T6132] loop1: detected capacity change from 0 to 2048 [ 118.370608][ T75] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 118.380195][ T5118] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [pid 5083] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6132] <... ioctl resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6134] <... openat resumed>) = 3 [pid 6132] close(3 [pid 5083] lstat("./39/bus", [pid 6134] write(3, "1000", 4 [pid 6133] <... mount resumed>) = 0 [pid 6132] <... close resumed>) = 0 [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6134] <... write resumed>) = 4 [pid 6132] mkdir("./bus", 0777 [pid 5083] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6134] close(3 [pid 6132] <... mkdir resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6134] <... close resumed>) = 0 [pid 6132] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5083] openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6134] symlink("/dev/binderfs", "./binderfs" [pid 5083] <... openat resumed>) = 4 [pid 6134] <... symlink resumed>) = 0 [pid 5083] fstat(4, [pid 6134] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6134] <... futex resumed>) = 0 [pid 5083] getdents64(4, [pid 6134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6134] <... mmap resumed>) = 0x7f5659bc2000 [pid 5083] getdents64(4, [pid 6134] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6134] <... mprotect resumed>) = 0 [pid 5083] close(4 [pid 6134] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5083] <... close resumed>) = 0 [pid 5083] rmdir("./39/bus" [pid 6134] <... clone resumed>, parent_tid=[6137], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6137 [pid 6133] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5083] <... rmdir resumed>) = 0 [pid 6134] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] getdents64(3, [pid 6134] <... futex resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6134] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5083] close(3) = 0 [pid 5083] rmdir("./39" [pid 6133] <... openat resumed>) = 3 [pid 5083] <... rmdir resumed>) = 0 [pid 6133] chdir("./bus" [pid 5083] mkdir("./40", 0777) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6133] <... chdir resumed>) = 0 [pid 5083] <... openat resumed>) = 3 ./strace-static-x86_64: Process 6137 attached [pid 6133] ioctl(4, LOOP_CLR_FD [pid 5083] ioctl(3, LOOP_CLR_FD [pid 6137] set_robust_list(0x7f5659be29e0, 24 [pid 6133] <... ioctl resumed>) = 0 [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6137] <... set_robust_list resumed>) = 0 [pid 6133] close(4 [pid 5083] close(3 [pid 6133] <... close resumed>) = 0 [pid 6133] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6130] <... futex resumed>) = 0 [pid 6137] memfd_create("syzkaller", 0 [pid 6133] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] <... close resumed>) = 0 [pid 6137] <... memfd_create resumed>) = 3 [pid 6133] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6130] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6133] chdir("./file0" [pid 6130] <... futex resumed>) = 0 [pid 6133] <... chdir resumed>) = 0 [pid 6130] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6133] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6130] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6139 [pid 6137] <... mmap resumed>) = 0x7f56517c2000 [pid 6133] <... futex resumed>) = 0 [pid 6130] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6133] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6130] <... futex resumed>) = 0 [pid 6133] <... openat resumed>) = 4 [ 118.390113][ T6133] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/39/bus supports timestamps until 2038 (0x7fffffff) [ 118.412537][ T5118] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 118.413151][ T75] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 6130] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6133] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6130] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) ./strace-static-x86_64: Process 6139 attached [pid 6133] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = 0 [pid 6133] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6137] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6130] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6133] <... futex resumed>) = 0 [pid 6130] <... futex resumed>) = 1 [pid 6139] set_robust_list(0x555556f1a5e0, 24 [pid 6133] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6130] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6137] <... write resumed>) = 1048576 [pid 6137] munmap(0x7f56517c2000, 1048576) = 0 [pid 6137] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6139] <... set_robust_list resumed>) = 0 [pid 5086] lstat("./40/bus", [pid 6139] chdir("./40" [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6139] <... chdir resumed>) = 0 [pid 6139] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6137] <... openat resumed>) = 4 [pid 6139] <... prctl resumed>) = 0 [pid 5086] openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5084] <... umount2 resumed>) = 0 [pid 6139] setpgid(0, 0 [pid 5086] <... openat resumed>) = 4 [pid 5084] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6139] <... setpgid resumed>) = 0 [pid 5086] fstat(4, [pid 6139] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6137] ioctl(4, LOOP_SET_FD, 3 [pid 6139] <... openat resumed>) = 3 [pid 5086] getdents64(4, [pid 5084] lstat("./40/bus", [pid 6139] write(3, "1000", 4 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6139] <... write resumed>) = 4 [pid 5086] getdents64(4, [pid 5084] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6137] <... ioctl resumed>) = 0 [pid 6139] close(3 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6133] <... write resumed>) = 262144 [pid 6139] <... close resumed>) = 0 [pid 6133] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] close(4 [pid 5084] openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6139] symlink("/dev/binderfs", "./binderfs" [pid 6133] <... futex resumed>) = 1 [pid 6130] <... futex resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5084] <... openat resumed>) = 4 [pid 6139] <... symlink resumed>) = 0 [pid 6139] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6133] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6130] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] rmdir("./40/bus" [pid 5084] fstat(4, [pid 6139] <... futex resumed>) = 0 [pid 6137] close(3 [pid 6133] <... mmap resumed>) = 0x20000000 [pid 6132] <... mount resumed>) = 0 [pid 6130] <... futex resumed>) = 0 [pid 5086] <... rmdir resumed>) = 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6139] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6133] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6132] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6130] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] getdents64(3, [pid 5084] getdents64(4, [pid 6139] <... mmap resumed>) = 0x7f5659bc2000 [pid 6133] <... futex resumed>) = 0 [pid 6132] <... openat resumed>) = 3 [pid 6130] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6137] <... close resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6139] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6137] mkdir("./bus", 0777 [pid 6133] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6132] chdir("./bus" [pid 6130] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] close(3 [pid 5084] getdents64(4, [pid 6139] <... mprotect resumed>) = 0 [pid 6137] <... mkdir resumed>) = 0 [pid 6133] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6132] <... chdir resumed>) = 0 [pid 6130] <... futex resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6139] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6137] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [ 118.488414][ T6132] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/40/bus supports timestamps until 2038 (0x7fffffff) [ 118.521646][ T6137] loop0: detected capacity change from 0 to 2048 [pid 6133] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6132] ioctl(4, LOOP_CLR_FD [pid 6130] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] rmdir("./40" [pid 5084] close(4./strace-static-x86_64: Process 6141 attached [pid 6133] <... open resumed>) = 5 [pid 6141] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6141] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6132] <... ioctl resumed>) = 0 [pid 6132] close(4) = 0 [pid 6132] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6131] <... futex resumed>) = 0 [pid 6132] chdir("./file0" [pid 6131] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6131] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... rmdir resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 6139] <... clone resumed>, parent_tid=[6141], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6141 [pid 6139] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6141] <... futex resumed>) = 0 [pid 6139] <... futex resumed>) = 1 [pid 6141] memfd_create("syzkaller", 0 [pid 6139] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6141] <... memfd_create resumed>) = 3 [pid 6141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6132] <... chdir resumed>) = 0 [pid 5084] rmdir("./40/bus" [pid 6132] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6133] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6132] <... futex resumed>) = 1 [pid 6131] <... futex resumed>) = 0 [pid 5086] mkdir("./41", 0777 [pid 5084] <... rmdir resumed>) = 0 [pid 6133] <... futex resumed>) = 1 [pid 6132] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6131] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6130] <... futex resumed>) = 0 [pid 5086] <... mkdir resumed>) = 0 [pid 5084] getdents64(3, [pid 6133] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6132] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6131] <... futex resumed>) = 0 [pid 6130] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6141] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6133] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6130] <... futex resumed>) = 0 [pid 5086] <... openat resumed>) = 3 [pid 5084] close(3 [pid 6133] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 6130] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] ioctl(3, LOOP_CLR_FD [pid 5084] <... close resumed>) = 0 [pid 6133] <... mount resumed>) = 0 [pid 6132] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6131] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5084] rmdir("./40" [pid 6133] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6132] <... openat resumed>) = 4 [pid 5086] close(3 [pid 5084] <... rmdir resumed>) = 0 [pid 6133] <... futex resumed>) = 1 [pid 6132] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6130] <... futex resumed>) = 0 [pid 5086] <... close resumed>) = 0 [ 118.552990][ T27] kauditd_printk_skb: 13 callbacks suppressed [ 118.553009][ T27] audit: type=1800 audit(1678856069.955:240): pid=6133 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop4" ino=19 res=0 errno=0 [pid 5084] mkdir("./41", 0777 [pid 6133] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6132] <... futex resumed>) = 1 [pid 6131] <... futex resumed>) = 0 [pid 6130] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5084] <... mkdir resumed>) = 0 [pid 6133] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6132] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6131] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6130] <... futex resumed>) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6133] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6132] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6131] <... futex resumed>) = 0 [pid 6130] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6144 [pid 5084] <... openat resumed>) = 3 [pid 6133] <... open resumed>) = 6 [pid 6132] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6131] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] ioctl(3, LOOP_CLR_FD [pid 6141] <... write resumed>) = 1048576 ./strace-static-x86_64: Process 6144 attached [pid 6133] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6144] set_robust_list(0x555556f1a5e0, 24 [pid 6133] <... futex resumed>) = 1 [pid 6130] <... futex resumed>) = 0 [pid 5084] close(3 [pid 6144] <... set_robust_list resumed>) = 0 [pid 6141] munmap(0x7f56517c2000, 1048576 [pid 6133] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6130] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... close resumed>) = 0 [pid 6144] chdir("./41" [pid 6141] <... munmap resumed>) = 0 [pid 6144] <... chdir resumed>) = 0 [pid 6144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6144] setpgid(0, 0) = 0 [pid 6144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6141] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6133] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6130] <... futex resumed>) = 0 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6144] write(3, "1000", 4) = 4 [pid 6141] <... openat resumed>) = 4 [pid 6144] close(3) = 0 [pid 6141] ioctl(4, LOOP_SET_FD, 3 [pid 6144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6133] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6132] <... write resumed>) = 262144 [pid 6130] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6144] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6144] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6144] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6146], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6146 [pid 6144] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6145 [pid 6144] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6146 attached [pid 6146] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6146] memfd_create("syzkaller", 0 [pid 6131] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6131] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6146] <... memfd_create resumed>) = 3 [pid 6131] <... mmap resumed>) = 0x7f56518a1000 ./strace-static-x86_64: Process 6145 attached [pid 6146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6132] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6131] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 6146] <... mmap resumed>) = 0x7f56517c2000 [pid 6146] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6145] set_robust_list(0x555556f1a5e0, 24 [pid 6133] <... write resumed>) = 262144 [pid 6132] <... futex resumed>) = 0 [pid 6131] <... mprotect resumed>) = 0 [pid 6145] <... set_robust_list resumed>) = 0 [pid 6133] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6132] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6131] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6147], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 6147 ./strace-static-x86_64: Process 6147 attached [pid 6145] chdir("./41" [pid 6133] <... futex resumed>) = 1 [pid 6131] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6130] <... futex resumed>) = 0 [pid 6147] set_robust_list(0x7f56518c19e0, 24 [pid 6145] <... chdir resumed>) = 0 [pid 6141] <... ioctl resumed>) = 0 [pid 6137] <... mount resumed>) = 0 [pid 6133] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6131] <... futex resumed>) = 0 [pid 6130] exit_group(0 [pid 6147] <... set_robust_list resumed>) = 0 [pid 6145] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6141] close(3 [pid 6137] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6133] <... futex resumed>) = ? [pid 6131] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6130] <... exit_group resumed>) = ? [ 118.662651][ T6137] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/40/bus supports timestamps until 2038 (0x7fffffff) [ 118.666214][ T6141] loop2: detected capacity change from 0 to 2048 [pid 6147] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6145] <... prctl resumed>) = 0 [pid 6141] <... close resumed>) = 0 [pid 6137] <... openat resumed>) = 3 [pid 6133] +++ exited with 0 +++ [pid 6147] <... mmap resumed>) = 0x20000000 [pid 6130] +++ exited with 0 +++ [pid 6147] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6145] setpgid(0, 0 [pid 6141] mkdir("./bus", 0777 [pid 6131] <... futex resumed>) = 0 [pid 6147] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6145] <... setpgid resumed>) = 0 [pid 6137] chdir("./bus" [pid 6131] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6146] <... write resumed>) = 1048576 [pid 6145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6141] <... mkdir resumed>) = 0 [pid 6137] <... chdir resumed>) = 0 [pid 6132] <... futex resumed>) = 0 [pid 6131] <... futex resumed>) = 1 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6130, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6145] <... openat resumed>) = 3 [pid 6141] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6137] ioctl(4, LOOP_CLR_FD [pid 6132] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6131] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] restart_syscall(<... resuming interrupted clone ...> [pid 6146] munmap(0x7f56517c2000, 1048576 [pid 6145] write(3, "1000", 4 [pid 6137] <... ioctl resumed>) = 0 [pid 6132] <... open resumed>) = 5 [pid 5085] <... restart_syscall resumed>) = 0 [pid 6146] <... munmap resumed>) = 0 [pid 6145] <... write resumed>) = 4 [pid 6137] close(4 [pid 6146] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6145] close(3 [pid 6137] <... close resumed>) = 0 [pid 6132] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6145] <... close resumed>) = 0 [pid 6137] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6132] <... futex resumed>) = 1 [pid 6131] <... futex resumed>) = 0 [pid 6146] <... openat resumed>) = 4 [pid 6145] symlink("/dev/binderfs", "./binderfs" [pid 6137] <... futex resumed>) = 1 [pid 6134] <... futex resumed>) = 0 [pid 6132] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6131] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6146] ioctl(4, LOOP_SET_FD, 3 [pid 6145] <... symlink resumed>) = 0 [pid 6137] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6134] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6132] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6131] <... futex resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6145] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6137] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6134] <... futex resumed>) = 0 [pid 6132] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 6131] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6132] <... mount resumed>) = 0 [pid 6132] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6131] <... futex resumed>) = 0 [pid 6145] <... futex resumed>) = 0 [pid 6137] chdir("./file0" [pid 6134] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6132] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6131] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6137] <... chdir resumed>) = 0 [pid 6132] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6131] <... futex resumed>) = 0 [pid 5085] <... openat resumed>) = 3 [pid 6145] <... mmap resumed>) = 0x7f5659bc2000 [pid 6137] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6132] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6131] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] fstat(3, [pid 6145] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6137] <... futex resumed>) = 1 [pid 6134] <... futex resumed>) = 0 [pid 6132] <... open resumed>) = 6 [pid 6132] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6131] <... futex resumed>) = 0 [pid 6132] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6131] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6132] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 118.739122][ T27] audit: type=1800 audit(1678856070.135:241): pid=6132 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop1" ino=19 res=0 errno=0 [ 118.768168][ T6146] loop5: detected capacity change from 0 to 2048 [pid 6131] <... futex resumed>) = 0 [pid 6132] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6131] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6145] <... mprotect resumed>) = 0 [pid 6137] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6134] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6132] <... write resumed>) = 262144 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6145] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6134] <... futex resumed>) = 0 [pid 6132] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] getdents64(3, [pid 6134] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6132] <... futex resumed>) = 1 [pid 6131] <... futex resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6146] <... ioctl resumed>) = 0 [pid 6145] <... clone resumed>, parent_tid=[6150], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6150 [pid 6137] <... openat resumed>) = 4 [pid 6132] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6131] exit_group(0 [pid 5085] umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6141] <... mount resumed>) = 0 [pid 6141] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6145] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6131] <... exit_group resumed>) = ? [pid 6147] <... futex resumed>) = ? [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6147] +++ exited with 0 +++ [pid 6145] <... futex resumed>) = 0 [pid 6137] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6132] <... futex resumed>) = ? [pid 5085] lstat("./39/binderfs", [pid 6141] <... openat resumed>) = 3 [pid 6132] +++ exited with 0 +++ [pid 6131] +++ exited with 0 +++ [pid 6145] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6137] <... futex resumed>) = 1 [pid 6134] <... futex resumed>) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6137] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6134] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] unlink("./39/binderfs" [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6131, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6146] close(3 [pid 6137] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6134] <... futex resumed>) = 0 [pid 5085] <... unlink resumed>) = 0 [pid 5082] restart_syscall(<... resuming interrupted clone ...> [pid 6146] <... close resumed>) = 0 [pid 6137] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6134] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... restart_syscall resumed>) = 0 [pid 6146] mkdir("./bus", 0777 [pid 5082] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5082] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6137] <... write resumed>) = 262144 [ 118.782733][ T6141] ext4 filesystem being mounted at /root/syzkaller.22hR0w/40/bus supports timestamps until 2038 (0x7fffffff) [pid 5082] getdents64(3, [pid 6146] <... mkdir resumed>) = 0 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 ./strace-static-x86_64: Process 6150 attached [pid 6146] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6141] chdir("./bus" [pid 5082] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] unlink("./40/binderfs") = 0 [pid 5082] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6137] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6137] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6134] <... futex resumed>) = 0 [pid 6134] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6137] <... futex resumed>) = 0 [pid 6134] <... futex resumed>) = 1 [pid 6137] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6134] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6137] <... mmap resumed>) = 0x20000000 [pid 6137] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6134] <... futex resumed>) = 0 [pid 6137] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6134] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6137] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6134] <... futex resumed>) = 0 [ 118.833371][ T75] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 118.847377][ T948] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 6137] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6134] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6137] <... open resumed>) = 5 [pid 6137] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6134] <... futex resumed>) = 0 [pid 6137] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6134] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6137] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6134] <... futex resumed>) = 0 [pid 6137] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6134] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6137] <... mount resumed>) = 0 [pid 6137] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6150] set_robust_list(0x7f5659be29e0, 24 [pid 6141] <... chdir resumed>) = 0 [pid 6137] <... futex resumed>) = 1 [pid 6134] <... futex resumed>) = 0 [pid 6150] <... set_robust_list resumed>) = 0 [pid 6141] ioctl(4, LOOP_CLR_FD [pid 6137] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6134] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6150] memfd_create("syzkaller", 0 [pid 6141] <... ioctl resumed>) = 0 [pid 6137] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6134] <... futex resumed>) = 0 [pid 6150] <... memfd_create resumed>) = 3 [pid 6141] close(4 [pid 6137] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6134] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6141] <... close resumed>) = 0 [pid 6137] <... open resumed>) = 6 [pid 6150] <... mmap resumed>) = 0x7f56517c2000 [pid 6141] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6137] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6141] <... futex resumed>) = 1 [pid 6139] <... futex resumed>) = 0 [pid 6137] <... futex resumed>) = 1 [pid 6134] <... futex resumed>) = 0 [pid 6141] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6139] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6137] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6134] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6141] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6139] <... futex resumed>) = 0 [pid 6137] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6134] <... futex resumed>) = 0 [pid 6141] chdir("./file0" [pid 6139] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6137] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6134] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6141] <... chdir resumed>) = 0 [pid 6141] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6139] <... futex resumed>) = 0 [pid 6141] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6139] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6141] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6139] <... futex resumed>) = 0 [ 118.866283][ T27] audit: type=1800 audit(1678856070.265:242): pid=6137 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop0" ino=19 res=0 errno=0 [ 118.896721][ T75] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 118.906495][ T948] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6141] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6139] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6137] <... write resumed>) = 262144 [pid 6150] <... write resumed>) = 1048576 [pid 6141] <... openat resumed>) = 4 [pid 6137] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6141] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6137] <... futex resumed>) = 1 [pid 6134] <... futex resumed>) = 0 [pid 6141] <... futex resumed>) = 1 [pid 6139] <... futex resumed>) = 0 [pid 6137] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6134] exit_group(0 [pid 6141] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6139] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6137] <... futex resumed>) = ? [pid 6134] <... exit_group resumed>) = ? [ 118.923509][ T948] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [ 118.946035][ T75] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [ 118.960572][ T6146] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/41/bus supports timestamps until 2038 (0x7fffffff) [pid 6150] munmap(0x7f56517c2000, 1048576 [pid 6141] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6139] <... futex resumed>) = 0 [pid 6141] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6139] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6137] +++ exited with 0 +++ [pid 6134] +++ exited with 0 +++ [pid 6141] <... write resumed>) = 262144 [pid 6141] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] <... futex resumed>) = 0 [pid 6139] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6139] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6141] <... futex resumed>) = 1 [pid 6141] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6150] <... munmap resumed>) = 0 [pid 6150] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6146] <... mount resumed>) = 0 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6134, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6141] <... mmap resumed>) = 0x20000000 [pid 6141] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] <... futex resumed>) = 0 [pid 6139] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6139] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6141] <... futex resumed>) = 1 [pid 6141] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6150] <... openat resumed>) = 4 [pid 6146] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6141] <... open resumed>) = 5 [pid 6141] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] <... futex resumed>) = 0 [pid 6139] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6139] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6141] <... futex resumed>) = 1 [pid 6141] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL) = 0 [pid 6141] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6139] <... futex resumed>) = 0 [pid 6139] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6141] <... futex resumed>) = 1 [pid 6139] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6141] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 6141] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6139] <... futex resumed>) = 0 [pid 6141] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 118.973317][ T948] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 118.999875][ T948] EXT4-fs (loop1): This should not happen!! Data will be lost [ 118.999875][ T948] [ 119.011463][ T27] audit: type=1800 audit(1678856070.415:243): pid=6141 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop2" ino=19 res=0 errno=0 [pid 6139] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5081] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6139] <... futex resumed>) = 0 [pid 6150] ioctl(4, LOOP_SET_FD, 3 [pid 6146] <... openat resumed>) = 3 [pid 6139] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] unlink("./40/binderfs") = 0 [pid 5081] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6150] <... ioctl resumed>) = 0 [pid 6146] chdir("./bus" [pid 6141] <... write resumed>) = 262144 [ 119.018312][ T75] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 119.046501][ T6150] loop3: detected capacity change from 0 to 2048 [ 119.053810][ T5118] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 119.065543][ T75] EXT4-fs (loop4): This should not happen!! Data will be lost [ 119.065543][ T75] [pid 6150] close(3 [pid 6146] <... chdir resumed>) = 0 [pid 6141] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6150] <... close resumed>) = 0 [pid 6146] ioctl(4, LOOP_CLR_FD [pid 6141] <... futex resumed>) = 1 [pid 6139] <... futex resumed>) = 0 [pid 6150] mkdir("./bus", 0777 [pid 6146] <... ioctl resumed>) = 0 [pid 6141] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6139] exit_group(0 [pid 6150] <... mkdir resumed>) = 0 [pid 6139] <... exit_group resumed>) = ? [pid 6141] <... futex resumed>) = ? [pid 6146] close(4 [pid 6141] +++ exited with 0 +++ [pid 6150] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6146] <... close resumed>) = 0 [pid 6139] +++ exited with 0 +++ [ 119.069094][ T948] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 119.093560][ T948] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 119.106487][ T5118] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 119.106963][ T5118] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [pid 6146] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6139, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6146] <... futex resumed>) = 1 [pid 6146] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6144] <... futex resumed>) = 0 [pid 6144] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5083] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6146] <... futex resumed>) = 0 [pid 6144] <... futex resumed>) = 1 [pid 5083] <... openat resumed>) = 3 [pid 6146] chdir("./file0" [pid 6144] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] fstat(3, [pid 6146] <... chdir resumed>) = 0 [pid 6146] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6146] <... futex resumed>) = 1 [pid 6144] <... futex resumed>) = 0 [pid 5083] getdents64(3, [pid 6146] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6144] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6144] <... futex resumed>) = 0 [pid 6146] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6144] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6150] <... mount resumed>) = 0 [pid 6146] <... openat resumed>) = 4 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [ 119.119240][ T75] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 119.158405][ T6150] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/41/bus supports timestamps until 2038 (0x7fffffff) [pid 6150] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6146] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6150] <... openat resumed>) = 3 [pid 6146] <... futex resumed>) = 1 [pid 6144] <... futex resumed>) = 0 [pid 6150] chdir("./bus" [pid 6146] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6144] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6150] <... chdir resumed>) = 0 [pid 6146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6144] <... futex resumed>) = 0 [pid 6150] ioctl(4, LOOP_CLR_FD [pid 6146] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6144] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6150] <... ioctl resumed>) = 0 [pid 6150] close(4) = 0 [pid 6150] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6145] <... futex resumed>) = 0 [pid 6150] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6145] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6145] <... futex resumed>) = 0 [pid 6150] chdir("./file0" [pid 6145] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6150] <... chdir resumed>) = 0 [ 119.175137][ T5118] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 119.188047][ T5118] EXT4-fs (loop0): This should not happen!! Data will be lost [ 119.188047][ T5118] [ 119.192715][ T75] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 119.200301][ T5118] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 119.226129][ T5118] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [pid 6150] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6145] <... futex resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6150] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6145] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6145] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6150] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5082] <... umount2 resumed>) = 0 [pid 5082] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./40/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5082] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5082] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] close(4) = 0 [pid 5082] rmdir("./40/bus") = 0 [pid 5082] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] close(3) = 0 [pid 5082] rmdir("./40") = 0 [pid 5082] mkdir("./41", 0777) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5082] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5082] close(3) = 0 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 6155 [pid 6144] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6144] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f56518a1000 [pid 6144] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6144] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6146] <... write resumed>) = 262144 [pid 6144] <... clone resumed>, parent_tid=[6156], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 6156 [pid 6144] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6146] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6144] <... futex resumed>) = 0 [pid 6144] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6146] <... futex resumed>) = 0 [pid 6146] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6156 attached [pid 6156] set_robust_list(0x7f56518c19e0, 24) = 0 [pid 6156] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6156] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6144] <... futex resumed>) = 0 [pid 6156] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6144] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6146] <... futex resumed>) = 0 [pid 6146] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6144] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] lstat("./40/binderfs", [pid 6146] <... open resumed>) = 5 [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5083] unlink("./40/binderfs") = 0 [pid 5083] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6155 attached [pid 6155] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 6155] chdir("./41") = 0 [pid 6155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6155] setpgid(0, 0) = 0 [pid 6155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6155] write(3, "1000", 4) = 4 [pid 6155] close(3) = 0 [pid 6155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6145] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6145] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6146] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6146] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6145] <... mmap resumed>) = 0x7f56518a1000 [pid 6150] <... openat resumed>) = 4 [pid 6145] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6144] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6150] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6146] <... futex resumed>) = 0 [pid 6145] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6144] <... futex resumed>) = 1 [pid 6150] <... futex resumed>) = 0 [pid 6146] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 6144] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6146] <... mount resumed>) = 0 [pid 6145] <... clone resumed>, parent_tid=[6157], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 6157 [ 119.283842][ T27] audit: type=1800 audit(1678856070.685:244): pid=6146 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop5" ino=19 res=0 errno=0 ./strace-static-x86_64: Process 6157 attached [pid 6155] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6150] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6146] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6145] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... umount2 resumed>) = 0 [pid 5081] <... umount2 resumed>) = 0 [pid 6157] set_robust_list(0x7f56518c19e0, 24 [pid 6155] <... futex resumed>) = 0 [pid 6146] <... futex resumed>) = 1 [pid 6145] <... futex resumed>) = 0 [pid 6144] <... futex resumed>) = 0 [pid 6157] <... set_robust_list resumed>) = 0 [pid 6155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6146] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6145] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6144] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6155] <... mmap resumed>) = 0x7f5659bc2000 [pid 6146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6144] <... futex resumed>) = 0 [pid 6155] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6146] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6144] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6146] <... open resumed>) = 6 [pid 6155] <... mprotect resumed>) = 0 [pid 6146] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6155] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6146] <... futex resumed>) = 1 [pid 6144] <... futex resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6146] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6144] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] lstat("./39/bus", [pid 6155] <... clone resumed>, parent_tid=[6158], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6158 [pid 6146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6144] <... futex resumed>) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6155] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6146] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6144] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] umount2("./39/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] lstat("./40/bus", [pid 6155] <... futex resumed>) = 0 [ 119.323020][ T5118] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [pid 6157] <... write resumed>) = 262144 [pid 6155] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 ./strace-static-x86_64: Process 6158 attached [pid 6157] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6146] <... write resumed>) = 262144 [pid 5085] openat(AT_FDCWD, "./39/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6146] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6145] <... futex resumed>) = 0 [pid 6157] <... futex resumed>) = 1 [pid 5085] <... openat resumed>) = 4 [pid 6158] set_robust_list(0x7f5659be29e0, 24 [pid 5081] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6157] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6146] <... futex resumed>) = 1 [pid 6145] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6144] <... futex resumed>) = 0 [pid 5085] fstat(4, [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6158] <... set_robust_list resumed>) = 0 [pid 6150] <... futex resumed>) = 0 [pid 6146] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6145] <... futex resumed>) = 1 [pid 6144] exit_group(0 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6150] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6146] <... futex resumed>) = ? [pid 6145] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6144] <... exit_group resumed>) = ? [pid 5085] getdents64(4, [pid 6158] memfd_create("syzkaller", 0 [pid 6156] <... futex resumed>) = ? [pid 6150] <... mmap resumed>) = 0x20000000 [pid 6146] +++ exited with 0 +++ [pid 5081] <... openat resumed>) = 4 [pid 6156] +++ exited with 0 +++ [pid 6150] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6144] +++ exited with 0 +++ [pid 6158] <... memfd_create resumed>) = 3 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5081] fstat(4, [pid 6158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6150] <... futex resumed>) = 1 [pid 6145] <... futex resumed>) = 0 [pid 5085] getdents64(4, [pid 6150] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6145] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6150] <... open resumed>) = 5 [pid 6145] <... futex resumed>) = 0 [pid 5081] getdents64(4, [ 119.372212][ T5118] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 119.391316][ T5118] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [ 119.407884][ T5118] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 6150] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6145] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6150] <... futex resumed>) = 0 [pid 6145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5081] getdents64(4, [pid 6150] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6145] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6145] <... futex resumed>) = 0 [pid 5081] close(4 [pid 6150] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 6145] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... close resumed>) = 0 [pid 6150] <... mount resumed>) = 0 [pid 5081] rmdir("./40/bus" [pid 6150] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... rmdir resumed>) = 0 [pid 6150] <... futex resumed>) = 1 [pid 6145] <... futex resumed>) = 0 [pid 5081] getdents64(3, [pid 6150] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6145] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6145] <... futex resumed>) = 0 [pid 5081] close(3 [pid 6150] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6145] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... close resumed>) = 0 [pid 6150] <... open resumed>) = 6 [pid 5081] rmdir("./40" [pid 6150] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... rmdir resumed>) = 0 [pid 6158] <... mmap resumed>) = 0x7f56517c2000 [pid 6150] <... futex resumed>) = 1 [pid 6145] <... futex resumed>) = 0 [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6144, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5081] mkdir("./41", 0777 [pid 6150] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6145] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... mkdir resumed>) = 0 [pid 6150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6145] <... futex resumed>) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6150] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6145] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... openat resumed>) = 3 [pid 6158] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5086] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] close(4 [pid 5081] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 119.420456][ T27] audit: type=1800 audit(1678856070.805:245): pid=6150 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop3" ino=19 res=0 errno=0 [ 119.442775][ T5118] EXT4-fs (loop2): This should not happen!! Data will be lost [ 119.442775][ T5118] [pid 5081] close(3 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] <... close resumed>) = 0 [pid 5081] <... close resumed>) = 0 [pid 6150] <... write resumed>) = 262144 [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6150] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6145] <... futex resumed>) = 0 [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6159 [pid 6150] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6145] exit_group(0 [pid 5086] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5085] rmdir("./39/bus" [pid 6157] <... futex resumed>) = ? [pid 6150] <... futex resumed>) = ? [pid 6145] <... exit_group resumed>) = ? [pid 5086] <... openat resumed>) = 3 [pid 6150] +++ exited with 0 +++ [pid 5085] <... rmdir resumed>) = 0 [pid 6157] +++ exited with 0 +++ [pid 6145] +++ exited with 0 +++ [pid 5086] fstat(3, [pid 5085] getdents64(3, ./strace-static-x86_64: Process 6159 attached [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6159] set_robust_list(0x555556f1a5e0, 24 [pid 5086] getdents64(3, [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6145, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 6159] <... set_robust_list resumed>) = 0 [pid 6158] <... write resumed>) = 1048576 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5085] close(3 [pid 5084] restart_syscall(<... resuming interrupted clone ...> [pid 6159] chdir("./41" [pid 6158] munmap(0x7f56517c2000, 1048576 [pid 5086] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... close resumed>) = 0 [pid 5084] <... restart_syscall resumed>) = 0 [pid 6159] <... chdir resumed>) = 0 [pid 6158] <... munmap resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] rmdir("./39" [pid 6159] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6158] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5086] lstat("./41/binderfs", [pid 5085] <... rmdir resumed>) = 0 [pid 6159] <... prctl resumed>) = 0 [pid 6158] <... openat resumed>) = 4 [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] mkdir("./40", 0777 [pid 5084] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6159] setpgid(0, 0 [ 119.470844][ T5118] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 119.493624][ T5118] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 119.516842][ T6158] loop1: detected capacity change from 0 to 2048 [pid 6158] ioctl(4, LOOP_SET_FD, 3 [pid 5086] unlink("./41/binderfs" [pid 5085] <... mkdir resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6159] <... setpgid resumed>) = 0 [pid 5086] <... unlink resumed>) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5084] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5086] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... openat resumed>) = 3 [pid 5084] <... openat resumed>) = 3 [pid 6159] <... openat resumed>) = 3 [pid 6158] <... ioctl resumed>) = 0 [pid 5085] ioctl(3, LOOP_CLR_FD [pid 5084] fstat(3, [pid 6159] write(3, "1000", 4 [pid 6158] close(3 [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6159] <... write resumed>) = 4 [pid 6158] <... close resumed>) = 0 [pid 5085] close(3 [pid 5084] getdents64(3, [pid 6159] close(3 [pid 6158] mkdir("./bus", 0777 [pid 5085] <... close resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6159] <... close resumed>) = 0 [pid 6158] <... mkdir resumed>) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5084] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6159] symlink("/dev/binderfs", "./binderfs" [pid 6158] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6159] <... symlink resumed>) = 0 [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6160 [pid 5084] lstat("./41/binderfs", [pid 6159] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6159] <... futex resumed>) = 0 [pid 5084] unlink("./41/binderfs" [pid 6159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5084] <... unlink resumed>) = 0 [pid 6159] <... mmap resumed>) = 0x7f5659bc2000 [pid 5084] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6159] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6159] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6161], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6161 [pid 6159] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6159] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6161 attached [pid 6161] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6161] memfd_create("syzkaller", 0) = 3 [pid 6161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 ./strace-static-x86_64: Process 6160 attached [pid 6160] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 6160] chdir("./40" [pid 6161] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5083] <... umount2 resumed>) = 0 [pid 6160] <... chdir resumed>) = 0 [pid 5083] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6160] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 119.536188][ T948] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 119.550543][ T75] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 6160] setpgid(0, 0) = 0 [pid 6160] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6160] <... openat resumed>) = 3 [pid 5083] lstat("./40/bus", [pid 6160] write(3, "1000", 4 [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 119.590755][ T75] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 119.590981][ T948] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 119.616793][ T6158] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/41/bus supports timestamps until 2038 (0x7fffffff) [pid 6160] <... write resumed>) = 4 [pid 5083] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6160] close(3) = 0 [pid 6160] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6160] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6160] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6160] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5083] openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6160] <... mprotect resumed>) = 0 [pid 5083] <... openat resumed>) = 4 [pid 6160] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5083] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6160] <... clone resumed>, parent_tid=[6164], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6164 [pid 5083] getdents64(4, [pid 6160] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6160] <... futex resumed>) = 0 [pid 5083] getdents64(4, [pid 6160] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5083] close(4) = 0 [pid 5083] rmdir("./40/bus"./strace-static-x86_64: Process 6164 attached ) = 0 [pid 6164] set_robust_list(0x7f5659be29e0, 24 [pid 5083] getdents64(3, [pid 6164] <... set_robust_list resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6164] memfd_create("syzkaller", 0 [pid 5083] close(3 [pid 6164] <... memfd_create resumed>) = 3 [pid 5083] <... close resumed>) = 0 [pid 6164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5083] rmdir("./40" [pid 6164] <... mmap resumed>) = 0x7f56517c2000 [pid 5083] <... rmdir resumed>) = 0 [pid 5083] mkdir("./41", 0777) = 0 [ 119.630685][ T75] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [ 119.644899][ T75] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 119.658401][ T75] EXT4-fs (loop3): This should not happen!! Data will be lost [ 119.658401][ T75] [ 119.670841][ T75] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 6164] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6161] <... write resumed>) = 1048576 [pid 6158] <... mount resumed>) = 0 [pid 6158] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6158] chdir("./bus") = 0 [pid 6158] ioctl(4, LOOP_CLR_FD) = 0 [pid 6158] close(4) = 0 [pid 6158] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6158] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6155] <... futex resumed>) = 0 [pid 6155] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6158] <... futex resumed>) = 0 [pid 6158] chdir("./file0" [pid 6155] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6161] munmap(0x7f56517c2000, 1048576 [pid 6158] <... chdir resumed>) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6164] <... write resumed>) = 1048576 [pid 6164] munmap(0x7f56517c2000, 1048576 [pid 6161] <... munmap resumed>) = 0 [pid 6158] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... openat resumed>) = 3 [pid 6158] <... futex resumed>) = 1 [pid 6155] <... futex resumed>) = 0 [pid 6155] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6158] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6155] <... futex resumed>) = 0 [pid 5083] ioctl(3, LOOP_CLR_FD [pid 6164] <... munmap resumed>) = 0 [pid 6164] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6164] ioctl(4, LOOP_SET_FD, 3 [pid 6155] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6161] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6158] <... openat resumed>) = 4 [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6164] <... ioctl resumed>) = 0 [pid 6164] close(3) = 0 [pid 6164] mkdir("./bus", 0777 [pid 5083] close(3 [pid 6161] <... openat resumed>) = 4 [pid 6158] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... close resumed>) = 0 [ 119.684306][ T75] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 119.698470][ T948] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [ 119.714737][ T6164] loop4: detected capacity change from 0 to 2048 [ 119.724347][ T948] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 6161] ioctl(4, LOOP_SET_FD, 3 [pid 6158] <... futex resumed>) = 1 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6155] <... futex resumed>) = 0 [pid 6155] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6164] <... mkdir resumed>) = 0 [pid 6164] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6158] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6161] <... ioctl resumed>) = 0 [pid 6155] <... futex resumed>) = 0 [pid 6155] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6165 [pid 5084] <... umount2 resumed>) = 0 [pid 6161] close(3 [pid 6158] <... write resumed>) = 262144 [pid 5084] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] lstat("./41/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5084] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5084] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5084] close(4) = 0 [pid 5084] rmdir("./41/bus") = 0 [pid 5084] getdents64(3, [pid 6161] <... close resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5084] close(3) = 0 [pid 5084] rmdir("./41" [pid 6161] mkdir("./bus", 0777 [pid 5084] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6165 attached [pid 5084] mkdir("./42", 0777) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5084] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5084] close(3) = 0 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6161] <... mkdir resumed>) = 0 [ 119.740596][ T6161] loop0: detected capacity change from 0 to 2048 [ 119.740656][ T948] EXT4-fs (loop5): This should not happen!! Data will be lost [ 119.740656][ T948] [ 119.775921][ T6164] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/40/bus supports timestamps until 2038 (0x7fffffff) [pid 6165] set_robust_list(0x555556f1a5e0, 24 [pid 6161] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6168 ./strace-static-x86_64: Process 6168 attached [pid 6165] <... set_robust_list resumed>) = 0 [pid 6158] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6155] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6168] set_robust_list(0x555556f1a5e0, 24 [pid 6165] chdir("./41" [pid 6158] <... futex resumed>) = 0 [pid 6155] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6168] <... set_robust_list resumed>) = 0 [pid 6165] <... chdir resumed>) = 0 [pid 6158] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6155] <... futex resumed>) = 0 [pid 6168] chdir("./42" [pid 6165] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6158] <... mmap resumed>) = 0x20000000 [pid 6155] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6168] <... chdir resumed>) = 0 [pid 6165] <... prctl resumed>) = 0 [pid 6158] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6168] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6165] setpgid(0, 0 [pid 6158] <... futex resumed>) = 1 [pid 6155] <... futex resumed>) = 0 [pid 6168] <... prctl resumed>) = 0 [pid 6165] <... setpgid resumed>) = 0 [pid 6164] <... mount resumed>) = 0 [pid 6158] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6155] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6168] setpgid(0, 0 [pid 6165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6164] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6155] <... futex resumed>) = 0 [pid 6168] <... setpgid resumed>) = 0 [pid 6165] <... openat resumed>) = 3 [pid 6164] <... openat resumed>) = 3 [pid 6158] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6155] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6168] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6165] write(3, "1000", 4 [pid 6164] chdir("./bus" [pid 6158] <... open resumed>) = 5 [pid 6168] <... openat resumed>) = 3 [pid 6165] <... write resumed>) = 4 [pid 6164] <... chdir resumed>) = 0 [pid 6158] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6168] write(3, "1000", 4 [pid 6165] close(3 [pid 6164] ioctl(4, LOOP_CLR_FD [pid 6158] <... futex resumed>) = 1 [ 119.805464][ T948] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 119.819941][ T948] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 6155] <... futex resumed>) = 0 [pid 6168] <... write resumed>) = 4 [pid 6165] <... close resumed>) = 0 [pid 6164] <... ioctl resumed>) = 0 [pid 6158] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6155] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6168] close(3 [pid 6165] symlink("/dev/binderfs", "./binderfs" [pid 6164] close(4 [pid 6158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6155] <... futex resumed>) = 0 [pid 6168] <... close resumed>) = 0 [pid 6165] <... symlink resumed>) = 0 [pid 6164] <... close resumed>) = 0 [pid 6158] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 6155] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6168] symlink("/dev/binderfs", "./binderfs" [pid 6165] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6164] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6158] <... mount resumed>) = 0 [pid 6168] <... symlink resumed>) = 0 [pid 6165] <... futex resumed>) = 0 [pid 6164] <... futex resumed>) = 1 [pid 6160] <... futex resumed>) = 0 [pid 6158] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6168] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6164] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6160] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6158] <... futex resumed>) = 1 [pid 6168] <... futex resumed>) = 0 [pid 6155] <... futex resumed>) = 0 [pid 6168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6164] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6160] <... futex resumed>) = 0 [pid 6158] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6165] <... mmap resumed>) = 0x7f5659bc2000 [pid 6155] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6164] chdir("./file0" [pid 6168] <... mmap resumed>) = 0x7f5659bc2000 [pid 6160] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6155] <... futex resumed>) = 0 [pid 6161] <... mount resumed>) = 0 [pid 6158] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6155] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] <... open resumed>) = 6 [pid 6165] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6168] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6158] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6165] <... mprotect resumed>) = 0 [pid 6168] <... mprotect resumed>) = 0 [pid 6158] <... futex resumed>) = 1 [pid 6155] <... futex resumed>) = 0 [pid 6168] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6161] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6165] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6164] <... chdir resumed>) = 0 [pid 6158] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6155] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6168] <... clone resumed>, parent_tid=[6171], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6171 [pid 6164] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6161] <... openat resumed>) = 3 [pid 6161] chdir("./bus") = 0 [pid 6161] ioctl(4, LOOP_CLR_FD) = 0 [pid 6161] close(4 [pid 6168] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6165] <... clone resumed>, parent_tid=[6172], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6172 [pid 6164] <... futex resumed>) = 1 [pid 6161] <... close resumed>) = 0 [pid 6160] <... futex resumed>) = 0 [pid 6155] <... futex resumed>) = 0 [pid 6168] <... futex resumed>) = 0 [pid 6165] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6164] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6161] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6160] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6155] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6168] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6165] <... futex resumed>) = 0 [pid 6164] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6161] <... futex resumed>) = 1 [pid 6160] <... futex resumed>) = 0 [pid 6159] <... futex resumed>) = 0 [ 119.847883][ T27] audit: type=1800 audit(1678856071.245:246): pid=6158 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop1" ino=19 res=0 errno=0 [ 119.880440][ T6161] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/41/bus supports timestamps until 2038 (0x7fffffff) [pid 6165] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6164] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6161] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6160] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6159] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6172 attached ./strace-static-x86_64: Process 6171 attached [pid 6164] <... openat resumed>) = 4 [pid 6161] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6159] <... futex resumed>) = 0 [pid 6158] <... write resumed>) = 262144 [pid 6172] set_robust_list(0x7f5659be29e0, 24 [pid 6171] set_robust_list(0x7f5659be29e0, 24 [pid 6164] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6161] chdir("./file0" [pid 6159] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6158] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = 0 [pid 6172] <... set_robust_list resumed>) = 0 [pid 6171] <... set_robust_list resumed>) = 0 [pid 6164] <... futex resumed>) = 1 [pid 6160] <... futex resumed>) = 0 [pid 6158] <... futex resumed>) = 1 [pid 6155] <... futex resumed>) = 0 [pid 6161] <... chdir resumed>) = 0 [pid 5086] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6172] memfd_create("syzkaller", 0 [pid 6171] memfd_create("syzkaller", 0 [pid 6164] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6161] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6160] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6158] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6155] exit_group(0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6172] <... memfd_create resumed>) = 3 [pid 6171] <... memfd_create resumed>) = 3 [pid 6164] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6161] <... futex resumed>) = 1 [pid 6160] <... futex resumed>) = 0 [pid 6159] <... futex resumed>) = 0 [pid 6158] <... futex resumed>) = ? [pid 6155] <... exit_group resumed>) = ? [pid 5086] lstat("./41/bus", [pid 6172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6164] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6161] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6160] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6159] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6158] +++ exited with 0 +++ [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6172] <... mmap resumed>) = 0x7f56517c2000 [pid 6171] <... mmap resumed>) = 0x7f56517c2000 [pid 6161] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6164] <... write resumed>) = 262144 [pid 6159] <... futex resumed>) = 0 [pid 6155] +++ exited with 0 +++ [pid 6172] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6164] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6161] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6159] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6161] <... openat resumed>) = 4 [pid 5086] openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6155, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5086] <... openat resumed>) = 4 [pid 6172] <... write resumed>) = 1048576 [pid 6161] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] fstat(4, [pid 5082] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6161] <... futex resumed>) = 1 [pid 6159] <... futex resumed>) = 0 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6159] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6161] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6159] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] getdents64(4, [pid 5082] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6172] munmap(0x7f56517c2000, 1048576 [pid 5082] <... openat resumed>) = 3 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, [pid 5082] fstat(3, [pid 5086] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] close(4) = 0 [pid 5082] getdents64(3, [pid 6172] <... munmap resumed>) = 0 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5086] rmdir("./41/bus" [pid 6172] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5086] <... rmdir resumed>) = 0 [pid 5082] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6172] ioctl(4, LOOP_SET_FD, 3 [pid 5082] lstat("./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] unlink("./41/binderfs" [pid 5086] getdents64(3, [pid 5082] <... unlink resumed>) = 0 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6172] <... ioctl resumed>) = 0 [pid 6171] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6164] <... futex resumed>) = 1 [pid 6161] <... write resumed>) = 262144 [pid 5086] close(3 [pid 6172] close(3 [pid 6164] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6160] <... futex resumed>) = 0 [pid 6172] <... close resumed>) = 0 [pid 6172] mkdir("./bus", 0777) = 0 [pid 6172] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6161] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6171] <... write resumed>) = 1048576 [pid 6161] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6171] munmap(0x7f56517c2000, 1048576) = 0 [pid 6171] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6171] ioctl(4, LOOP_SET_FD, 3 [pid 6160] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6159] <... futex resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 6171] <... ioctl resumed>) = 0 [pid 6171] close(3 [pid 6164] <... futex resumed>) = 0 [pid 6160] <... futex resumed>) = 1 [pid 6159] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] rmdir("./41" [pid 6171] <... close resumed>) = 0 [pid 6164] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6161] <... futex resumed>) = 0 [pid 6160] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6159] <... futex resumed>) = 1 [ 120.016474][ T6172] loop2: detected capacity change from 0 to 2048 [ 120.023782][ T5118] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 120.038470][ T5118] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 120.048813][ T6171] loop3: detected capacity change from 0 to 2048 [pid 6171] mkdir("./bus", 0777 [pid 6161] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6171] <... mkdir resumed>) = 0 [pid 6171] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5086] <... rmdir resumed>) = 0 [pid 6164] <... mmap resumed>) = 0x20000000 [pid 6159] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6164] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] mkdir("./42", 0777 [pid 6161] <... mmap resumed>) = 0x20000000 [pid 6161] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6161] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6164] <... futex resumed>) = 1 [pid 6164] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] <... mkdir resumed>) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5086] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5086] close(3 [pid 6160] <... futex resumed>) = 0 [pid 6159] <... futex resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 6160] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6159] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6164] <... futex resumed>) = 0 [pid 6160] <... futex resumed>) = 1 [pid 6159] <... futex resumed>) = 1 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6164] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6160] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6159] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6164] <... open resumed>) = 5 [pid 6164] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6160] <... futex resumed>) = 0 [pid 6164] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6160] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6164] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6160] <... futex resumed>) = 0 [pid 6164] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 6160] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6164] <... mount resumed>) = 0 [pid 6164] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6160] <... futex resumed>) = 0 [pid 6164] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6160] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6164] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6160] <... futex resumed>) = 0 [pid 6164] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6160] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6164] <... open resumed>) = 6 [pid 6164] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6160] <... futex resumed>) = 0 [pid 6164] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6160] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6164] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6160] <... futex resumed>) = 0 [pid 6164] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6160] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6161] <... futex resumed>) = 0 [pid 6161] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6176 [pid 6164] <... write resumed>) = 262144 [pid 6164] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6160] <... futex resumed>) = 0 [pid 6164] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6161] <... open resumed>) = 5 [pid 6160] exit_group(0 [pid 6164] <... futex resumed>) = ? [pid 6161] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6160] <... exit_group resumed>) = ? [ 120.057741][ T5118] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [ 120.074459][ T5118] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 120.092886][ T27] audit: type=1800 audit(1678856071.495:247): pid=6164 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop4" ino=19 res=0 errno=0 ./strace-static-x86_64: Process 6176 attached [pid 6164] +++ exited with 0 +++ [pid 6161] <... futex resumed>) = 1 [pid 6160] +++ exited with 0 +++ [pid 6159] <... futex resumed>) = 0 [pid 6176] set_robust_list(0x555556f1a5e0, 24 [pid 6161] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6159] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6160, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6159] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5085] umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 120.126281][ T6172] ext4 filesystem being mounted at /root/syzkaller.22hR0w/41/bus supports timestamps until 2038 (0x7fffffff) [ 120.139587][ T5118] EXT4-fs (loop1): This should not happen!! Data will be lost [ 120.139587][ T5118] [ 120.151681][ T5118] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [pid 5085] unlink("./40/binderfs" [pid 6176] <... set_robust_list resumed>) = 0 [pid 5085] <... unlink resumed>) = 0 [pid 6176] chdir("./42" [pid 6161] <... mount resumed>) = 0 [pid 5085] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6172] <... mount resumed>) = 0 [pid 6172] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6172] chdir("./bus") = 0 [pid 6172] ioctl(4, LOOP_CLR_FD) = 0 [pid 6172] close(4) = 0 [pid 6172] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] <... chdir resumed>) = 0 [pid 6172] <... futex resumed>) = 1 [pid 6171] <... mount resumed>) = 0 [ 120.166664][ T27] audit: type=1800 audit(1678856071.515:248): pid=6161 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop0" ino=19 res=0 errno=0 [ 120.169335][ T6171] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/42/bus supports timestamps until 2038 (0x7fffffff) [ 120.199178][ T1062] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 120.199938][ T5118] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [pid 6165] <... futex resumed>) = 0 [pid 6161] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6159] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6176] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6172] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6161] <... futex resumed>) = 0 [pid 6176] <... prctl resumed>) = 0 [pid 6161] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6176] setpgid(0, 0) = 0 [pid 6176] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6176] write(3, "1000", 4) = 4 [pid 6176] close(3 [pid 6171] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6165] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6159] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] <... close resumed>) = 0 [pid 6172] <... futex resumed>) = 0 [pid 6171] <... openat resumed>) = 3 [pid 6165] <... futex resumed>) = 1 [pid 6161] <... futex resumed>) = 0 [pid 6159] <... futex resumed>) = 1 [pid 6176] symlink("/dev/binderfs", "./binderfs" [pid 6172] chdir("./file0" [pid 6171] chdir("./bus" [pid 6165] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6161] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6159] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6176] <... symlink resumed>) = 0 [pid 6172] <... chdir resumed>) = 0 [pid 6171] <... chdir resumed>) = 0 [pid 6161] <... open resumed>) = 6 [pid 6176] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6172] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6171] ioctl(4, LOOP_CLR_FD [pid 6161] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] <... futex resumed>) = 0 [pid 6172] <... futex resumed>) = 1 [pid 6165] <... futex resumed>) = 0 [pid 6161] <... futex resumed>) = 1 [pid 6176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6172] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6165] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6161] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6171] <... ioctl resumed>) = 0 [pid 6159] <... futex resumed>) = 0 [pid 6176] <... mmap resumed>) = 0x7f5659bc2000 [pid 6171] close(4 [pid 6159] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6171] <... close resumed>) = 0 [pid 6159] <... futex resumed>) = 0 [pid 6171] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6159] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6171] <... futex resumed>) = 1 [pid 6168] <... futex resumed>) = 0 [pid 6171] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6168] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6172] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6171] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6168] <... futex resumed>) = 0 [pid 6165] <... futex resumed>) = 0 [pid 6161] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6172] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6171] chdir("./file0" [pid 6168] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6176] <... mprotect resumed>) = 0 [pid 6172] <... openat resumed>) = 4 [pid 6171] <... chdir resumed>) = 0 [pid 6165] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6161] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6176] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6172] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6171] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6172] <... futex resumed>) = 0 [pid 6171] <... futex resumed>) = 1 [pid 6165] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6168] <... futex resumed>) = 0 [pid 6176] <... clone resumed>, parent_tid=[6178], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6178 [pid 6172] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6171] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6165] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6178 attached [pid 6176] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6171] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6168] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6165] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6161] <... write resumed>) = 262144 [pid 6178] set_robust_list(0x7f5659be29e0, 24 [pid 6176] <... futex resumed>) = 0 [pid 6171] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6168] <... futex resumed>) = 0 [pid 6161] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] <... set_robust_list resumed>) = 0 [pid 6176] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6171] <... openat resumed>) = 4 [pid 6161] <... futex resumed>) = 1 [ 120.225731][ T1062] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 120.259258][ T1062] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:6: mark_inode_dirty error [pid 6178] memfd_create("syzkaller", 0 [pid 6171] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6168] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6161] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6159] <... futex resumed>) = 0 [pid 6178] <... memfd_create resumed>) = 3 [pid 6178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6172] <... write resumed>) = 262144 [pid 6178] <... mmap resumed>) = 0x7f56517c2000 [pid 6172] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6171] <... futex resumed>) = 0 [pid 6168] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6159] exit_group(0 [pid 6178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6172] <... futex resumed>) = 1 [pid 6165] <... futex resumed>) = 0 [pid 6172] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6165] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6172] <... mmap resumed>) = 0x20000000 [pid 6165] <... futex resumed>) = 0 [pid 5082] <... umount2 resumed>) = 0 [pid 6172] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6165] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6172] <... futex resumed>) = 0 [pid 6165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6171] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6172] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6168] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6165] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6161] <... futex resumed>) = ? [pid 6159] <... exit_group resumed>) = ? [pid 6172] <... open resumed>) = 5 [pid 6165] <... futex resumed>) = 0 [pid 6161] +++ exited with 0 +++ [pid 6172] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6165] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6172] <... futex resumed>) = 0 [pid 6165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6172] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 6165] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6172] <... mount resumed>) = 0 [pid 6165] <... futex resumed>) = 0 [pid 6172] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6165] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6172] <... futex resumed>) = 0 [pid 6165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6172] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6165] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6172] <... open resumed>) = 6 [pid 6165] <... futex resumed>) = 0 [pid 6172] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6165] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6172] <... futex resumed>) = 0 [pid 6165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6172] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6165] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6172] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6165] <... futex resumed>) = 0 [pid 6172] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6165] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./41/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6171] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6168] <... futex resumed>) = 0 [pid 5082] <... openat resumed>) = 4 [pid 5082] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6159] +++ exited with 0 +++ [pid 6168] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] getdents64(4, [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6159, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 6171] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6172] <... write resumed>) = 262144 [pid 5082] close(4 [pid 6172] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... close resumed>) = 0 [pid 6172] <... futex resumed>) = 1 [pid 6165] <... futex resumed>) = 0 [pid 5082] rmdir("./41/bus" [pid 6172] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6165] exit_group(0 [pid 5082] <... rmdir resumed>) = 0 [pid 6172] <... futex resumed>) = ? [pid 6165] <... exit_group resumed>) = ? [pid 5082] getdents64(3, [pid 6172] +++ exited with 0 +++ [pid 6165] +++ exited with 0 +++ [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6165, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5082] close(3 [pid 5083] restart_syscall(<... resuming interrupted clone ...> [pid 5082] <... close resumed>) = 0 [pid 5082] rmdir("./41" [pid 5083] <... restart_syscall resumed>) = 0 [pid 5082] <... rmdir resumed>) = 0 [pid 5082] mkdir("./42", 0777 [pid 5081] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6178] <... write resumed>) = 1048576 [pid 5082] <... mkdir resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6178] munmap(0x7f56517c2000, 1048576 [pid 5083] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6178] <... munmap resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... openat resumed>) = 3 [pid 5081] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6178] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5083] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 120.313901][ T1062] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 120.330207][ T27] audit: type=1800 audit(1678856071.735:249): pid=6172 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop2" ino=19 res=0 errno=0 [pid 5082] ioctl(3, LOOP_CLR_FD [pid 6178] <... openat resumed>) = 4 [pid 5083] <... openat resumed>) = 3 [pid 5082] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5081] <... openat resumed>) = 3 [pid 6178] ioctl(4, LOOP_SET_FD, 3 [pid 5083] fstat(3, [pid 5082] close(3 [pid 5081] fstat(3, [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... close resumed>) = 0 [pid 5083] getdents64(3, [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] getdents64(3, [pid 5083] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6179 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] lstat("./41/binderfs", [pid 5081] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6171] <... write resumed>) = 262144 [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6179 attached [pid 5083] unlink("./41/binderfs" [pid 5081] lstat("./41/binderfs", [pid 6179] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 6179] chdir("./42" [pid 5083] <... unlink resumed>) = 0 [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6179] <... chdir resumed>) = 0 [pid 5083] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] unlink("./41/binderfs" [pid 6179] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6178] <... ioctl resumed>) = 0 [pid 6179] setpgid(0, 0 [pid 6178] close(3 [pid 6171] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6168] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5081] <... unlink resumed>) = 0 [pid 6179] <... setpgid resumed>) = 0 [pid 6178] <... close resumed>) = 0 [pid 5081] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6178] mkdir("./bus", 0777 [pid 6179] <... openat resumed>) = 3 [pid 6178] <... mkdir resumed>) = 0 [pid 6171] <... futex resumed>) = 0 [pid 6168] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6179] write(3, "1000", 4 [pid 6178] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6171] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6168] <... futex resumed>) = 0 [pid 6179] <... write resumed>) = 4 [pid 6171] <... mmap resumed>) = 0x20000000 [pid 6168] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6179] close(3 [pid 6171] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6179] <... close resumed>) = 0 [pid 6179] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6171] <... futex resumed>) = 1 [pid 6168] <... futex resumed>) = 0 [pid 6179] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6171] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6168] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6179] <... futex resumed>) = 0 [pid 6171] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6168] <... futex resumed>) = 0 [pid 6179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6171] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6168] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6179] <... mmap resumed>) = 0x7f5659bc2000 [pid 6179] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6179] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6171] <... open resumed>) = 5 [ 120.376319][ T6178] loop5: detected capacity change from 0 to 2048 [ 120.387820][ T1062] EXT4-fs (loop4): This should not happen!! Data will be lost [ 120.387820][ T1062] [ 120.403577][ T75] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 6171] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6179] <... clone resumed>, parent_tid=[6180], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6180 [pid 6171] <... futex resumed>) = 1 [pid 6168] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6180 attached [pid 6179] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6171] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6168] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6180] set_robust_list(0x7f5659be29e0, 24 [pid 6179] <... futex resumed>) = 0 [pid 6171] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6168] <... futex resumed>) = 0 [pid 6180] <... set_robust_list resumed>) = 0 [pid 6179] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 120.444885][ T1062] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 120.458350][ T5118] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 120.472575][ T75] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 120.475768][ T6178] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/42/bus supports timestamps until 2038 (0x7fffffff) [pid 6171] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 6168] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6180] memfd_create("syzkaller", 0) = 3 [pid 6178] <... mount resumed>) = 0 [pid 6171] <... mount resumed>) = 0 [pid 6180] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6178] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [ 120.483139][ T1062] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 120.500575][ T5118] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 120.513364][ T75] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [ 120.517203][ T5118] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [pid 6171] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6180] <... mmap resumed>) = 0x7f56517c2000 [pid 6180] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6178] <... openat resumed>) = 3 [pid 6171] <... futex resumed>) = 1 [pid 6168] <... futex resumed>) = 0 [pid 6171] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6178] chdir("./bus" [pid 6168] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6171] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6168] <... futex resumed>) = 0 [pid 6178] <... chdir resumed>) = 0 [pid 6171] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6168] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 120.534249][ T75] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 120.557738][ T75] EXT4-fs (loop2): This should not happen!! Data will be lost [ 120.557738][ T75] [ 120.558352][ T5118] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 120.570651][ T75] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 6178] ioctl(4, LOOP_CLR_FD) = 0 [pid 6171] <... open resumed>) = 6 [pid 6178] close(4 [pid 6171] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] <... close resumed>) = 0 [pid 6171] <... futex resumed>) = 1 [pid 6168] <... futex resumed>) = 0 [pid 6178] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6171] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6168] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] <... futex resumed>) = 1 [pid 6176] <... futex resumed>) = 0 [pid 6178] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6176] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6168] <... futex resumed>) = 0 [pid 6178] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6176] <... futex resumed>) = 0 [pid 6178] chdir("./file0" [pid 6176] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] <... chdir resumed>) = 0 [pid 6178] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6176] <... futex resumed>) = 0 [ 120.593716][ T5118] EXT4-fs (loop0): This should not happen!! Data will be lost [ 120.593716][ T5118] [ 120.606032][ T5118] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 120.621128][ T5118] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 120.632031][ T6180] loop1: detected capacity change from 0 to 2048 [pid 6178] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6176] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6180] <... write resumed>) = 1048576 [pid 6178] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6168] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6180] munmap(0x7f56517c2000, 1048576) = 0 [pid 6180] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6180] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6178] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6176] <... futex resumed>) = 0 [pid 6171] <... write resumed>) = 262144 [pid 5085] <... umount2 resumed>) = 0 [pid 6180] close(3 [pid 6178] <... openat resumed>) = 4 [pid 6176] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6171] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6180] <... close resumed>) = 0 [pid 6171] <... futex resumed>) = 1 [pid 6168] <... futex resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6180] mkdir("./bus", 0777 [pid 5085] lstat("./40/bus", [pid 6180] <... mkdir resumed>) = 0 [pid 6171] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6168] exit_group(0 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6180] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5085] umount2("./40/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6171] <... futex resumed>) = ? [pid 6168] <... exit_group resumed>) = ? [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./40/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./40/bus" [pid 6178] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6171] +++ exited with 0 +++ [pid 6168] +++ exited with 0 +++ [pid 5085] <... rmdir resumed>) = 0 [pid 5085] getdents64(3, [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6168, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6176] <... futex resumed>) = 0 [pid 6178] <... futex resumed>) = 1 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6178] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6176] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] close(3 [pid 6176] <... futex resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5084] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6176] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] rmdir("./40" [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] <... rmdir resumed>) = 0 [pid 5084] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5085] mkdir("./41", 0777 [pid 5084] <... openat resumed>) = 3 [pid 5085] <... mkdir resumed>) = 0 [pid 5084] fstat(3, [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] <... openat resumed>) = 3 [pid 5084] getdents64(3, [pid 5085] ioctl(3, LOOP_CLR_FD [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5084] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [ 120.637020][ T75] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5085] close(3 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] <... close resumed>) = 0 [pid 5084] lstat("./42/binderfs", [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5081] <... umount2 resumed>) = 0 [pid 6180] <... mount resumed>) = 0 [pid 5084] unlink("./42/binderfs" [pid 5081] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6180] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6176] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6180] <... openat resumed>) = 3 [pid 6176] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6185 [pid 5084] <... unlink resumed>) = 0 [pid 5081] lstat("./41/bus", [pid 6180] chdir("./bus" [pid 6176] <... futex resumed>) = 0 [pid 5084] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6180] <... chdir resumed>) = 0 [pid 6176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5081] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6180] ioctl(4, LOOP_CLR_FD [pid 6176] <... mmap resumed>) = 0x7f56518a1000 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6180] <... ioctl resumed>) = 0 [pid 6176] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 5081] openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6180] close(4 [pid 6176] <... mprotect resumed>) = 0 [pid 5081] <... openat resumed>) = 4 ./strace-static-x86_64: Process 6185 attached [pid 6180] <... close resumed>) = 0 [pid 6176] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5081] fstat(4, [pid 6185] set_robust_list(0x555556f1a5e0, 24 [pid 6180] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... umount2 resumed>) = 0 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6185] <... set_robust_list resumed>) = 0 [pid 6180] <... futex resumed>) = 1 [pid 6179] <... futex resumed>) = 0 [pid 6176] <... clone resumed>, parent_tid=[6186], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 6186 [pid 5083] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] getdents64(4, [pid 6185] chdir("./41" [ 120.717837][ T6180] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/42/bus supports timestamps until 2038 (0x7fffffff) [pid 6180] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6179] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] <... write resumed>) = 262144 [pid 6176] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6180] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6176] <... futex resumed>) = 0 [pid 5081] getdents64(4, [pid 6180] chdir("./file0" [pid 6176] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6186 attached [pid 5081] close(4 [pid 6186] set_robust_list(0x7f56518c19e0, 24 [pid 5081] <... close resumed>) = 0 [pid 6186] <... set_robust_list resumed>) = 0 [pid 5081] rmdir("./41/bus" [pid 6186] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5081] <... rmdir resumed>) = 0 [pid 6186] <... mmap resumed>) = 0x20000000 [pid 5081] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5081] close(3) = 0 [pid 5081] rmdir("./41") = 0 [pid 5081] mkdir("./42", 0777) = 0 [pid 6186] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6186] <... futex resumed>) = 1 [pid 6185] <... chdir resumed>) = 0 [pid 6179] <... futex resumed>) = 0 [pid 6178] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6180] <... chdir resumed>) = 0 [pid 6176] <... futex resumed>) = 0 [pid 5081] <... openat resumed>) = 3 [pid 6186] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6180] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] ioctl(3, LOOP_CLR_FD [pid 6185] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6180] <... futex resumed>) = 0 [pid 6179] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] <... futex resumed>) = 0 [pid 6176] <... futex resumed>) = 0 [pid 5083] lstat("./41/bus", [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6185] <... prctl resumed>) = 0 [pid 6180] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6179] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6176] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] close(3) = 0 [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 6187 [pid 6178] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6185] setpgid(0, 0 [pid 6179] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6180] <... futex resumed>) = 0 [pid 6179] <... futex resumed>) = 1 [pid 6180] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6185] <... setpgid resumed>) = 0 [pid 6180] <... openat resumed>) = 4 [pid 6179] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] <... open resumed>) = 5 [pid 5083] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6187 attached [pid 6185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6180] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6179] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6178] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 120.761026][ T75] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 120.790087][ T75] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6187] set_robust_list(0x555556f1a5e0, 24 [pid 6185] <... openat resumed>) = 3 [pid 6180] <... futex resumed>) = 0 [pid 6179] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] <... futex resumed>) = 1 [pid 6176] <... futex resumed>) = 0 [pid 6187] <... set_robust_list resumed>) = 0 [pid 6180] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6176] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] chdir("./42" [pid 6185] write(3, "1000", 4 [pid 6180] <... write resumed>) = 262144 [pid 6179] <... futex resumed>) = 0 [pid 6178] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 6176] <... futex resumed>) = 0 [pid 5083] openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6187] <... chdir resumed>) = 0 [pid 6185] <... write resumed>) = 4 [pid 6179] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] <... mount resumed>) = 0 [pid 6176] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... openat resumed>) = 4 [pid 6187] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6185] close(3 [pid 6180] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6179] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6178] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] fstat(4, [pid 6185] <... close resumed>) = 0 [pid 6180] <... futex resumed>) = 0 [pid 6179] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] <... futex resumed>) = 0 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6185] symlink("/dev/binderfs", "./binderfs" [pid 6180] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6179] <... futex resumed>) = 0 [pid 6178] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] getdents64(4, [pid 6185] <... symlink resumed>) = 0 [pid 6180] <... mmap resumed>) = 0x20000000 [pid 6179] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6185] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6180] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] getdents64(4, [pid 6185] <... futex resumed>) = 0 [pid 6180] <... futex resumed>) = 1 [pid 6179] <... futex resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6180] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6179] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] close(4 [pid 6185] <... mmap resumed>) = 0x7f5659bc2000 [pid 6180] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6179] <... futex resumed>) = 0 [pid 5083] <... close resumed>) = 0 [pid 6185] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6180] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6179] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] rmdir("./41/bus" [pid 6185] <... mprotect resumed>) = 0 [pid 6180] <... open resumed>) = 5 [pid 5083] <... rmdir resumed>) = 0 [pid 6176] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] <... prctl resumed>) = 0 [pid 6185] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6180] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] <... futex resumed>) = 0 [pid 6176] <... futex resumed>) = 1 [pid 5083] getdents64(3, [pid 6187] setpgid(0, 0 [pid 6180] <... futex resumed>) = 1 [pid 6179] <... futex resumed>) = 0 [pid 6178] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6176] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6187] <... setpgid resumed>) = 0 [pid 6185] <... clone resumed>, parent_tid=[6188], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6188 [pid 6180] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6179] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] <... open resumed>) = 6 [pid 5083] close(3 [pid 6187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6185] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6180] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6179] <... futex resumed>) = 0 [pid 6178] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... close resumed>) = 0 [pid 6187] <... openat resumed>) = 3 [ 120.812184][ T75] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [ 120.835217][ T75] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 120.854787][ T75] EXT4-fs (loop3): This should not happen!! Data will be lost [pid 6185] <... futex resumed>) = 0 [pid 6180] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 6179] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] <... futex resumed>) = 1 [pid 6176] <... futex resumed>) = 0 [pid 5083] rmdir("./41"./strace-static-x86_64: Process 6188 attached [pid 6187] write(3, "1000", 4) = 4 [pid 6176] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] close(3 [pid 6176] <... futex resumed>) = 0 [pid 6187] <... close resumed>) = 0 [pid 6176] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6185] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6187] symlink("/dev/binderfs", "./binderfs" [pid 6180] <... mount resumed>) = 0 [pid 6178] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6188] set_robust_list(0x7f5659be29e0, 24 [pid 6187] <... symlink resumed>) = 0 [pid 5083] <... rmdir resumed>) = 0 [pid 6187] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6187] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6188] <... set_robust_list resumed>) = 0 [pid 6187] <... mmap resumed>) = 0x7f5659bc2000 [pid 6180] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] mkdir("./42", 0777 [pid 6188] memfd_create("syzkaller", 0 [pid 6187] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6180] <... futex resumed>) = 1 [pid 6179] <... futex resumed>) = 0 [pid 6188] <... memfd_create resumed>) = 3 [pid 6187] <... mprotect resumed>) = 0 [pid 6180] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6179] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... mkdir resumed>) = 0 [pid 6188] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6187] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6180] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6179] <... futex resumed>) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6188] <... mmap resumed>) = 0x7f56517c2000 [pid 6180] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6178] <... write resumed>) = 262144 [pid 6187] <... clone resumed>, parent_tid=[6189], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6189 [pid 6180] <... open resumed>) = 6 [pid 6187] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6180] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] <... futex resumed>) = 0 [pid 6180] <... futex resumed>) = 0 [pid 6187] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6180] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6189 attached [pid 6189] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6189] memfd_create("syzkaller", 0) = 3 [pid 6189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6179] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... openat resumed>) = 3 [pid 6179] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6178] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6179] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] <... futex resumed>) = 1 [pid 6176] <... futex resumed>) = 0 [pid 5083] ioctl(3, LOOP_CLR_FD [pid 6180] <... futex resumed>) = 0 [pid 6179] <... futex resumed>) = 1 [pid 6178] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6176] exit_group(0 [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6188] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6186] <... futex resumed>) = ? [ 120.854787][ T75] [ 120.880902][ T75] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 6180] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6179] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6176] <... exit_group resumed>) = ? [pid 6186] +++ exited with 0 +++ [pid 6178] <... futex resumed>) = ? [pid 5083] close(3 [pid 6189] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6178] +++ exited with 0 +++ [pid 6176] +++ exited with 0 +++ [pid 5083] <... close resumed>) = 0 [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6176, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6180] <... write resumed>) = 262144 [pid 5086] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6190 attached [pid 6180] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6190] set_robust_list(0x555556f1a5e0, 24 [pid 6180] <... futex resumed>) = 1 [pid 6179] <... futex resumed>) = 0 [pid 5086] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6190 [pid 6190] <... set_robust_list resumed>) = 0 [pid 6180] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6179] exit_group(0 [pid 5086] <... openat resumed>) = 3 [pid 6190] chdir("./42" [pid 6180] <... futex resumed>) = ? [pid 6179] <... exit_group resumed>) = ? [ 120.903605][ T75] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 5086] fstat(3, [pid 6190] <... chdir resumed>) = 0 [pid 6180] +++ exited with 0 +++ [pid 6179] +++ exited with 0 +++ [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, [pid 6190] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6190] <... prctl resumed>) = 0 [pid 5086] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6179, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6190] setpgid(0, 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6190] <... setpgid resumed>) = 0 [pid 6189] <... write resumed>) = 1048576 [pid 5086] lstat("./42/binderfs", [pid 5082] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6190] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5084] <... umount2 resumed>) = 0 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6190] <... openat resumed>) = 3 [pid 5086] unlink("./42/binderfs" [pid 5082] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6190] write(3, "1000", 4 [pid 5086] <... unlink resumed>) = 0 [pid 5082] <... openat resumed>) = 3 [pid 6190] <... write resumed>) = 4 [pid 5086] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] fstat(3, [pid 6190] close(3 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6190] <... close resumed>) = 0 [pid 5082] getdents64(3, [pid 6188] <... write resumed>) = 1048576 [pid 5084] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6188] munmap(0x7f56517c2000, 1048576 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6190] symlink("/dev/binderfs", "./binderfs" [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6190] <... symlink resumed>) = 0 [pid 6188] <... munmap resumed>) = 0 [pid 5084] lstat("./42/bus", [pid 5082] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6188] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5084] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6188] <... openat resumed>) = 4 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6189] munmap(0x7f56517c2000, 1048576 [pid 6188] ioctl(4, LOOP_SET_FD, 3 [pid 5084] openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6190] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] <... munmap resumed>) = 0 [pid 5084] <... openat resumed>) = 4 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6189] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5084] fstat(4, [pid 6189] <... openat resumed>) = 4 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6189] ioctl(4, LOOP_SET_FD, 3 [ 120.993941][ T75] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 121.010388][ T75] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 121.015627][ T6188] loop4: detected capacity change from 0 to 2048 [ 121.021302][ T75] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [pid 5084] getdents64(4, [pid 6190] <... futex resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5082] lstat("./42/binderfs", [pid 5084] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5084] close(4) = 0 [pid 6188] <... ioctl resumed>) = 0 [pid 5084] rmdir("./42/bus" [pid 6188] close(3 [pid 5084] <... rmdir resumed>) = 0 [pid 6188] <... close resumed>) = 0 [pid 5084] getdents64(3, [pid 6188] mkdir("./bus", 0777 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6188] <... mkdir resumed>) = 0 [pid 5084] close(3 [pid 6188] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5084] <... close resumed>) = 0 [pid 5084] rmdir("./42" [pid 6190] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5084] <... rmdir resumed>) = 0 [pid 5082] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6190] <... mmap resumed>) = 0x7f5659bc2000 [pid 5084] mkdir("./43", 0777 [pid 5082] unlink("./42/binderfs" [pid 5084] <... mkdir resumed>) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5084] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5084] close(3) = 0 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 6191 ./strace-static-x86_64: Process 6191 attached [pid 6190] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5082] <... unlink resumed>) = 0 [pid 6191] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 6191] chdir("./43") = 0 [pid 6191] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6191] setpgid(0, 0) = 0 [pid 6190] <... mprotect resumed>) = 0 [pid 5082] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6190] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6191] <... openat resumed>) = 3 [pid 6191] write(3, "1000", 4) = 4 [pid 6191] close(3) = 0 [pid 6191] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6191] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6191] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6191] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6189] <... ioctl resumed>) = 0 [pid 6189] close(3 [pid 6191] <... clone resumed>, parent_tid=[6192], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6192 [pid 6189] <... close resumed>) = 0 [pid 6191] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] mkdir("./bus", 0777 [pid 6191] <... futex resumed>) = 0 [pid 6189] <... mkdir resumed>) = 0 [pid 6191] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 121.034662][ T6189] loop0: detected capacity change from 0 to 2048 [ 121.040877][ T75] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 121.062310][ T75] EXT4-fs (loop5): This should not happen!! Data will be lost [ 121.062310][ T75] [ 121.083476][ T5118] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [pid 6190] <... clone resumed>, parent_tid=[6193], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6193 [pid 6189] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue"./strace-static-x86_64: Process 6193 attached [pid 6190] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6192 attached [pid 6192] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6192] memfd_create("syzkaller", 0) = 3 [pid 6190] <... futex resumed>) = 0 [pid 6193] set_robust_list(0x7f5659be29e0, 24 [pid 6192] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6190] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6193] <... set_robust_list resumed>) = 0 [pid 6192] <... mmap resumed>) = 0x7f56517c2000 [pid 6193] memfd_create("syzkaller", 0) = 3 [pid 6193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6192] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6193] <... mmap resumed>) = 0x7f56517c2000 [ 121.103011][ T5118] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 121.117302][ T75] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 121.133865][ T6188] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/41/bus supports timestamps until 2038 (0x7fffffff) [pid 6188] <... mount resumed>) = 0 [pid 6188] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6188] chdir("./bus") = 0 [pid 6188] ioctl(4, LOOP_CLR_FD [pid 6193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6188] <... ioctl resumed>) = 0 [pid 6188] close(4) = 0 [pid 6188] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6188] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6192] <... write resumed>) = 1048576 [pid 6192] munmap(0x7f56517c2000, 1048576) = 0 [pid 6192] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6192] ioctl(4, LOOP_SET_FD, 3 [pid 6185] <... futex resumed>) = 0 [ 121.147381][ T5118] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [ 121.167557][ T75] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 6185] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6188] <... futex resumed>) = 0 [pid 6185] <... futex resumed>) = 1 [pid 6185] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6188] chdir("./file0") = 0 [pid 6188] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6185] <... futex resumed>) = 0 [pid 6185] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6185] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6188] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6192] <... ioctl resumed>) = 0 [pid 6192] close(3) = 0 [pid 6188] <... openat resumed>) = 4 [pid 6192] mkdir("./bus", 0777) = 0 [pid 6192] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6193] <... write resumed>) = 1048576 [pid 6193] munmap(0x7f56517c2000, 1048576) = 0 [pid 6193] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 121.192170][ T5118] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 121.192259][ T6192] loop3: detected capacity change from 0 to 2048 [ 121.230903][ T6189] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/42/bus supports timestamps until 2038 (0x7fffffff) [ 121.237476][ T6193] loop2: detected capacity change from 0 to 2048 [pid 6193] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6188] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6185] <... futex resumed>) = 0 [pid 6185] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6185] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6193] close(3 [pid 6188] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6193] <... close resumed>) = 0 [pid 6189] <... mount resumed>) = 0 [pid 6193] mkdir("./bus", 0777) = 0 [pid 6189] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6188] <... write resumed>) = 262144 [pid 6193] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6189] <... openat resumed>) = 3 [pid 6188] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] chdir("./bus" [pid 6188] <... futex resumed>) = 1 [pid 6189] <... chdir resumed>) = 0 [pid 6188] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6189] ioctl(4, LOOP_CLR_FD) = 0 [pid 6189] close(4) = 0 [pid 6185] <... futex resumed>) = 0 [pid 6189] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6187] <... futex resumed>) = 0 [pid 6189] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6187] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6187] <... futex resumed>) = 0 [pid 6189] chdir("./file0" [pid 6187] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6185] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6188] <... futex resumed>) = 0 [pid 6185] <... futex resumed>) = 1 [pid 6188] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6189] <... chdir resumed>) = 0 [pid 6188] <... mmap resumed>) = 0x20000000 [pid 6185] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6189] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6188] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6185] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6189] <... futex resumed>) = 1 [pid 6188] <... futex resumed>) = 0 [pid 6187] <... futex resumed>) = 0 [pid 6185] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6188] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6187] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6185] <... futex resumed>) = 0 [pid 6189] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6188] <... open resumed>) = 5 [pid 6187] <... futex resumed>) = 0 [ 121.249164][ T5118] EXT4-fs (loop1): This should not happen!! Data will be lost [ 121.249164][ T5118] [ 121.261081][ T5118] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 121.274543][ T5118] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [pid 6185] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6189] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6188] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6185] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6189] <... openat resumed>) = 4 [pid 6188] <... futex resumed>) = 0 [pid 6185] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6185] <... futex resumed>) = 0 [pid 6189] <... futex resumed>) = 1 [pid 6188] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 6187] <... futex resumed>) = 0 [pid 6185] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6189] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6188] <... mount resumed>) = 0 [pid 6187] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... umount2 resumed>) = 0 [pid 6189] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6188] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = 0 [pid 6188] <... futex resumed>) = 1 [pid 6188] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./42/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./42/bus") = 0 [pid 5086] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./42") = 0 [pid 5086] mkdir("./43", 0777) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5086] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 6187] <... futex resumed>) = 0 [pid 5086] close(3 [pid 6185] <... futex resumed>) = 0 [pid 6187] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6189] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6185] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... close resumed>) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 6202 [pid 6188] <... futex resumed>) = 0 [pid 6185] <... futex resumed>) = 1 [pid 6188] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6185] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6188] <... open resumed>) = 6 [pid 6188] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6185] <... futex resumed>) = 0 [pid 6188] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6185] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6188] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6185] <... futex resumed>) = 0 [pid 6188] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6185] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6188] <... write resumed>) = 262144 [pid 6188] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6185] <... futex resumed>) = 0 [pid 6188] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6185] exit_group(0) = ? [pid 6188] <... futex resumed>) = ? [pid 6192] <... mount resumed>) = 0 [pid 6192] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6192] chdir("./bus") = 0 [pid 6192] ioctl(4, LOOP_CLR_FD [pid 6188] +++ exited with 0 +++ [pid 6185] +++ exited with 0 +++ [pid 6192] <... ioctl resumed>) = 0 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6185, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 6192] close(4 [pid 5085] restart_syscall(<... resuming interrupted clone ...> [pid 6192] <... close resumed>) = 0 [pid 5085] <... restart_syscall resumed>) = 0 [pid 6192] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6191] <... futex resumed>) = 0 [pid 6191] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... openat resumed>) = 3 [pid 6191] <... futex resumed>) = 0 [pid 6191] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] fstat(3, [pid 5082] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6202 attached [pid 6193] <... mount resumed>) = 0 [pid 6192] <... futex resumed>) = 1 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5085] umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] lstat("./42/bus", [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6192] chdir("./file0" [pid 5085] lstat("./41/binderfs", [pid 5082] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6193] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6192] <... chdir resumed>) = 0 [pid 5085] unlink("./41/binderfs" [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6192] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6193] chdir("./bus" [pid 5085] <... unlink resumed>) = 0 [pid 6193] <... chdir resumed>) = 0 [pid 6192] <... futex resumed>) = 1 [pid 6191] <... futex resumed>) = 0 [ 121.355019][ T6192] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/43/bus supports timestamps until 2038 (0x7fffffff) [ 121.370489][ T6193] ext4 filesystem being mounted at /root/syzkaller.22hR0w/42/bus supports timestamps until 2038 (0x7fffffff) [pid 5082] openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6193] ioctl(4, LOOP_CLR_FD [pid 6192] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6191] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6193] <... ioctl resumed>) = 0 [pid 6192] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6191] <... futex resumed>) = 0 [pid 5082] <... openat resumed>) = 4 [pid 6202] set_robust_list(0x555556f1a5e0, 24 [pid 6193] close(4 [pid 6192] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6191] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6202] <... set_robust_list resumed>) = 0 [pid 6193] <... close resumed>) = 0 [pid 6202] chdir("./43" [pid 6193] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6202] <... chdir resumed>) = 0 [pid 6193] <... futex resumed>) = 1 [pid 6190] <... futex resumed>) = 0 [pid 6187] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6202] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6193] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6192] <... openat resumed>) = 4 [pid 6190] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] fstat(4, [pid 6202] <... prctl resumed>) = 0 [pid 6193] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6192] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6190] <... futex resumed>) = 0 [pid 6189] <... write resumed>) = 262144 [pid 6187] <... futex resumed>) = 0 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6202] setpgid(0, 0 [pid 6193] chdir("./file0" [pid 6192] <... futex resumed>) = 1 [pid 6191] <... futex resumed>) = 0 [pid 6190] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6189] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5082] getdents64(4, [pid 6202] <... setpgid resumed>) = 0 [pid 6193] <... chdir resumed>) = 0 [pid 6192] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6191] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] <... futex resumed>) = 0 [pid 6187] <... mmap resumed>) = 0x7f56518a1000 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6202] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6193] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6192] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6191] <... futex resumed>) = 0 [pid 6189] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6187] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 5082] getdents64(4, [pid 6202] <... openat resumed>) = 3 [pid 6193] <... futex resumed>) = 1 [pid 6192] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6191] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6190] <... futex resumed>) = 0 [pid 6187] <... mprotect resumed>) = 0 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6202] write(3, "1000", 4 [pid 6193] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6190] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5082] close(4 [pid 6202] <... write resumed>) = 4 [pid 6193] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 121.421288][ T5118] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [pid 6192] <... write resumed>) = 262144 [pid 6190] <... futex resumed>) = 0 [pid 5082] <... close resumed>) = 0 ./strace-static-x86_64: Process 6203 attached [pid 6202] close(3 [pid 6193] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6192] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6190] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] <... clone resumed>, parent_tid=[6203], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 6203 [pid 6203] set_robust_list(0x7f56518c19e0, 24 [pid 6202] <... close resumed>) = 0 [pid 6192] <... futex resumed>) = 1 [pid 6191] <... futex resumed>) = 0 [pid 6203] <... set_robust_list resumed>) = 0 [pid 6202] symlink("/dev/binderfs", "./binderfs" [pid 6192] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6191] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6203] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6202] <... symlink resumed>) = 0 [pid 6192] <... mmap resumed>) = 0x20000000 [pid 6191] <... futex resumed>) = 0 [pid 6202] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6192] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6191] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] rmdir("./42/bus" [pid 6202] <... futex resumed>) = 0 [pid 6192] <... futex resumed>) = 0 [pid 6191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6203] <... futex resumed>) = 0 [pid 6202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6192] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6191] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] <... futex resumed>) = 1 [pid 5082] <... rmdir resumed>) = 0 [pid 6203] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6202] <... mmap resumed>) = 0x7f5659bc2000 [pid 6193] <... openat resumed>) = 4 [pid 6192] <... open resumed>) = 5 [pid 6191] <... futex resumed>) = 0 [pid 6202] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6192] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6191] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6202] <... mprotect resumed>) = 0 [pid 6192] <... futex resumed>) = 0 [pid 6191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6202] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6192] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 6191] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6192] <... mount resumed>) = 0 [pid 6191] <... futex resumed>) = 0 [pid 6202] <... clone resumed>, parent_tid=[6204], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6204 [pid 6192] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6191] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6202] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6192] <... futex resumed>) = 0 [pid 6191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6202] <... futex resumed>) = 0 [pid 6192] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6191] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] getdents64(3, [pid 6203] <... mmap resumed>) = 0x20000000 [pid 6202] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6193] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6192] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6191] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6204 attached [pid 6203] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6193] <... futex resumed>) = 1 [pid 6192] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6191] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6190] <... futex resumed>) = 0 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6192] <... open resumed>) = 6 [pid 6192] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6191] <... futex resumed>) = 0 [pid 6192] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6191] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6192] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6191] <... futex resumed>) = 0 [ 121.467864][ T5118] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 121.496399][ T5118] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [pid 6192] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6191] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6204] set_robust_list(0x7f5659be29e0, 24 [pid 6203] <... futex resumed>) = 1 [pid 6193] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6190] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] close(3 [pid 6204] <... set_robust_list resumed>) = 0 [pid 6203] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6193] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6192] <... write resumed>) = 262144 [pid 6190] <... futex resumed>) = 0 [pid 6187] <... futex resumed>) = 0 [pid 5082] <... close resumed>) = 0 [pid 6204] memfd_create("syzkaller", 0 [pid 6193] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6192] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6190] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] rmdir("./42" [pid 6204] <... memfd_create resumed>) = 3 [pid 6204] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6193] <... write resumed>) = 262144 [pid 6192] <... futex resumed>) = 1 [pid 6189] <... futex resumed>) = 0 [pid 6187] <... futex resumed>) = 1 [pid 5082] <... rmdir resumed>) = 0 [pid 6204] <... mmap resumed>) = 0x7f56517c2000 [pid 6189] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6187] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6191] <... futex resumed>) = 0 [pid 6192] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6191] exit_group(0 [pid 6189] <... open resumed>) = 5 [ 121.511798][ T5118] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 121.526496][ T5118] EXT4-fs (loop4): This should not happen!! Data will be lost [ 121.526496][ T5118] [ 121.541770][ T5118] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [pid 6191] <... exit_group resumed>) = ? [pid 6204] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6193] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6192] <... futex resumed>) = ? [pid 6189] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] mkdir("./43", 0777 [pid 6192] +++ exited with 0 +++ [pid 6191] +++ exited with 0 +++ [pid 6189] <... futex resumed>) = 1 [pid 6187] <... futex resumed>) = 0 [pid 5082] <... mkdir resumed>) = 0 [pid 6189] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6187] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6189] <... mount resumed>) = 0 [pid 6187] <... futex resumed>) = 0 [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6191, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5082] <... openat resumed>) = 3 [pid 6187] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] ioctl(3, LOOP_CLR_FD [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5084] <... openat resumed>) = 3 [pid 5082] close(3 [pid 5084] fstat(3, [pid 5082] <... close resumed>) = 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5084] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6205 [pid 5084] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] lstat("./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5084] unlink("./43/binderfs" [pid 6189] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... unlink resumed>) = 0 [pid 5084] umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6193] <... futex resumed>) = 1 [pid 6190] <... futex resumed>) = 0 [pid 6189] <... futex resumed>) = 1 [pid 6187] <... futex resumed>) = 0 [pid 6193] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6190] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6193] <... mmap resumed>) = 0x20000000 [pid 6190] <... futex resumed>) = 0 [pid 6190] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6193] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6190] <... futex resumed>) = 0 [pid 6193] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6190] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6190] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6193] <... open resumed>) = 5 [pid 6193] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6205 attached ) = 1 [pid 6190] <... futex resumed>) = 0 [pid 6205] set_robust_list(0x555556f1a5e0, 24 [pid 6193] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 6190] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6205] <... set_robust_list resumed>) = 0 [pid 6193] <... mount resumed>) = 0 [pid 6190] <... futex resumed>) = 0 [pid 6205] chdir("./43" [pid 6193] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6190] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6205] <... chdir resumed>) = 0 [pid 6193] <... futex resumed>) = 0 [pid 6190] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6205] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6193] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6190] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6205] <... prctl resumed>) = 0 [pid 6193] <... open resumed>) = 6 [pid 6190] <... futex resumed>) = 0 [pid 6205] setpgid(0, 0 [pid 6193] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6190] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6205] <... setpgid resumed>) = 0 [pid 6193] <... futex resumed>) = 0 [pid 6190] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6189] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6187] <... futex resumed>) = 0 [pid 6205] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6193] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6190] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] <... open resumed>) = 6 [pid 6187] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6205] <... openat resumed>) = 3 [pid 6193] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6190] <... futex resumed>) = 0 [pid 6189] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6205] write(3, "1000", 4 [pid 6193] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6190] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6189] <... futex resumed>) = 0 [pid 6187] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6205] <... write resumed>) = 4 [pid 6189] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6187] <... futex resumed>) = 0 [pid 6205] close(3) = 0 [pid 6205] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6187] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6205] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6205] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6205] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6193] <... write resumed>) = 262144 [pid 6189] <... write resumed>) = 262144 [pid 6193] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6205] <... clone resumed>, parent_tid=[6206], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6206 [pid 6205] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6193] <... futex resumed>) = 1 [pid 6190] <... futex resumed>) = 0 [pid 6205] <... futex resumed>) = 0 [ 121.558946][ T5118] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 121.582249][ T46] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [pid 6193] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6190] exit_group(0 [pid 6189] <... futex resumed>) = 1 [pid 6187] <... futex resumed>) = 0 [pid 6204] <... write resumed>) = 1048576 [pid 6205] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6193] <... futex resumed>) = ? [pid 6190] <... exit_group resumed>) = ? [pid 6189] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6187] exit_group(0 [pid 6204] munmap(0x7f56517c2000, 1048576 [pid 6193] +++ exited with 0 +++ [pid 6190] +++ exited with 0 +++ ./strace-static-x86_64: Process 6206 attached [pid 6206] set_robust_list(0x7f5659be29e0, 24 [pid 6203] <... futex resumed>) = ? [pid 6189] <... futex resumed>) = ? [pid 6187] <... exit_group resumed>) = ? [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6190, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 6206] <... set_robust_list resumed>) = 0 [pid 6203] +++ exited with 0 +++ [pid 5083] restart_syscall(<... resuming interrupted clone ...> [pid 6206] memfd_create("syzkaller", 0 [pid 5083] <... restart_syscall resumed>) = 0 [pid 6206] <... memfd_create resumed>) = 3 [pid 6206] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5083] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6204] <... munmap resumed>) = 0 [pid 6189] +++ exited with 0 +++ [pid 6187] +++ exited with 0 +++ [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6187, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6204] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5083] <... openat resumed>) = 3 [pid 5081] restart_syscall(<... resuming interrupted clone ...> [pid 6204] <... openat resumed>) = 4 [pid 5083] fstat(3, [pid 5081] <... restart_syscall resumed>) = 0 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6204] ioctl(4, LOOP_SET_FD, 3 [ 121.635225][ T46] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5083] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6206] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5083] lstat("./42/binderfs", [pid 5081] <... openat resumed>) = 3 [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5081] fstat(3, [pid 5083] unlink("./42/binderfs" [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6204] <... ioctl resumed>) = 0 [pid 5083] <... unlink resumed>) = 0 [pid 5081] getdents64(3, [pid 5083] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] lstat("./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5081] unlink("./42/binderfs") = 0 [pid 5085] <... umount2 resumed>) = 0 [pid 5081] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW [ 121.680101][ T6204] loop5: detected capacity change from 0 to 2048 [ 121.689151][ T5118] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 121.700448][ T46] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:3: mark_inode_dirty error [ 121.714847][ T5118] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5085] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6204] close(3 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./41/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] umount2("./41/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./41/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./41/bus") = 0 [pid 5085] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./41") = 0 [pid 5085] mkdir("./42", 0777) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5085] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5085] close(3) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 6207 ./strace-static-x86_64: Process 6207 attached [pid 6207] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 6207] chdir("./42") = 0 [pid 6204] <... close resumed>) = 0 [pid 6204] mkdir("./bus", 0777 [pid 6207] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6206] <... write resumed>) = 1048576 [pid 6207] <... prctl resumed>) = 0 [pid 6206] munmap(0x7f56517c2000, 1048576 [pid 6207] setpgid(0, 0 [pid 6206] <... munmap resumed>) = 0 [pid 6204] <... mkdir resumed>) = 0 [pid 6207] <... setpgid resumed>) = 0 [pid 6206] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6206] <... openat resumed>) = 4 [pid 6204] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6207] <... openat resumed>) = 3 [pid 6206] ioctl(4, LOOP_SET_FD, 3 [pid 6207] write(3, "1000", 4) = 4 [pid 6207] close(3) = 0 [pid 6207] symlink("/dev/binderfs", "./binderfs") = 0 [ 121.724786][ T1062] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 121.745510][ T6206] loop1: detected capacity change from 0 to 2048 [ 121.756701][ T46] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 6207] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6207] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6207] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6208], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6208 [pid 6207] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6207] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6208 attached [pid 6208] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6208] memfd_create("syzkaller", 0) = 3 [pid 6206] <... ioctl resumed>) = 0 [pid 6208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6206] close(3 [pid 6208] <... mmap resumed>) = 0x7f56517c2000 [pid 6206] <... close resumed>) = 0 [pid 6206] mkdir("./bus", 0777) = 0 [pid 6206] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [ 121.771496][ T6012] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 121.783600][ T1062] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 121.795048][ T5118] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [ 121.813857][ T46] EXT4-fs (loop3): This should not happen!! Data will be lost [ 121.813857][ T46] [pid 6208] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6208] munmap(0x7f56517c2000, 1048576) = 0 [pid 6208] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 121.825410][ T1062] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:6: mark_inode_dirty error [ 121.840984][ T5118] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 121.856360][ T6204] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/43/bus supports timestamps until 2038 (0x7fffffff) [ 121.874540][ T6208] loop4: detected capacity change from 0 to 2048 [pid 6208] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6208] close(3) = 0 [pid 6208] mkdir("./bus", 0777) = 0 [ 121.876625][ T1062] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 121.893194][ T46] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 121.907578][ T6206] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/43/bus supports timestamps until 2038 (0x7fffffff) [ 121.908678][ T5118] EXT4-fs (loop2): This should not happen!! Data will be lost [ 121.908678][ T5118] [pid 6208] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6206] <... mount resumed>) = 0 [pid 6204] <... mount resumed>) = 0 [pid 6206] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6204] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6206] <... openat resumed>) = 3 [pid 6204] <... openat resumed>) = 3 [ 121.921715][ T1062] EXT4-fs (loop0): This should not happen!! Data will be lost [ 121.921715][ T1062] [ 121.929892][ T46] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 121.942215][ T1062] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 121.954709][ T5118] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [pid 6206] chdir("./bus" [pid 6204] chdir("./bus" [pid 6206] <... chdir resumed>) = 0 [pid 6204] <... chdir resumed>) = 0 [pid 6206] ioctl(4, LOOP_CLR_FD [pid 6204] ioctl(4, LOOP_CLR_FD [pid 6206] <... ioctl resumed>) = 0 [pid 6204] <... ioctl resumed>) = 0 [pid 6206] close(4 [pid 6204] close(4 [pid 6206] <... close resumed>) = 0 [pid 6204] <... close resumed>) = 0 [pid 6206] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6204] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6206] <... futex resumed>) = 1 [pid 6205] <... futex resumed>) = 0 [pid 6204] <... futex resumed>) = 1 [pid 6202] <... futex resumed>) = 0 [pid 6206] chdir("./file0" [pid 6205] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6204] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6202] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6206] <... chdir resumed>) = 0 [pid 6205] <... futex resumed>) = 0 [pid 6204] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6202] <... futex resumed>) = 0 [pid 6206] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6205] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6204] chdir("./file0" [pid 6202] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6206] <... futex resumed>) = 0 [pid 6205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6204] <... chdir resumed>) = 0 [pid 6206] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6205] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6204] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6206] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6205] <... futex resumed>) = 0 [pid 6204] <... futex resumed>) = 1 [pid 6202] <... futex resumed>) = 0 [pid 6206] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6205] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6204] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6202] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6204] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6202] <... futex resumed>) = 0 [pid 6204] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6202] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6206] <... openat resumed>) = 4 [pid 6208] <... mount resumed>) = 0 [pid 6208] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6204] <... openat resumed>) = 4 [pid 6208] chdir("./bus") = 0 [pid 6208] ioctl(4, LOOP_CLR_FD) = 0 [pid 6208] close(4) = 0 [pid 6208] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6207] <... futex resumed>) = 0 [pid 6207] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6207] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6208] <... futex resumed>) = 1 [pid 6208] chdir("./file0") = 0 [pid 6208] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6206] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6204] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6208] <... futex resumed>) = 1 [pid 6207] <... futex resumed>) = 0 [pid 6206] <... futex resumed>) = 1 [pid 6205] <... futex resumed>) = 0 [pid 6204] <... futex resumed>) = 1 [pid 6202] <... futex resumed>) = 0 [ 121.966996][ T1062] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 121.986021][ T6208] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/42/bus supports timestamps until 2038 (0x7fffffff) [ 122.002171][ T5118] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [pid 6208] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6207] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6206] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6205] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6204] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6202] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... umount2 resumed>) = 0 [pid 6208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6207] <... futex resumed>) = 0 [pid 6206] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6205] <... futex resumed>) = 0 [pid 6204] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6202] <... futex resumed>) = 0 [pid 6208] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6207] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6206] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6205] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6204] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6202] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6208] <... openat resumed>) = 4 [pid 6204] <... write resumed>) = 262144 [pid 6208] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6207] <... futex resumed>) = 0 [pid 6208] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6207] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6207] <... futex resumed>) = 0 [pid 6208] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6207] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... umount2 resumed>) = 0 [pid 5081] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5083] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] lstat("./42/bus", [pid 6205] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6205] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6206] <... write resumed>) = 262144 [pid 6205] <... futex resumed>) = 0 [pid 6204] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6206] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6204] <... futex resumed>) = 1 [pid 6202] <... futex resumed>) = 0 [pid 6206] <... futex resumed>) = 0 [pid 6205] <... mmap resumed>) = 0x7f56518a1000 [pid 6204] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6202] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] lstat("./42/bus", [pid 5081] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6206] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6205] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 6204] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6202] <... futex resumed>) = 0 [pid 6205] <... mprotect resumed>) = 0 [pid 6204] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6202] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6208] <... write resumed>) = 262144 [pid 6205] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6204] <... mmap resumed>) = 0x20000000 [pid 6204] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6208] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6205] <... clone resumed>, parent_tid=[6215], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 6215 [pid 6204] <... futex resumed>) = 1 [pid 6202] <... futex resumed>) = 0 [pid 5084] <... umount2 resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6215 attached [pid 6208] <... futex resumed>) = 1 [pid 6207] <... futex resumed>) = 0 [pid 6205] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6204] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6202] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5081] <... openat resumed>) = 4 [pid 6215] set_robust_list(0x7f56518c19e0, 24 [pid 6208] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6207] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6205] <... futex resumed>) = 0 [pid 6204] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6202] <... futex resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] <... openat resumed>) = 4 [pid 5081] fstat(4, [pid 6215] <... set_robust_list resumed>) = 0 [pid 6208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6207] <... futex resumed>) = 0 [pid 6205] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6204] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6202] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] lstat("./43/bus", [pid 5083] fstat(4, [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6215] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6208] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6207] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6204] <... open resumed>) = 5 [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] getdents64(4, [pid 6215] <... mmap resumed>) = 0x20000000 [pid 6208] <... mmap resumed>) = 0x20000000 [pid 6204] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6215] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6204] <... futex resumed>) = 1 [pid 5083] getdents64(4, [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6215] <... futex resumed>) = 1 [pid 6205] <... futex resumed>) = 0 [pid 6204] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6202] <... futex resumed>) = 0 [pid 6208] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5081] getdents64(4, [pid 6215] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6208] <... futex resumed>) = 1 [pid 6207] <... futex resumed>) = 0 [pid 6205] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6202] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] getdents64(4, [pid 5081] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6208] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6207] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6206] <... futex resumed>) = 0 [pid 6205] <... futex resumed>) = 1 [pid 6204] <... futex resumed>) = 0 [pid 6202] <... futex resumed>) = 1 [pid 5084] openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5081] close(4 [pid 6207] <... futex resumed>) = 0 [pid 6206] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6205] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6204] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 6202] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] close(4 [pid 5084] <... openat resumed>) = 4 [pid 6208] <... open resumed>) = 5 [pid 6207] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6206] <... open resumed>) = 5 [pid 5081] <... close resumed>) = 0 [pid 6208] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6206] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6204] <... mount resumed>) = 0 [pid 5084] fstat(4, [pid 5083] <... close resumed>) = 0 [pid 5081] rmdir("./42/bus" [pid 6208] <... futex resumed>) = 1 [pid 6207] <... futex resumed>) = 0 [pid 6206] <... futex resumed>) = 1 [pid 6205] <... futex resumed>) = 0 [pid 6204] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] rmdir("./42/bus" [pid 6208] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 6207] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6206] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6205] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6204] <... futex resumed>) = 1 [pid 6202] <... futex resumed>) = 0 [pid 5084] getdents64(4, [pid 5081] <... rmdir resumed>) = 0 [pid 6207] <... futex resumed>) = 0 [pid 6206] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6205] <... futex resumed>) = 0 [pid 6204] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6202] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... rmdir resumed>) = 0 [pid 5081] getdents64(3, [pid 6208] <... mount resumed>) = 0 [pid 6207] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6206] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 6205] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6204] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6202] <... futex resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5083] getdents64(3, [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6208] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6206] <... mount resumed>) = 0 [pid 6204] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6202] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] getdents64(4, [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5081] close(3 [pid 6208] <... futex resumed>) = 1 [pid 6207] <... futex resumed>) = 0 [pid 6206] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6204] <... open resumed>) = 6 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5083] close(3 [pid 5081] <... close resumed>) = 0 [pid 6208] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6207] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6206] <... futex resumed>) = 1 [pid 6205] <... futex resumed>) = 0 [pid 6204] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] close(4 [pid 5083] <... close resumed>) = 0 [pid 5081] rmdir("./42" [pid 6208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6207] <... futex resumed>) = 0 [pid 6206] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6205] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6204] <... futex resumed>) = 1 [pid 6202] <... futex resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 5083] rmdir("./42" [pid 6208] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6207] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6206] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6205] <... futex resumed>) = 0 [pid 6204] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6202] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... rmdir resumed>) = 0 [pid 6208] <... open resumed>) = 6 [pid 6206] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6205] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6204] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6202] <... futex resumed>) = 0 [pid 5084] rmdir("./43/bus" [pid 5083] <... rmdir resumed>) = 0 [pid 5081] mkdir("./43", 0777 [pid 6208] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6206] <... open resumed>) = 6 [pid 6204] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6202] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6206] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... rmdir resumed>) = 0 [pid 5083] mkdir("./43", 0777 [pid 6206] <... futex resumed>) = 1 [pid 6205] <... futex resumed>) = 0 [pid 5081] <... mkdir resumed>) = 0 [pid 6208] <... futex resumed>) = 1 [pid 6206] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6205] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6206] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6205] <... futex resumed>) = 0 [pid 6206] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6205] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6207] <... futex resumed>) = 0 [pid 5084] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5084] close(3) = 0 [pid 5084] rmdir("./43" [pid 6208] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6207] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6206] <... write resumed>) = 262144 [pid 6204] <... write resumed>) = 262144 [pid 5084] <... rmdir resumed>) = 0 [pid 5083] <... mkdir resumed>) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5084] mkdir("./44", 0777) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6207] <... futex resumed>) = 0 [pid 6206] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... openat resumed>) = 3 [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5081] <... openat resumed>) = 3 [pid 6207] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6206] <... futex resumed>) = 1 [pid 6205] <... futex resumed>) = 0 [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5083] <... openat resumed>) = 3 [pid 5081] ioctl(3, LOOP_CLR_FD [pid 6206] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6205] exit_group(0 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5083] ioctl(3, LOOP_CLR_FD [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6215] <... futex resumed>) = ? [pid 6206] <... futex resumed>) = ? [pid 6205] <... exit_group resumed>) = ? [pid 6204] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] close(3 [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5081] close(3 [pid 6215] +++ exited with 0 +++ [pid 6208] <... write resumed>) = 262144 [pid 6206] +++ exited with 0 +++ [pid 6205] +++ exited with 0 +++ [pid 6204] <... futex resumed>) = 1 [pid 6202] <... futex resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 5083] close(3 [pid 5081] <... close resumed>) = 0 [pid 6208] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6204] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6202] exit_group(0 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5083] <... close resumed>) = 0 [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6205, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6208] <... futex resumed>) = 1 [pid 6207] <... futex resumed>) = 0 [pid 6204] <... futex resumed>) = ? [pid 6202] <... exit_group resumed>) = ? [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6208] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6207] exit_group(0 [pid 6204] +++ exited with 0 +++ [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6216 [pid 6202] +++ exited with 0 +++ [pid 6208] <... futex resumed>) = ? [pid 6207] <... exit_group resumed>) = ? [pid 5082] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6217 ./strace-static-x86_64: Process 6217 attached [pid 6208] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6202, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6217] set_robust_list(0x555556f1a5e0, 24 [pid 6207] +++ exited with 0 +++ [pid 5086] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6218 [pid 5082] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 6218 attached ./strace-static-x86_64: Process 6216 attached [pid 6217] <... set_robust_list resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... openat resumed>) = 3 [pid 6217] chdir("./43" [pid 5086] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6207, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5082] fstat(3, [pid 6217] <... chdir resumed>) = 0 [pid 5086] <... openat resumed>) = 3 [pid 5085] restart_syscall(<... resuming interrupted clone ...> [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6218] set_robust_list(0x555556f1a5e0, 24 [pid 6217] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5086] fstat(3, [pid 5085] <... restart_syscall resumed>) = 0 [pid 5082] getdents64(3, [pid 6218] <... set_robust_list resumed>) = 0 [pid 6217] <... prctl resumed>) = 0 [pid 6216] set_robust_list(0x555556f1a5e0, 24 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6218] chdir("./43" [pid 6217] setpgid(0, 0 [pid 6216] <... set_robust_list resumed>) = 0 [pid 5086] getdents64(3, [pid 5082] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6218] <... chdir resumed>) = 0 [pid 6217] <... setpgid resumed>) = 0 [pid 6216] chdir("./44" [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5085] umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6218] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6216] <... chdir resumed>) = 0 [pid 5086] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./43/binderfs", [pid 6218] <... prctl resumed>) = 0 [pid 6217] <... openat resumed>) = 3 [pid 6216] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6218] setpgid(0, 0 [pid 6217] write(3, "1000", 4 [pid 6216] <... prctl resumed>) = 0 [pid 5086] lstat("./43/binderfs", [pid 5085] <... openat resumed>) = 3 [pid 5082] unlink("./43/binderfs" [pid 6218] <... setpgid resumed>) = 0 [pid 6217] <... write resumed>) = 4 [pid 6216] setpgid(0, 0 [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] fstat(3, [pid 5082] <... unlink resumed>) = 0 [pid 6218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6217] close(3 [pid 6216] <... setpgid resumed>) = 0 [pid 5086] unlink("./43/binderfs" [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6218] <... openat resumed>) = 3 [pid 6217] <... close resumed>) = 0 [pid 6216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5086] <... unlink resumed>) = 0 [pid 5085] getdents64(3, [pid 6217] symlink("/dev/binderfs", "./binderfs" [pid 5086] umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6217] <... symlink resumed>) = 0 [pid 5085] umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6217] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6217] <... futex resumed>) = 0 [pid 5085] lstat("./42/binderfs", [pid 6217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6217] <... mmap resumed>) = 0x7f5659bc2000 [pid 5085] unlink("./42/binderfs" [pid 6217] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5085] <... unlink resumed>) = 0 [pid 6217] <... mprotect resumed>) = 0 [pid 5085] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6217] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6219], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6219 [pid 6217] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6217] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6218] write(3, "1000", 4./strace-static-x86_64: Process 6219 attached [pid 6219] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6219] memfd_create("syzkaller", 0) = 3 [pid 6219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6219] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6218] <... write resumed>) = 4 [pid 6218] close(3 [pid 6216] <... openat resumed>) = 3 [pid 6218] <... close resumed>) = 0 [pid 6216] write(3, "1000", 4 [pid 6218] symlink("/dev/binderfs", "./binderfs" [pid 6216] <... write resumed>) = 4 [pid 6218] <... symlink resumed>) = 0 [pid 6216] close(3 [pid 6218] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6216] <... close resumed>) = 0 [pid 6218] <... futex resumed>) = 0 [pid 6216] symlink("/dev/binderfs", "./binderfs" [pid 6218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6216] <... symlink resumed>) = 0 [pid 6218] <... mmap resumed>) = 0x7f5659bc2000 [pid 6216] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6218] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6216] <... futex resumed>) = 0 [pid 6218] <... mprotect resumed>) = 0 [pid 6216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6218] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6216] <... mmap resumed>) = 0x7f5659bc2000 [pid 6216] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6218] <... clone resumed>, parent_tid=[6220], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6220 [pid 6218] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6216] <... mprotect resumed>) = 0 [pid 6218] <... futex resumed>) = 0 [pid 6216] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6218] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6216] <... clone resumed>, parent_tid=[6221], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6221 [pid 6216] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6216] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6219] <... write resumed>) = 1048576 ./strace-static-x86_64: Process 6220 attached [ 122.279386][ T75] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 122.293635][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 122.307094][ T5118] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [pid 6220] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6220] memfd_create("syzkaller", 0./strace-static-x86_64: Process 6221 attached [pid 6221] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6220] <... memfd_create resumed>) = 3 [pid 6221] memfd_create("syzkaller", 0 [pid 6220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6221] <... memfd_create resumed>) = 3 [pid 6220] <... mmap resumed>) = 0x7f56517c2000 [pid 6221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6220] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6219] munmap(0x7f56517c2000, 1048576) = 0 [pid 6219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6219] ioctl(4, LOOP_SET_FD, 3 [ 122.341282][ T5118] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 122.351494][ T75] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 122.361033][ T1062] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 122.372158][ T6219] loop0: detected capacity change from 0 to 2048 [pid 6221] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6219] <... ioctl resumed>) = 0 [pid 6219] close(3) = 0 [pid 6219] mkdir("./bus", 0777) = 0 [pid 6219] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6220] <... write resumed>) = 1048576 [pid 6220] munmap(0x7f56517c2000, 1048576 [pid 6221] <... write resumed>) = 1048576 [pid 6220] <... munmap resumed>) = 0 [pid 6221] munmap(0x7f56517c2000, 1048576 [pid 6220] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6221] <... munmap resumed>) = 0 [ 122.383651][ T75] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:4: mark_inode_dirty error [ 122.395433][ T5118] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [ 122.407907][ T1062] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:6: mark_inode_dirty error [pid 6220] ioctl(4, LOOP_SET_FD, 3 [pid 6221] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 122.435396][ T5118] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 122.442494][ T6220] loop2: detected capacity change from 0 to 2048 [ 122.457944][ T6221] loop3: detected capacity change from 0 to 2048 [ 122.459784][ T6219] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/43/bus supports timestamps until 2038 (0x7fffffff) [ 122.477038][ T1062] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 6221] ioctl(4, LOOP_SET_FD, 3 [pid 6220] <... ioctl resumed>) = 0 [pid 6219] <... mount resumed>) = 0 [pid 6221] <... ioctl resumed>) = 0 [ 122.489960][ T75] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 122.508215][ T5115] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 122.530620][ T5118] EXT4-fs (loop4): This should not happen!! Data will be lost [ 122.530620][ T5118] [pid 6221] close(3 [pid 6220] close(3 [pid 6219] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6221] <... close resumed>) = 0 [pid 6220] <... close resumed>) = 0 [pid 6219] <... openat resumed>) = 3 [ 122.536046][ T1062] EXT4-fs (loop5): This should not happen!! Data will be lost [ 122.536046][ T1062] [ 122.542956][ T5118] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 122.552533][ T75] EXT4-fs (loop1): This should not happen!! Data will be lost [ 122.552533][ T75] [ 122.565515][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [pid 6221] mkdir("./bus", 0777 [pid 6220] mkdir("./bus", 0777 [pid 6219] chdir("./bus" [pid 6221] <... mkdir resumed>) = 0 [pid 6220] <... mkdir resumed>) = 0 [pid 6219] <... chdir resumed>) = 0 [pid 6221] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6220] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6219] ioctl(4, LOOP_CLR_FD) = 0 [pid 6219] close(4) = 0 [pid 6219] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6219] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6217] <... futex resumed>) = 0 [pid 6217] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6219] <... futex resumed>) = 0 [pid 6217] <... futex resumed>) = 1 [pid 6219] chdir("./file0" [pid 6217] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6219] <... chdir resumed>) = 0 [pid 6219] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 122.580269][ T75] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [ 122.586203][ T5118] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 122.600879][ T75] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:4: Invalid inode table block 0 in block_group 0 [pid 6219] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6217] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6219] <... futex resumed>) = 0 [pid 6217] <... futex resumed>) = 1 [pid 6219] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6217] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6219] <... openat resumed>) = 4 [pid 6219] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6217] <... futex resumed>) = 0 [pid 6217] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6219] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6217] <... futex resumed>) = 0 [pid 6217] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6219] <... write resumed>) = 262144 [ 122.636607][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 122.672162][ T6221] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/44/bus supports timestamps until 2038 (0x7fffffff) [pid 6221] <... mount resumed>) = 0 [pid 6219] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6217] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5085] <... umount2 resumed>) = 0 [pid 5082] <... umount2 resumed>) = 0 [pid 6221] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6219] <... futex resumed>) = 0 [pid 6217] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6221] <... openat resumed>) = 3 [pid 6219] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6217] <... futex resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6221] chdir("./bus" [pid 6219] <... mmap resumed>) = 0x20000000 [pid 6217] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] lstat("./42/bus", [pid 5082] lstat("./43/bus", [pid 6221] <... chdir resumed>) = 0 [pid 6219] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6221] ioctl(4, LOOP_CLR_FD [pid 6219] <... futex resumed>) = 0 [pid 6217] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] umount2("./42/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6221] <... ioctl resumed>) = 0 [pid 6220] <... mount resumed>) = 0 [pid 6219] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6217] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6221] close(4 [pid 6220] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6219] <... open resumed>) = 5 [pid 6217] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] openat(AT_FDCWD, "./42/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6221] <... close resumed>) = 0 [pid 6220] <... openat resumed>) = 3 [pid 6219] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] <... openat resumed>) = 4 [pid 5082] <... openat resumed>) = 4 [pid 6221] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6220] chdir("./bus" [pid 6219] <... futex resumed>) = 0 [pid 6217] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] lstat("./43/bus", [pid 5085] fstat(4, [pid 5082] fstat(4, [pid 6221] <... futex resumed>) = 1 [pid 6220] <... chdir resumed>) = 0 [pid 6219] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6217] <... futex resumed>) = 0 [pid 6216] <... futex resumed>) = 0 [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6221] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6220] ioctl(4, LOOP_CLR_FD [pid 6219] <... mount resumed>) = 0 [pid 6217] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 122.721629][ T6220] ext4 filesystem being mounted at /root/syzkaller.22hR0w/43/bus supports timestamps until 2038 (0x7fffffff) [pid 6216] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] getdents64(4, [pid 5082] getdents64(4, [pid 6221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6220] <... ioctl resumed>) = 0 [pid 6219] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6216] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6221] chdir("./file0" [pid 6220] close(4 [pid 6219] <... futex resumed>) = 0 [pid 6217] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6216] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5085] getdents64(4, [pid 5082] getdents64(4, [pid 6221] <... chdir resumed>) = 0 [pid 6220] <... close resumed>) = 0 [pid 6219] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6217] <... futex resumed>) = 0 [pid 5086] <... openat resumed>) = 4 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6221] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6220] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6219] <... open resumed>) = 6 [pid 6217] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] fstat(4, [pid 5085] close(4 [pid 5082] close(4 [pid 6221] <... futex resumed>) = 1 [pid 6220] <... futex resumed>) = 1 [pid 6219] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6218] <... futex resumed>) = 0 [pid 6217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6216] <... futex resumed>) = 0 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] <... close resumed>) = 0 [pid 5082] <... close resumed>) = 0 [pid 6221] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6220] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6219] <... futex resumed>) = 0 [pid 6218] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6217] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6216] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] getdents64(4, [pid 5085] rmdir("./42/bus" [pid 5082] rmdir("./43/bus" [pid 6221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6219] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6218] <... futex resumed>) = 0 [pid 6217] <... futex resumed>) = 0 [pid 6216] <... futex resumed>) = 0 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5085] <... rmdir resumed>) = 0 [pid 5082] <... rmdir resumed>) = 0 [pid 6221] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6220] chdir("./file0" [pid 6218] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6217] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6216] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] getdents64(4, [pid 5085] getdents64(3, [pid 5082] getdents64(3, [pid 6221] <... openat resumed>) = 4 [pid 6220] <... chdir resumed>) = 0 [pid 6219] <... write resumed>) = 262144 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6221] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6220] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6219] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] close(4 [pid 5085] close(3 [pid 5082] close(3 [pid 6221] <... futex resumed>) = 1 [pid 6220] <... futex resumed>) = 1 [pid 6219] <... futex resumed>) = 1 [pid 6218] <... futex resumed>) = 0 [pid 6217] <... futex resumed>) = 0 [pid 6216] <... futex resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5082] <... close resumed>) = 0 [pid 6221] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6220] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6219] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6218] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6217] exit_group(0 [pid 6216] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] rmdir("./43/bus" [pid 5085] rmdir("./42" [pid 5082] rmdir("./43" [pid 6221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6219] <... futex resumed>) = ? [pid 6218] <... futex resumed>) = 0 [pid 6217] <... exit_group resumed>) = ? [pid 6216] <... futex resumed>) = 0 [pid 5086] <... rmdir resumed>) = 0 [pid 5085] <... rmdir resumed>) = 0 [pid 5082] <... rmdir resumed>) = 0 [pid 6221] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6220] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6219] +++ exited with 0 +++ [pid 6218] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6217] +++ exited with 0 +++ [pid 6216] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] getdents64(3, [pid 5085] mkdir("./43", 0777 [pid 5082] mkdir("./44", 0777 [pid 6220] <... openat resumed>) = 4 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5085] <... mkdir resumed>) = 0 [pid 5082] <... mkdir resumed>) = 0 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6217, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6220] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] close(3 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5081] restart_syscall(<... resuming interrupted clone ...> [pid 6220] <... futex resumed>) = 1 [pid 6218] <... futex resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5085] <... openat resumed>) = 3 [pid 5082] <... openat resumed>) = 3 [pid 5081] <... restart_syscall resumed>) = 0 [pid 6220] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6218] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] rmdir("./43" [pid 5085] ioctl(3, LOOP_CLR_FD [pid 5082] ioctl(3, LOOP_CLR_FD [pid 6220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6218] <... futex resumed>) = 0 [pid 5086] <... rmdir resumed>) = 0 [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5082] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6220] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6218] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] mkdir("./44", 0777 [pid 5085] close(3 [pid 5082] close(3 [pid 6221] <... write resumed>) = 262144 [pid 6220] <... write resumed>) = 262144 [pid 5086] <... mkdir resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5082] <... close resumed>) = 0 [pid 5081] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6221] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6220] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6221] <... futex resumed>) = 1 [pid 6220] <... futex resumed>) = 1 [pid 6218] <... futex resumed>) = 0 [pid 6216] <... futex resumed>) = 0 [pid 5086] <... openat resumed>) = 3 [pid 5081] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 6229 attached [pid 6221] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6220] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6218] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6216] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] ioctl(3, LOOP_CLR_FD [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6228 [pid 5081] <... openat resumed>) = 3 [pid 6229] set_robust_list(0x555556f1a5e0, 24 [pid 6221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6218] <... futex resumed>) = 0 [pid 6216] <... futex resumed>) = 0 [pid 5086] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6229 [pid 5081] fstat(3, ./strace-static-x86_64: Process 6228 attached [pid 6229] <... set_robust_list resumed>) = 0 [pid 6221] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6220] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6218] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6216] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] close(3 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6229] chdir("./44" [pid 6228] set_robust_list(0x555556f1a5e0, 24 [pid 6221] <... mmap resumed>) = 0x20000000 [pid 6220] <... mmap resumed>) = 0x20000000 [pid 5086] <... close resumed>) = 0 [pid 5081] getdents64(3, [pid 6229] <... chdir resumed>) = 0 [pid 6228] <... set_robust_list resumed>) = 0 [pid 6221] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6220] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 ./strace-static-x86_64: Process 6230 attached [pid 6229] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6228] chdir("./43" [pid 6221] <... futex resumed>) = 1 [pid 6220] <... futex resumed>) = 1 [pid 6218] <... futex resumed>) = 0 [pid 6216] <... futex resumed>) = 0 [pid 5081] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6230] set_robust_list(0x555556f1a5e0, 24 [pid 6229] <... prctl resumed>) = 0 [pid 6228] <... chdir resumed>) = 0 [pid 6221] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6220] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6218] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6216] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6230 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6230] <... set_robust_list resumed>) = 0 [pid 6229] setpgid(0, 0 [pid 6228] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6218] <... futex resumed>) = 0 [pid 6216] <... futex resumed>) = 0 [pid 5081] lstat("./43/binderfs", [pid 6230] chdir("./44" [pid 6229] <... setpgid resumed>) = 0 [pid 6228] <... prctl resumed>) = 0 [pid 6221] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6220] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6218] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6216] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6230] <... chdir resumed>) = 0 [pid 6229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6228] setpgid(0, 0 [pid 6230] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6229] <... openat resumed>) = 3 [pid 6228] <... setpgid resumed>) = 0 [pid 6230] <... prctl resumed>) = 0 [pid 6229] write(3, "1000", 4 [pid 6228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6221] <... open resumed>) = 5 [pid 6230] setpgid(0, 0 [pid 6229] <... write resumed>) = 4 [pid 6228] <... openat resumed>) = 3 [pid 6221] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6220] <... open resumed>) = 5 [pid 5081] unlink("./43/binderfs" [pid 6230] <... setpgid resumed>) = 0 [pid 6229] close(3 [pid 6228] write(3, "1000", 4 [pid 6221] <... futex resumed>) = 1 [pid 6220] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6216] <... futex resumed>) = 0 [pid 6230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6229] <... close resumed>) = 0 [pid 6228] <... write resumed>) = 4 [pid 6221] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6220] <... futex resumed>) = 1 [pid 6218] <... futex resumed>) = 0 [pid 6216] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... unlink resumed>) = 0 [pid 6230] <... openat resumed>) = 3 [pid 6229] symlink("/dev/binderfs", "./binderfs" [pid 6228] close(3 [pid 6221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6220] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6218] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6216] <... futex resumed>) = 0 [pid 5081] umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6230] write(3, "1000", 4 [pid 6229] <... symlink resumed>) = 0 [pid 6228] <... close resumed>) = 0 [pid 6221] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 6220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6218] <... futex resumed>) = 0 [pid 6216] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6230] <... write resumed>) = 4 [pid 6229] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] symlink("/dev/binderfs", "./binderfs" [pid 6230] close(3 [pid 6229] <... futex resumed>) = 0 [pid 6228] <... symlink resumed>) = 0 [pid 6230] <... close resumed>) = 0 [pid 6229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6228] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6230] symlink("/dev/binderfs", "./binderfs" [pid 6229] <... mmap resumed>) = 0x7f5659bc2000 [pid 6228] <... futex resumed>) = 0 [pid 6230] <... symlink resumed>) = 0 [pid 6229] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6228] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6230] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] <... mprotect resumed>) = 0 [pid 6228] <... mmap resumed>) = 0x7f5659bc2000 [pid 6230] <... futex resumed>) = 0 [pid 6229] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6228] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6228] <... mprotect resumed>) = 0 [pid 6230] <... mmap resumed>) = 0x7f5659bc2000 [pid 6229] <... clone resumed>, parent_tid=[6231], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6231 [pid 6228] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6230] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6229] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6230] <... mprotect resumed>) = 0 [pid 6229] <... futex resumed>) = 0 [pid 6228] <... clone resumed>, parent_tid=[6232], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6232 [pid 6230] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6229] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6228] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6230] <... clone resumed>, parent_tid=[6233], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6233 [pid 6228] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6230] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6230] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6232 attached [pid 6232] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6220] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 6221] <... mount resumed>) = 0 [pid 6218] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6220] <... mount resumed>) = 0 [pid 6221] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6220] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6221] <... futex resumed>) = 1 [pid 6220] <... futex resumed>) = 1 [pid 6218] <... futex resumed>) = 0 [pid 6216] <... futex resumed>) = 0 [pid 6221] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6220] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6216] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6218] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6216] <... futex resumed>) = 0 [pid 6232] memfd_create("syzkaller", 0 [pid 6221] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6220] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6218] <... futex resumed>) = 0 [pid 6216] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6232] <... memfd_create resumed>) = 3 [pid 6221] <... open resumed>) = 6 [pid 6220] <... open resumed>) = 6 [pid 6218] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6221] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6220] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6232] <... mmap resumed>) = 0x7f56517c2000 [pid 6221] <... futex resumed>) = 1 [pid 6220] <... futex resumed>) = 0 [pid 6218] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6216] <... futex resumed>) = 0 [pid 6232] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6221] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6220] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6218] <... futex resumed>) = 0 [pid 6221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6216] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6218] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6221] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6216] <... futex resumed>) = 0 [pid 6216] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6232] <... write resumed>) = 1048576 [ 122.930887][ T948] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 ./strace-static-x86_64: Process 6233 attached [pid 6232] munmap(0x7f56517c2000, 1048576 [pid 6233] set_robust_list(0x7f5659be29e0, 24) = 0 ./strace-static-x86_64: Process 6231 attached [pid 6220] <... write resumed>) = 262144 [pid 6233] memfd_create("syzkaller", 0 [pid 6232] <... munmap resumed>) = 0 [pid 6231] set_robust_list(0x7f5659be29e0, 24 [pid 6221] <... write resumed>) = 262144 [pid 6220] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6233] <... memfd_create resumed>) = 3 [pid 6232] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6231] <... set_robust_list resumed>) = 0 [pid 6220] <... futex resumed>) = 1 [pid 6221] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6218] <... futex resumed>) = 0 [pid 6233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6232] <... openat resumed>) = 4 [pid 6231] memfd_create("syzkaller", 0 [pid 6221] <... futex resumed>) = 1 [pid 6220] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6218] exit_group(0 [pid 6216] <... futex resumed>) = 0 [pid 6232] ioctl(4, LOOP_SET_FD, 3 [pid 6231] <... memfd_create resumed>) = 3 [pid 6233] <... mmap resumed>) = 0x7f56517c2000 [pid 6231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6221] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6220] <... futex resumed>) = ? [pid 6218] <... exit_group resumed>) = ? [pid 6216] exit_group(0 [pid 6231] <... mmap resumed>) = 0x7f56517c2000 [pid 6220] +++ exited with 0 +++ [pid 6231] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6218] +++ exited with 0 +++ [pid 6216] <... exit_group resumed>) = ? [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6218, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5083] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5083] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5083] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5083] lstat("./43/binderfs", [pid 6221] <... futex resumed>) = ? [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5083] unlink("./43/binderfs" [pid 6221] +++ exited with 0 +++ [pid 6216] +++ exited with 0 +++ [pid 5083] <... unlink resumed>) = 0 [pid 6233] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [ 122.998700][ T948] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 123.000271][ T6232] loop4: detected capacity change from 0 to 2048 [ 123.010346][ T948] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [pid 5083] umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6233] <... write resumed>) = 1048576 [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6216, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=5 /* 0.05 s */} --- [pid 6232] <... ioctl resumed>) = 0 [pid 6232] close(3 [pid 5084] restart_syscall(<... resuming interrupted clone ...> [pid 6233] munmap(0x7f56517c2000, 1048576 [pid 5084] <... restart_syscall resumed>) = 0 [pid 6233] <... munmap resumed>) = 0 [pid 6232] <... close resumed>) = 0 [pid 6232] mkdir("./bus", 0777) = 0 [pid 6233] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6231] <... write resumed>) = 1048576 [pid 6233] <... openat resumed>) = 4 [ 123.061151][ T1062] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 123.072964][ T948] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 123.091333][ T948] EXT4-fs (loop0): This should not happen!! Data will be lost [ 123.091333][ T948] [pid 6232] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5084] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6231] munmap(0x7f56517c2000, 1048576) = 0 [pid 6231] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6231] ioctl(4, LOOP_SET_FD, 3 [pid 6233] ioctl(4, LOOP_SET_FD, 3 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6231] <... ioctl resumed>) = 0 [pid 6231] close(3) = 0 [pid 6231] mkdir("./bus", 0777 [pid 6233] <... ioctl resumed>) = 0 [pid 5084] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5084] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 123.106007][ T1062] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 123.111618][ T948] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 123.128386][ T6231] loop1: detected capacity change from 0 to 2048 [ 123.130208][ T948] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 123.149397][ T6233] loop5: detected capacity change from 0 to 2048 [pid 6233] close(3 [pid 6231] <... mkdir resumed>) = 0 [pid 5084] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5084] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] lstat("./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5084] unlink("./44/binderfs") = 0 [pid 5084] umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6233] <... close resumed>) = 0 [pid 6233] mkdir("./bus", 0777 [pid 6231] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6233] <... mkdir resumed>) = 0 [ 123.160080][ T1062] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:6: mark_inode_dirty error [ 123.176250][ T1062] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 123.190998][ T948] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 123.191295][ T1062] EXT4-fs (loop2): This should not happen!! Data will be lost [ 123.191295][ T1062] [ 123.211022][ T6232] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/43/bus supports timestamps until 2038 (0x7fffffff) [ 123.215529][ T1062] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 123.238152][ T948] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 123.240315][ T948] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [pid 6233] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5081] <... umount2 resumed>) = 0 [pid 5081] umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6232] <... mount resumed>) = 0 [pid 6231] <... mount resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6232] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6231] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6232] <... openat resumed>) = 3 [pid 6231] <... openat resumed>) = 3 [pid 6232] chdir("./bus" [pid 6231] chdir("./bus" [pid 6232] <... chdir resumed>) = 0 [pid 6231] <... chdir resumed>) = 0 [pid 6232] ioctl(4, LOOP_CLR_FD [pid 6231] ioctl(4, LOOP_CLR_FD [pid 6232] <... ioctl resumed>) = 0 [pid 6231] <... ioctl resumed>) = 0 [pid 6232] close(4 [pid 6231] close(4 [pid 6232] <... close resumed>) = 0 [pid 6231] <... close resumed>) = 0 [pid 6232] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6231] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6232] <... futex resumed>) = 1 [pid 6231] <... futex resumed>) = 1 [pid 6232] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6231] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] lstat("./43/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5081] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6228] <... futex resumed>) = 0 [pid 5081] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5081] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5081] close(4) = 0 [pid 5081] rmdir("./43/bus") = 0 [pid 5081] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5081] close(3) = 0 [pid 5081] rmdir("./43") = 0 [ 123.260771][ T1062] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 123.263941][ T6231] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/44/bus supports timestamps until 2038 (0x7fffffff) [ 123.289129][ T6233] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/44/bus supports timestamps until 2038 (0x7fffffff) [pid 5081] mkdir("./44", 0777 [pid 6229] <... futex resumed>) = 0 [pid 6228] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6232] <... futex resumed>) = 0 [pid 6229] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] <... futex resumed>) = 1 [pid 5081] <... mkdir resumed>) = 0 [pid 6233] <... mount resumed>) = 0 [pid 6232] chdir("./file0" [pid 6231] <... futex resumed>) = 0 [pid 6229] <... futex resumed>) = 1 [pid 6228] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... umount2 resumed>) = 0 [pid 6232] <... chdir resumed>) = 0 [pid 6231] chdir("./file0" [pid 6229] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6232] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6231] <... chdir resumed>) = 0 [pid 5081] <... openat resumed>) = 3 [pid 6232] <... futex resumed>) = 1 [ 123.310009][ T948] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 123.323327][ T948] EXT4-fs (loop3): This should not happen!! Data will be lost [ 123.323327][ T948] [ 123.335191][ T948] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 6231] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] <... futex resumed>) = 0 [pid 5081] ioctl(3, LOOP_CLR_FD [pid 6233] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6232] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6231] <... futex resumed>) = 1 [pid 6229] <... futex resumed>) = 0 [pid 6228] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6233] <... openat resumed>) = 3 [pid 6232] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6231] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6229] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] <... futex resumed>) = 0 [pid 5081] close(3 [pid 6233] chdir("./bus" [pid 6232] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6231] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6229] <... futex resumed>) = 0 [pid 6228] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... close resumed>) = 0 [pid 6233] <... chdir resumed>) = 0 [pid 6232] <... openat resumed>) = 4 [pid 6231] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6229] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6233] ioctl(4, LOOP_CLR_FD [pid 6232] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6231] <... openat resumed>) = 4 [pid 5083] umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6233] <... ioctl resumed>) = 0 [pid 6232] <... futex resumed>) = 1 [ 123.350220][ T948] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 6231] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] <... futex resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6240 ./strace-static-x86_64: Process 6240 attached [pid 6233] close(4 [pid 6232] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6231] <... futex resumed>) = 1 [pid 6229] <... futex resumed>) = 0 [pid 6228] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] lstat("./43/bus", [pid 6240] set_robust_list(0x555556f1a5e0, 24 [pid 6233] <... close resumed>) = 0 [pid 6232] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6231] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6229] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] <... futex resumed>) = 0 [pid 5084] <... umount2 resumed>) = 0 [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6240] <... set_robust_list resumed>) = 0 [pid 6233] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6232] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6231] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6229] <... futex resumed>) = 0 [pid 6228] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6240] chdir("./44" [pid 6233] <... futex resumed>) = 1 [pid 6232] <... write resumed>) = 262144 [pid 6231] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6230] <... futex resumed>) = 0 [pid 6229] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6240] <... chdir resumed>) = 0 [pid 6233] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6231] <... write resumed>) = 262144 [pid 6230] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6240] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6233] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6230] <... futex resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6232] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... openat resumed>) = 4 [pid 6231] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6240] <... prctl resumed>) = 0 [pid 6233] chdir("./file0" [pid 6232] <... futex resumed>) = 1 [pid 6231] <... futex resumed>) = 1 [pid 6230] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6229] <... futex resumed>) = 0 [pid 6228] <... futex resumed>) = 0 [pid 5084] lstat("./44/bus", [pid 5083] fstat(4, [pid 6240] setpgid(0, 0 [pid 6233] <... chdir resumed>) = 0 [pid 6232] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6231] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6229] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6240] <... setpgid resumed>) = 0 [pid 6233] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6232] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6231] <... mmap resumed>) = 0x20000000 [pid 6229] <... futex resumed>) = 0 [pid 6228] <... futex resumed>) = 0 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6240] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6233] <... futex resumed>) = 1 [pid 6232] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6231] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6230] <... futex resumed>) = 0 [pid 6229] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6228] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] getdents64(4, [pid 6240] <... openat resumed>) = 3 [pid 6233] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6230] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6240] write(3, "1000", 4 [pid 6232] <... mmap resumed>) = 0x20000000 [pid 6231] <... futex resumed>) = 0 [pid 6230] <... futex resumed>) = 0 [pid 6229] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] getdents64(4, [pid 6240] <... write resumed>) = 4 [pid 6233] <... openat resumed>) = 4 [pid 6230] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6229] <... futex resumed>) = 0 [pid 5084] <... openat resumed>) = 4 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6240] close(3 [pid 6233] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6232] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6230] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6229] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] fstat(4, [pid 5083] close(4 [pid 6240] <... close resumed>) = 0 [pid 6233] <... futex resumed>) = 0 [pid 6232] <... futex resumed>) = 1 [pid 6231] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6230] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] <... futex resumed>) = 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] <... close resumed>) = 0 [pid 6240] symlink("/dev/binderfs", "./binderfs" [pid 6233] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6232] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6231] <... open resumed>) = 5 [pid 6230] <... futex resumed>) = 0 [pid 6228] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] getdents64(4, [pid 5083] rmdir("./43/bus" [pid 6240] <... symlink resumed>) = 0 [pid 6232] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6231] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6240] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6232] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6231] <... futex resumed>) = 1 [pid 5084] getdents64(4, [pid 6240] <... futex resumed>) = 0 [pid 6232] <... open resumed>) = 5 [pid 6231] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6230] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6228] <... futex resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6240] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6232] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] <... futex resumed>) = 0 [pid 6228] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] close(4 [pid 5083] <... rmdir resumed>) = 0 [pid 6240] <... mmap resumed>) = 0x7f5659bc2000 [pid 6232] <... futex resumed>) = 0 [pid 6229] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] <... close resumed>) = 0 [pid 5083] getdents64(3, [pid 6240] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6232] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6231] <... futex resumed>) = 0 [pid 6229] <... futex resumed>) = 1 [pid 6228] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] rmdir("./44/bus" [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6240] <... mprotect resumed>) = 0 [pid 6232] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6231] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 6229] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6228] <... futex resumed>) = 0 [pid 5084] <... rmdir resumed>) = 0 [pid 5083] close(3 [pid 6240] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6232] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 6231] <... mount resumed>) = 0 [pid 6228] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] getdents64(3, [pid 5083] <... close resumed>) = 0 [pid 6232] <... mount resumed>) = 0 [pid 6231] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5083] rmdir("./43" [pid 6240] <... clone resumed>, parent_tid=[6241], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6241 [pid 6232] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6231] <... futex resumed>) = 1 [pid 6229] <... futex resumed>) = 0 [pid 5084] close(3 [pid 6240] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6232] <... futex resumed>) = 1 [pid 6231] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6229] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] <... futex resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 5083] <... rmdir resumed>) = 0 [pid 6240] <... futex resumed>) = 0 [pid 6232] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6231] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6229] <... futex resumed>) = 0 [pid 6228] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] rmdir("./44" [pid 5083] mkdir("./44", 0777 [pid 6240] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6233] <... write resumed>) = 262144 [pid 6232] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6231] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6229] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6228] <... futex resumed>) = 0 [pid 5084] <... rmdir resumed>) = 0 [pid 6232] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6231] <... open resumed>) = 6 [pid 5084] mkdir("./45", 0777./strace-static-x86_64: Process 6241 attached [pid 6233] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6232] <... open resumed>) = 6 [pid 6231] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6228] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... mkdir resumed>) = 0 [pid 5083] <... mkdir resumed>) = 0 [pid 6233] <... futex resumed>) = 1 [pid 6232] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6231] <... futex resumed>) = 0 [pid 6230] <... futex resumed>) = 0 [pid 6229] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6241] set_robust_list(0x7f5659be29e0, 24 [pid 6233] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6232] <... futex resumed>) = 0 [pid 6231] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6230] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] <... futex resumed>) = 0 [pid 6228] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... openat resumed>) = 3 [pid 5083] <... openat resumed>) = 3 [pid 6241] <... set_robust_list resumed>) = 0 [pid 6233] <... mmap resumed>) = 0x20000000 [pid 6232] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6230] <... futex resumed>) = 0 [pid 6229] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6228] <... futex resumed>) = 0 [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5083] ioctl(3, LOOP_CLR_FD [pid 6241] memfd_create("syzkaller", 0 [pid 6233] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6230] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6228] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6241] <... memfd_create resumed>) = 3 [pid 6233] <... futex resumed>) = 0 [pid 6230] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] close(3 [pid 6241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6233] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6230] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5083] <... close resumed>) = 0 [pid 6241] <... mmap resumed>) = 0x7f56517c2000 [pid 6233] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6230] <... futex resumed>) = 0 [pid 5084] close(3 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6233] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6230] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... close resumed>) = 0 [pid 6233] <... open resumed>) = 5 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6242 [pid 6233] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6230] <... futex resumed>) = 0 [pid 6241] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6233] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6230] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6243 [pid 6233] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6230] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6243 attached ./strace-static-x86_64: Process 6242 attached [pid 6233] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 6232] <... write resumed>) = 262144 [pid 6231] <... write resumed>) = 262144 [pid 6230] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6243] set_robust_list(0x555556f1a5e0, 24 [pid 6242] set_robust_list(0x555556f1a5e0, 24 [pid 6233] <... mount resumed>) = 0 [pid 6232] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6231] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6243] <... set_robust_list resumed>) = 0 [pid 6242] <... set_robust_list resumed>) = 0 [pid 6233] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6232] <... futex resumed>) = 1 [pid 6231] <... futex resumed>) = 1 [pid 6229] <... futex resumed>) = 0 [pid 6228] <... futex resumed>) = 0 [pid 6243] chdir("./45" [pid 6242] chdir("./44" [pid 6241] <... write resumed>) = 1048576 [pid 6233] <... futex resumed>) = 1 [pid 6232] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6231] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6230] <... futex resumed>) = 0 [pid 6242] <... chdir resumed>) = 0 [pid 6241] munmap(0x7f56517c2000, 1048576 [pid 6230] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] exit_group(0 [pid 6228] exit_group(0 [pid 6243] <... chdir resumed>) = 0 [pid 6242] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6241] <... munmap resumed>) = 0 [pid 6233] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6232] <... futex resumed>) = ? [pid 6231] <... futex resumed>) = ? [pid 6230] <... futex resumed>) = 0 [pid 6229] <... exit_group resumed>) = ? [pid 6228] <... exit_group resumed>) = ? [pid 6243] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6242] <... prctl resumed>) = 0 [pid 6241] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6233] <... open resumed>) = 6 [pid 6232] +++ exited with 0 +++ [pid 6231] +++ exited with 0 +++ [pid 6230] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6242] setpgid(0, 0 [pid 6241] <... openat resumed>) = 4 [pid 6243] <... prctl resumed>) = 0 [pid 6242] <... setpgid resumed>) = 0 [pid 6241] ioctl(4, LOOP_SET_FD, 3 [pid 6229] +++ exited with 0 +++ [pid 6228] +++ exited with 0 +++ [pid 6233] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6243] setpgid(0, 0 [pid 6242] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6241] <... ioctl resumed>) = 0 [pid 6233] <... futex resumed>) = 1 [pid 6230] <... futex resumed>) = 0 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6228, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6243] <... setpgid resumed>) = 0 [pid 6242] <... openat resumed>) = 3 [pid 6233] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6230] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] restart_syscall(<... resuming interrupted clone ...> [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6229, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6242] write(3, "1000", 4 [pid 5085] <... restart_syscall resumed>) = 0 [pid 5082] restart_syscall(<... resuming interrupted clone ...> [pid 6242] <... write resumed>) = 4 [pid 5082] <... restart_syscall resumed>) = 0 [pid 6242] close(3 [pid 6243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6242] <... close resumed>) = 0 [pid 6233] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6230] <... futex resumed>) = 0 [pid 5085] umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6243] <... openat resumed>) = 3 [pid 6242] symlink("/dev/binderfs", "./binderfs" [pid 6233] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6230] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6243] write(3, "1000", 4 [pid 6242] <... symlink resumed>) = 0 [pid 6241] close(3 [pid 5085] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6242] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6241] <... close resumed>) = 0 [pid 5085] <... openat resumed>) = 3 [pid 5082] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6242] <... futex resumed>) = 0 [pid 6241] mkdir("./bus", 0777 [pid 5085] fstat(3, [pid 5082] <... openat resumed>) = 3 [pid 6243] <... write resumed>) = 4 [pid 6242] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6241] <... mkdir resumed>) = 0 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] fstat(3, [pid 6243] close(3 [pid 6242] <... mmap resumed>) = 0x7f5659bc2000 [pid 6241] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5085] getdents64(3, [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6243] <... close resumed>) = 0 [pid 6242] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] getdents64(3, [pid 6243] symlink("/dev/binderfs", "./binderfs" [pid 6242] <... mprotect resumed>) = 0 [pid 5085] umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6243] <... symlink resumed>) = 0 [pid 6242] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6243] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] lstat("./43/binderfs", [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6243] <... futex resumed>) = 0 [pid 6242] <... clone resumed>, parent_tid=[6244], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6244 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] lstat("./44/binderfs", [pid 6243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6242] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] unlink("./43/binderfs" [pid 5082] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6243] <... mmap resumed>) = 0x7f5659bc2000 [pid 6242] <... futex resumed>) = 0 [pid 5085] <... unlink resumed>) = 0 [ 123.591119][ T6241] loop0: detected capacity change from 0 to 2048 [ 123.626942][ T948] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 5082] unlink("./44/binderfs" [pid 6243] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6242] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5085] umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... unlink resumed>) = 0 [pid 6243] <... mprotect resumed>) = 0 [pid 5082] umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6243] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6244 attached , parent_tid=[6246], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6246 [pid 6244] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6244] memfd_create("syzkaller", 0) = 3 [pid 6244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6244] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6243] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6243] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6244] <... write resumed>) = 1048576 [pid 6244] munmap(0x7f56517c2000, 1048576) = 0 [pid 6244] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6244] ioctl(4, LOOP_SET_FD, 3 [pid 6230] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6244] <... ioctl resumed>) = 0 [pid 6244] close(3./strace-static-x86_64: Process 6246 attached [pid 6241] <... mount resumed>) = 0 [pid 6246] set_robust_list(0x7f5659be29e0, 24 [pid 6241] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6246] <... set_robust_list resumed>) = 0 [pid 6246] memfd_create("syzkaller", 0 [pid 6241] <... openat resumed>) = 3 [pid 6246] <... memfd_create resumed>) = 3 [ 123.642711][ T6241] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/44/bus supports timestamps until 2038 (0x7fffffff) [ 123.656823][ T11] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 123.663856][ T6244] loop2: detected capacity change from 0 to 2048 [ 123.681992][ T948] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6241] chdir("./bus" [pid 6233] <... write resumed>) = 262144 [pid 6233] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6230] exit_group(0) = ? [pid 6246] <... mmap resumed>) = 0x7f56517c2000 [pid 6241] <... chdir resumed>) = 0 [pid 6233] +++ exited with 0 +++ [pid 6230] +++ exited with 0 +++ [pid 6241] ioctl(4, LOOP_CLR_FD [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6230, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6244] <... close resumed>) = 0 [pid 6244] mkdir("./bus", 0777 [pid 6246] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6241] <... ioctl resumed>) = 0 [pid 6244] <... mkdir resumed>) = 0 [ 123.696058][ T11] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 123.718538][ T948] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [pid 6241] close(4) = 0 [pid 6241] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6240] <... futex resumed>) = 0 [pid 6244] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6241] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6240] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6241] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6240] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6241] chdir("./file0" [pid 6240] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6241] <... chdir resumed>) = 0 [pid 5086] <... openat resumed>) = 3 [pid 6241] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] fstat(3, [pid 6241] <... futex resumed>) = 1 [pid 6240] <... futex resumed>) = 0 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6241] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6240] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] getdents64(3, [pid 6241] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6240] <... futex resumed>) = 0 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6241] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6240] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6241] <... openat resumed>) = 4 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6241] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] lstat("./44/binderfs", [pid 6241] <... futex resumed>) = 1 [ 123.739636][ T11] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 123.753513][ T948] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 123.776502][ T948] EXT4-fs (loop4): This should not happen!! Data will be lost [ 123.776502][ T948] [pid 6240] <... futex resumed>) = 0 [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6241] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6240] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] unlink("./44/binderfs" [pid 6241] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6240] <... futex resumed>) = 0 [pid 5086] <... unlink resumed>) = 0 [pid 6241] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6240] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6241] <... write resumed>) = 262144 [pid 6246] <... write resumed>) = 1048576 [pid 6246] munmap(0x7f56517c2000, 1048576) = 0 [pid 6246] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6241] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6246] ioctl(4, LOOP_SET_FD, 3 [pid 6241] <... futex resumed>) = 1 [pid 6240] <... futex resumed>) = 0 [ 123.786919][ T11] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 123.799717][ T11] EXT4-fs (loop1): This should not happen!! Data will be lost [ 123.799717][ T11] [ 123.811050][ T11] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 123.824894][ T5118] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [pid 6241] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6240] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6241] <... mmap resumed>) = 0x20000000 [pid 6240] <... futex resumed>) = 0 [pid 6240] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6241] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6240] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6241] <... futex resumed>) = 0 [pid 6240] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6241] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6240] <... futex resumed>) = 0 [pid 6241] <... open resumed>) = 5 [pid 6240] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6241] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6240] <... futex resumed>) = 0 [pid 6241] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6240] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6241] <... mount resumed>) = 0 [pid 6240] <... futex resumed>) = 0 [pid 6241] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6240] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6241] <... futex resumed>) = 0 [pid 6240] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6241] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6240] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6246] <... ioctl resumed>) = 0 [pid 6241] <... open resumed>) = 6 [pid 6240] <... futex resumed>) = 0 [pid 6246] close(3 [ 123.826014][ T948] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 123.845514][ T6246] loop3: detected capacity change from 0 to 2048 [ 123.850694][ T11] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 123.865908][ T27] kauditd_printk_skb: 16 callbacks suppressed [ 123.865926][ T27] audit: type=1800 audit(1678856075.265:266): pid=6241 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop0" ino=19 res=0 errno=0 [pid 6241] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6240] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6246] <... close resumed>) = 0 [pid 6241] <... futex resumed>) = 0 [pid 6244] <... mount resumed>) = 0 [pid 6244] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6244] chdir("./bus") = 0 [pid 6244] ioctl(4, LOOP_CLR_FD) = 0 [pid 6244] close(4) = 0 [pid 6244] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6242] <... futex resumed>) = 0 [pid 6242] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6242] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6244] <... futex resumed>) = 1 [pid 6244] chdir("./file0") = 0 [pid 6240] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6244] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6240] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6244] <... futex resumed>) = 1 [pid 6240] <... futex resumed>) = 0 [pid 6242] <... futex resumed>) = 0 [pid 6246] mkdir("./bus", 0777 [pid 6244] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6242] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6241] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6240] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6246] <... mkdir resumed>) = 0 [pid 6244] <... openat resumed>) = 4 [pid 6242] <... futex resumed>) = 0 [pid 6244] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6246] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6244] <... futex resumed>) = 0 [pid 6242] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6241] <... write resumed>) = 262144 [pid 6244] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6242] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6241] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6242] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6241] <... futex resumed>) = 1 [pid 6240] <... futex resumed>) = 0 [pid 6244] <... futex resumed>) = 0 [pid 6242] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6241] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 123.873651][ T6244] ext4 filesystem being mounted at /root/syzkaller.22hR0w/44/bus supports timestamps until 2038 (0x7fffffff) [ 123.889340][ T5118] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 123.915495][ T948] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 123.934957][ T5118] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [ 123.968088][ T5118] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 123.982195][ T5118] EXT4-fs (loop5): This should not happen!! Data will be lost [ 123.982195][ T5118] [ 123.993764][ T5118] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [pid 6244] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6240] exit_group(0 [pid 6241] <... futex resumed>) = ? [pid 6240] <... exit_group resumed>) = ? [pid 5085] <... umount2 resumed>) = 0 [pid 5082] <... umount2 resumed>) = 0 [pid 6244] <... write resumed>) = 262144 [pid 6242] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6241] +++ exited with 0 +++ [pid 6240] +++ exited with 0 +++ [pid 6244] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6242] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6244] <... futex resumed>) = 0 [pid 6242] <... futex resumed>) = 0 [pid 6244] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6242] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6244] <... mmap resumed>) = 0x20000000 [pid 6244] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6242] <... futex resumed>) = 0 [pid 6244] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6242] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6240, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 6244] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6242] <... futex resumed>) = 0 [pid 6244] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6242] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6244] <... open resumed>) = 5 [pid 6244] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6242] <... futex resumed>) = 0 [pid 6244] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 6242] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6244] <... mount resumed>) = 0 [pid 6242] <... futex resumed>) = 0 [pid 6244] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6242] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6244] <... futex resumed>) = 0 [pid 6242] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6244] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6242] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6244] <... open resumed>) = 6 [pid 6242] <... futex resumed>) = 0 [pid 6244] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6242] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6244] <... futex resumed>) = 0 [pid 6242] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6244] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6242] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6242] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6246] <... mount resumed>) = 0 [pid 6246] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6246] chdir("./bus") = 0 [pid 6246] ioctl(4, LOOP_CLR_FD) = 0 [pid 6246] close(4) = 0 [ 124.007765][ T5118] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 124.032433][ T6246] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/45/bus supports timestamps until 2038 (0x7fffffff) [pid 6246] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6246] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./43/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6243] <... futex resumed>) = 0 [pid 6243] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6246] <... futex resumed>) = 0 [pid 6243] <... futex resumed>) = 1 [pid 5081] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] umount2("./43/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./43/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6246] chdir("./file0" [pid 6243] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] <... openat resumed>) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, [pid 5081] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5081] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] getdents64(3, [pid 6246] <... chdir resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6246] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6246] <... futex resumed>) = 1 [pid 6243] <... futex resumed>) = 0 [pid 5081] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6246] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6243] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6243] <... futex resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6246] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6243] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] lstat("./44/binderfs", [pid 5085] getdents64(4, [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5081] unlink("./44/binderfs" [pid 6244] <... write resumed>) = 262144 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6244] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] close(4 [pid 6244] <... futex resumed>) = 1 [pid 6242] <... futex resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5081] <... unlink resumed>) = 0 [pid 6244] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6242] exit_group(0 [pid 5081] umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6244] <... futex resumed>) = ? [pid 6242] <... exit_group resumed>) = ? [pid 5085] rmdir("./43/bus" [pid 6244] +++ exited with 0 +++ [pid 6242] +++ exited with 0 +++ [pid 5085] <... rmdir resumed>) = 0 [pid 5085] getdents64(3, [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6242, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [ 124.051848][ T27] audit: type=1800 audit(1678856075.445:267): pid=6244 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop2" ino=19 res=0 errno=0 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5085] close(3) = 0 [pid 5085] rmdir("./43") = 0 [pid 5085] mkdir("./44", 0777) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5085] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5085] close(3) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 6252 ./strace-static-x86_64: Process 6252 attached [pid 6252] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 6252] chdir("./44") = 0 [pid 6252] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5083] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5083] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5083] fstat(3, [pid 5082] umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] getdents64(3, [pid 5082] lstat("./44/bus", [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6246] <... openat resumed>) = 4 [pid 5083] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6246] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] lstat("./44/binderfs", [pid 6246] <... futex resumed>) = 1 [pid 6243] <... futex resumed>) = 0 [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] <... openat resumed>) = 4 [pid 6246] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6243] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] unlink("./44/binderfs" [pid 6243] <... futex resumed>) = 0 [pid 5083] <... unlink resumed>) = 0 [pid 5082] fstat(4, [pid 6243] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6252] <... prctl resumed>) = 0 [pid 5082] getdents64(4, [pid 6252] setpgid(0, 0) = 0 [pid 6252] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5082] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6252] <... openat resumed>) = 3 [pid 5086] <... umount2 resumed>) = 0 [pid 6252] write(3, "1000", 4 [pid 5082] getdents64(4, [pid 6252] <... write resumed>) = 4 [pid 6252] close(3) = 0 [pid 6252] symlink("/dev/binderfs", "./binderfs" [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6252] <... symlink resumed>) = 0 [pid 6246] <... write resumed>) = 262144 [pid 5086] umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] close(4 [pid 6252] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6246] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6252] <... futex resumed>) = 0 [ 124.092399][ T1062] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 124.122045][ T9] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 6252] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6246] <... futex resumed>) = 1 [pid 6243] <... futex resumed>) = 0 [pid 5086] lstat("./44/bus", [pid 5082] <... close resumed>) = 0 [pid 6252] <... mmap resumed>) = 0x7f5659bc2000 [pid 6243] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6252] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6243] <... futex resumed>) = 0 [pid 6252] <... mprotect resumed>) = 0 [pid 6243] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6252] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6253], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6253 [pid 6252] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6252] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6253 attached [pid 6253] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6253] memfd_create("syzkaller", 0) = 3 [pid 6253] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6246] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] rmdir("./44/bus" [pid 6246] <... mmap resumed>) = 0x20000000 [pid 6246] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6243] <... futex resumed>) = 0 [pid 6246] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6243] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6246] <... open resumed>) = 5 [pid 6243] <... futex resumed>) = 0 [pid 6246] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6243] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6246] <... futex resumed>) = 0 [pid 6243] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6246] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 6243] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6246] <... mount resumed>) = 0 [pid 6243] <... futex resumed>) = 0 [pid 6246] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6243] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6246] <... futex resumed>) = 0 [pid 6243] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] <... rmdir resumed>) = 0 [pid 6246] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6243] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6246] <... open resumed>) = 6 [ 124.160866][ T1062] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 124.169628][ T9] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 124.171342][ T1062] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:6: mark_inode_dirty error [pid 6243] <... futex resumed>) = 0 [pid 6253] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6246] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6243] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] getdents64(3, [pid 6246] <... futex resumed>) = 0 [pid 6243] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6246] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6243] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6243] <... futex resumed>) = 0 [pid 6246] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6243] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5086] <... openat resumed>) = 4 [pid 5086] fstat(4, [pid 5082] close(3 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... close resumed>) = 0 [pid 6246] <... write resumed>) = 262144 [pid 6246] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6243] <... futex resumed>) = 0 [pid 6243] exit_group(0 [pid 6246] <... futex resumed>) = ? [pid 6243] <... exit_group resumed>) = ? [ 124.194731][ T27] audit: type=1800 audit(1678856075.585:268): pid=6246 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop3" ino=19 res=0 errno=0 [ 124.215924][ T1062] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 124.232607][ T1062] EXT4-fs (loop0): This should not happen!! Data will be lost [ 124.232607][ T1062] [ 124.233991][ T9] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [pid 6246] +++ exited with 0 +++ [pid 6243] +++ exited with 0 +++ [pid 5086] getdents64(4, [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6243, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5082] rmdir("./44" [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5082] <... rmdir resumed>) = 0 [pid 5086] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] mkdir("./45", 0777 [pid 5086] close(4 [pid 5084] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] <... close resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... mkdir resumed>) = 0 [pid 5086] rmdir("./44/bus" [pid 5084] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5086] <... rmdir resumed>) = 0 [pid 5084] <... openat resumed>) = 3 [pid 5082] <... openat resumed>) = 3 [pid 5086] getdents64(3, [pid 5084] fstat(3, [pid 5082] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] close(3 [pid 5086] close(3 [pid 5084] getdents64(3, [pid 5082] <... close resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5086] rmdir("./44" [pid 5084] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] <... rmdir resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6254 [pid 5086] mkdir("./45", 0777 [pid 5084] lstat("./45/binderfs", [pid 5086] <... mkdir resumed>) = 0 [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5084] unlink("./45/binderfs" [pid 5086] <... openat resumed>) = 3 [pid 5086] ioctl(3, LOOP_CLR_FD [pid 5084] <... unlink resumed>) = 0 [pid 5086] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5084] umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] close(3 [pid 6253] <... write resumed>) = 1048576 [pid 6253] munmap(0x7f56517c2000, 1048576) = 0 [pid 6253] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 124.245131][ T1062] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 124.271559][ T1062] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [pid 6253] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6254 attached [pid 5086] <... close resumed>) = 0 [pid 6254] set_robust_list(0x555556f1a5e0, 24 [pid 6253] <... ioctl resumed>) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6254] <... set_robust_list resumed>) = 0 [pid 6253] close(3 [pid 6254] chdir("./45" [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6255 [pid 6254] <... chdir resumed>) = 0 [pid 6254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6254] setpgid(0, 0) = 0 [pid 6254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6253] <... close resumed>) = 0 [pid 6254] <... openat resumed>) = 3 [pid 6254] write(3, "1000", 4) = 4 [pid 6253] mkdir("./bus", 0777./strace-static-x86_64: Process 6255 attached [pid 6254] close(3 [pid 6255] set_robust_list(0x555556f1a5e0, 24 [pid 6254] <... close resumed>) = 0 [pid 6253] <... mkdir resumed>) = 0 [pid 6255] <... set_robust_list resumed>) = 0 [pid 6254] symlink("/dev/binderfs", "./binderfs" [pid 6255] chdir("./45" [pid 6254] <... symlink resumed>) = 0 [pid 6253] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6255] <... chdir resumed>) = 0 [pid 6254] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6255] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6254] <... futex resumed>) = 0 [pid 6255] <... prctl resumed>) = 0 [pid 6254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6255] setpgid(0, 0 [pid 6254] <... mmap resumed>) = 0x7f5659bc2000 [pid 6255] <... setpgid resumed>) = 0 [pid 6254] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6255] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6254] <... mprotect resumed>) = 0 [pid 6255] <... openat resumed>) = 3 [pid 6254] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6255] write(3, "1000", 4) = 4 [pid 6254] <... clone resumed>, parent_tid=[6256], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6256 [pid 6255] close(3 [pid 6254] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6255] <... close resumed>) = 0 [pid 6254] <... futex resumed>) = 0 [pid 6255] symlink("/dev/binderfs", "./binderfs" [pid 6254] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6255] <... symlink resumed>) = 0 [pid 6255] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6256 attached [pid 6255] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6256] set_robust_list(0x7f5659be29e0, 24 [pid 6255] <... mmap resumed>) = 0x7f5659bc2000 [ 124.299977][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 124.310911][ T6253] loop4: detected capacity change from 0 to 2048 [ 124.320589][ T11] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 124.334553][ T9] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 6256] <... set_robust_list resumed>) = 0 [pid 6255] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5081] <... umount2 resumed>) = 0 [pid 6256] memfd_create("syzkaller", 0 [pid 6255] <... mprotect resumed>) = 0 [pid 6256] <... memfd_create resumed>) = 3 [pid 6255] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6255] <... clone resumed>, parent_tid=[6259], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6259 [pid 6255] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6255] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6259 attached [pid 6259] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6259] memfd_create("syzkaller", 0) = 3 [pid 6259] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 5081] umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6256] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] lstat("./44/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 124.381570][ T9] EXT4-fs (loop2): This should not happen!! Data will be lost [ 124.381570][ T9] [ 124.400829][ T11] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 124.417123][ T6253] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/44/bus supports timestamps until 2038 (0x7fffffff) [pid 6259] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6253] <... mount resumed>) = 0 [pid 5081] openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5081] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5081] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5081] close(4) = 0 [pid 5081] rmdir("./44/bus" [pid 6253] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5081] <... rmdir resumed>) = 0 [pid 5081] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5081] close(3) = 0 [pid 5081] rmdir("./44") = 0 [pid 6259] <... write resumed>) = 1048576 [pid 6253] <... openat resumed>) = 3 [pid 5081] mkdir("./45", 0777 [pid 6256] <... write resumed>) = 1048576 [pid 6253] chdir("./bus" [pid 5081] <... mkdir resumed>) = 0 [pid 6253] <... chdir resumed>) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6253] ioctl(4, LOOP_CLR_FD [pid 5081] <... openat resumed>) = 3 [pid 6253] <... ioctl resumed>) = 0 [ 124.440967][ T11] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 124.461388][ T9] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 124.476177][ T9] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 5081] ioctl(3, LOOP_CLR_FD [pid 6253] close(4 [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6256] munmap(0x7f56517c2000, 1048576 [pid 6253] <... close resumed>) = 0 [pid 5081] close(3 [pid 6253] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... close resumed>) = 0 [pid 6259] munmap(0x7f56517c2000, 1048576 [pid 6253] <... futex resumed>) = 1 [pid 6252] <... futex resumed>) = 0 [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6253] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6252] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6252] <... futex resumed>) = 0 [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6260 [pid 6259] <... munmap resumed>) = 0 [pid 6256] <... munmap resumed>) = 0 [pid 6253] chdir("./file0" [pid 6252] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 6260 attached [pid 6259] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6256] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6253] <... chdir resumed>) = 0 [pid 6260] set_robust_list(0x555556f1a5e0, 24 [pid 6259] <... openat resumed>) = 4 [pid 6256] <... openat resumed>) = 4 [pid 6253] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6260] <... set_robust_list resumed>) = 0 [ 124.489798][ T11] EXT4-fs (loop3): This should not happen!! Data will be lost [ 124.489798][ T11] [ 124.501368][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 124.515815][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 6259] ioctl(4, LOOP_SET_FD, 3 [pid 6256] ioctl(4, LOOP_SET_FD, 3 [pid 6253] <... futex resumed>) = 1 [pid 6252] <... futex resumed>) = 0 [pid 6260] chdir("./45" [pid 6259] <... ioctl resumed>) = 0 [pid 6256] <... ioctl resumed>) = 0 [pid 6253] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6252] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... umount2 resumed>) = 0 [pid 6260] <... chdir resumed>) = 0 [pid 6259] close(3 [pid 6253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6252] <... futex resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6256] close(3 [pid 6260] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6259] <... close resumed>) = 0 [pid 6253] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6252] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] lstat("./45/bus", [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6260] <... prctl resumed>) = 0 [pid 6259] mkdir("./bus", 0777 [pid 6256] <... close resumed>) = 0 [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6260] setpgid(0, 0 [pid 5084] umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] lstat("./44/bus", [pid 6260] <... setpgid resumed>) = 0 [pid 6259] <... mkdir resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6260] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6259] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6256] mkdir("./bus", 0777 [pid 6253] <... openat resumed>) = 4 [pid 5084] openat(AT_FDCWD, "./45/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6260] <... openat resumed>) = 3 [pid 6253] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... openat resumed>) = 4 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6260] write(3, "1000", 4 [pid 6256] <... mkdir resumed>) = 0 [pid 6253] <... futex resumed>) = 1 [pid 6252] <... futex resumed>) = 0 [pid 5084] fstat(4, [pid 5083] openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6260] <... write resumed>) = 4 [pid 6256] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6253] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6252] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] <... openat resumed>) = 4 [pid 6260] close(3 [pid 6253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6252] <... futex resumed>) = 0 [pid 5084] getdents64(4, [pid 5083] fstat(4, [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] getdents64(4, [pid 5083] getdents64(4, [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5084] close(4 [pid 5083] getdents64(4, [pid 5084] <... close resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5084] rmdir("./45/bus" [pid 5083] close(4 [pid 5084] <... rmdir resumed>) = 0 [pid 5083] <... close resumed>) = 0 [pid 5084] getdents64(3, [pid 5083] rmdir("./44/bus" [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5083] <... rmdir resumed>) = 0 [pid 5084] close(3 [pid 5083] getdents64(3, [pid 5084] <... close resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5084] rmdir("./45" [pid 5083] close(3 [pid 5084] <... rmdir resumed>) = 0 [pid 5083] <... close resumed>) = 0 [pid 5084] mkdir("./46", 0777 [pid 5083] rmdir("./44" [pid 6260] <... close resumed>) = 0 [pid 6253] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6252] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... mkdir resumed>) = 0 [pid 5083] <... rmdir resumed>) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5083] mkdir("./45", 0777 [pid 5084] <... openat resumed>) = 3 [pid 5083] <... mkdir resumed>) = 0 [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5083] <... openat resumed>) = 3 [pid 5084] close(3 [pid 5083] ioctl(3, LOOP_CLR_FD [pid 6260] symlink("/dev/binderfs", "./binderfs" [pid 6259] <... mount resumed>) = 0 [pid 6253] <... write resumed>) = 262144 [pid 5084] <... close resumed>) = 0 [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6260] <... symlink resumed>) = 0 [pid 6259] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6253] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5083] close(3 [pid 6260] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6259] <... openat resumed>) = 3 [pid 6253] <... futex resumed>) = 1 [pid 6252] <... futex resumed>) = 0 [pid 6260] <... futex resumed>) = 0 [pid 6259] chdir("./bus" [pid 6253] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6252] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6260] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6259] <... chdir resumed>) = 0 [pid 6253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6252] <... futex resumed>) = 0 [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6263 [pid 5083] <... close resumed>) = 0 [pid 6260] <... mmap resumed>) = 0x7f5659bc2000 [pid 6259] ioctl(4, LOOP_CLR_FD [pid 6253] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6252] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6260] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6259] <... ioctl resumed>) = 0 [pid 6253] <... mmap resumed>) = 0x20000000 [pid 6260] <... mprotect resumed>) = 0 [pid 6259] close(4 [pid 6253] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6263 attached [pid 6260] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6259] <... close resumed>) = 0 [pid 6253] <... futex resumed>) = 1 [pid 6252] <... futex resumed>) = 0 [pid 6263] set_robust_list(0x555556f1a5e0, 24 [ 124.578226][ T6259] loop5: detected capacity change from 0 to 2048 [ 124.586151][ T6256] loop1: detected capacity change from 0 to 2048 [ 124.616484][ T6259] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/45/bus supports timestamps until 2038 (0x7fffffff) [pid 6259] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6253] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6252] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6263] <... set_robust_list resumed>) = 0 [pid 6260] <... clone resumed>, parent_tid=[6265], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6265 [pid 6259] <... futex resumed>) = 1 [pid 6255] <... futex resumed>) = 0 [pid 6253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6252] <... futex resumed>) = 0 [pid 6263] chdir("./46" [pid 6260] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6259] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6255] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6253] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6252] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6265 attached [pid 6263] <... chdir resumed>) = 0 [pid 6260] <... futex resumed>) = 0 [pid 6259] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6255] <... futex resumed>) = 0 [pid 6253] <... open resumed>) = 5 [pid 6265] set_robust_list(0x7f5659be29e0, 24 [pid 6263] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6260] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6259] chdir("./file0" [pid 6255] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6253] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6267 attached [pid 6265] <... set_robust_list resumed>) = 0 [pid 6263] <... prctl resumed>) = 0 [pid 6259] <... chdir resumed>) = 0 [pid 6253] <... futex resumed>) = 1 [pid 6252] <... futex resumed>) = 0 [pid 6267] set_robust_list(0x555556f1a5e0, 24 [pid 6265] memfd_create("syzkaller", 0 [pid 6263] setpgid(0, 0 [pid 6259] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6253] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6252] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6267] <... set_robust_list resumed>) = 0 [pid 6265] <... memfd_create resumed>) = 3 [pid 6263] <... setpgid resumed>) = 0 [pid 6259] <... futex resumed>) = 1 [pid 6255] <... futex resumed>) = 0 [pid 6253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6252] <... futex resumed>) = 0 [pid 6267] chdir("./45" [pid 6265] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6259] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6255] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6253] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 6252] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6267] <... chdir resumed>) = 0 [pid 6265] <... mmap resumed>) = 0x7f56517c2000 [pid 6263] <... openat resumed>) = 3 [pid 6259] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6255] <... futex resumed>) = 0 [pid 6253] <... mount resumed>) = 0 [pid 6267] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6265] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6263] write(3, "1000", 4 [pid 6259] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6255] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6253] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6267] <... prctl resumed>) = 0 [pid 6263] <... write resumed>) = 4 [pid 6259] <... openat resumed>) = 4 [pid 6253] <... futex resumed>) = 1 [pid 6252] <... futex resumed>) = 0 [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6267 [pid 6267] setpgid(0, 0 [pid 6263] close(3 [pid 6259] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6253] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6252] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6267] <... setpgid resumed>) = 0 [pid 6263] <... close resumed>) = 0 [pid 6259] <... futex resumed>) = 1 [pid 6255] <... futex resumed>) = 0 [pid 6253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6252] <... futex resumed>) = 0 [pid 6267] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6263] symlink("/dev/binderfs", "./binderfs" [pid 6259] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6255] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6253] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6252] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6267] <... openat resumed>) = 3 [pid 6263] <... symlink resumed>) = 0 [pid 6259] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6255] <... futex resumed>) = 0 [pid 6253] <... open resumed>) = 6 [pid 6267] write(3, "1000", 4 [pid 6263] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6259] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6255] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6253] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6267] <... write resumed>) = 4 [pid 6265] <... write resumed>) = 1048576 [pid 6263] <... futex resumed>) = 0 [pid 6259] <... write resumed>) = 262144 [pid 6256] <... mount resumed>) = 0 [pid 6267] close(3 [pid 6265] munmap(0x7f56517c2000, 1048576 [pid 6263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6256] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6253] <... futex resumed>) = 1 [pid 6252] <... futex resumed>) = 0 [pid 6267] <... close resumed>) = 0 [pid 6265] <... munmap resumed>) = 0 [pid 6263] <... mmap resumed>) = 0x7f5659bc2000 [pid 6256] <... openat resumed>) = 3 [pid 6253] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6252] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6267] symlink("/dev/binderfs", "./binderfs" [pid 6265] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6263] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6256] chdir("./bus" [pid 6253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6252] <... futex resumed>) = 0 [pid 6267] <... symlink resumed>) = 0 [pid 6265] <... openat resumed>) = 4 [pid 6263] <... mprotect resumed>) = 0 [pid 6256] <... chdir resumed>) = 0 [pid 6253] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 124.665229][ T27] audit: type=1800 audit(1678856076.065:269): pid=6253 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop4" ino=19 res=0 errno=0 [ 124.691802][ T6256] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/45/bus supports timestamps until 2038 (0x7fffffff) [pid 6252] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6267] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6265] ioctl(4, LOOP_SET_FD, 3 [pid 6263] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6256] ioctl(4, LOOP_CLR_FD [pid 6267] <... futex resumed>) = 0 [pid 6256] <... ioctl resumed>) = 0 [pid 6267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6263] <... clone resumed>, parent_tid=[6268], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6268 [pid 6256] close(4 [pid 6267] <... mmap resumed>) = 0x7f5659bc2000 [pid 6256] <... close resumed>) = 0 [pid 6256] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6254] <... futex resumed>) = 0 [pid 6267] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6263] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6256] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6254] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6265] <... ioctl resumed>) = 0 [pid 6263] <... futex resumed>) = 0 [pid 6256] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6254] <... futex resumed>) = 0 [pid 6267] <... mprotect resumed>) = 0 [pid 6265] close(3 [pid 6263] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6256] chdir("./file0" [pid 6254] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6267] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6265] <... close resumed>) = 0 [pid 6256] <... chdir resumed>) = 0 [pid 6265] mkdir("./bus", 0777 [pid 6256] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6267] <... clone resumed>, parent_tid=[6269], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6269 [pid 6265] <... mkdir resumed>) = 0 [pid 6256] <... futex resumed>) = 1 [pid 6254] <... futex resumed>) = 0 [pid 6267] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6265] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6256] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6254] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6267] <... futex resumed>) = 0 [pid 6254] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6268 attached ./strace-static-x86_64: Process 6269 attached [pid 6267] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6256] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6254] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6253] <... write resumed>) = 262144 [pid 6259] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6269] set_robust_list(0x7f5659be29e0, 24 [pid 6268] set_robust_list(0x7f5659be29e0, 24 [pid 6259] <... futex resumed>) = 1 [pid 6256] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6255] <... futex resumed>) = 0 [pid 6253] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6268] <... set_robust_list resumed>) = 0 [pid 6259] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6255] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 124.746579][ T6265] loop0: detected capacity change from 0 to 2048 [pid 6269] <... set_robust_list resumed>) = 0 [pid 6268] memfd_create("syzkaller", 0 [pid 6259] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6256] <... openat resumed>) = 4 [pid 6255] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6253] <... futex resumed>) = 1 [pid 6252] <... futex resumed>) = 0 [pid 6256] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6252] exit_group(0) = ? [pid 6256] <... futex resumed>) = 1 [pid 6254] <... futex resumed>) = 0 [pid 6259] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6256] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6254] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6256] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6254] <... futex resumed>) = 0 [pid 6254] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6256] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6265] <... mount resumed>) = 0 [pid 6265] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6265] chdir("./bus" [pid 6268] <... memfd_create resumed>) = 3 [pid 6269] memfd_create("syzkaller", 0 [pid 6268] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6259] <... mmap resumed>) = 0x20000000 [pid 6269] <... memfd_create resumed>) = 3 [pid 6269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6259] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6253] +++ exited with 0 +++ [pid 6252] +++ exited with 0 +++ [pid 6269] <... mmap resumed>) = 0x7f56517c2000 [pid 6259] <... futex resumed>) = 1 [pid 6255] <... futex resumed>) = 0 [pid 6255] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6252, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6268] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6255] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] restart_syscall(<... resuming interrupted clone ...> [pid 6265] <... chdir resumed>) = 0 [pid 6259] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5085] <... restart_syscall resumed>) = 0 [ 124.790533][ T6265] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/45/bus supports timestamps until 2038 (0x7fffffff) [pid 6269] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6265] ioctl(4, LOOP_CLR_FD [pid 6259] <... open resumed>) = 5 [pid 6256] <... write resumed>) = 262144 [pid 6254] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6254] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6265] <... ioctl resumed>) = 0 [pid 6259] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6254] <... futex resumed>) = 0 [pid 5085] umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6265] close(4 [pid 6259] <... futex resumed>) = 1 [pid 6255] <... futex resumed>) = 0 [pid 6254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6265] <... close resumed>) = 0 [pid 6259] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6255] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6254] <... mmap resumed>) = 0x7f56518a1000 [pid 5085] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6265] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6259] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6256] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6255] <... futex resumed>) = 0 [pid 6254] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 5085] <... openat resumed>) = 3 [pid 6265] <... futex resumed>) = 1 [pid 6260] <... futex resumed>) = 0 [pid 6259] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 6256] <... futex resumed>) = 0 [pid 6255] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6254] <... mprotect resumed>) = 0 [pid 5085] fstat(3, [pid 6265] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6260] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6259] <... mount resumed>) = 0 [pid 6256] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6254] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6265] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6260] <... futex resumed>) = 0 [pid 6259] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] getdents64(3, [pid 6265] chdir("./file0" [pid 6260] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6259] <... futex resumed>) = 1 [pid 6255] <... futex resumed>) = 0 [pid 6254] <... clone resumed>, parent_tid=[6272], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 6272 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 ./strace-static-x86_64: Process 6272 attached [pid 6265] <... chdir resumed>) = 0 [pid 6259] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6255] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6254] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6272] set_robust_list(0x7f56518c19e0, 24 [pid 6265] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6259] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6255] <... futex resumed>) = 0 [pid 6254] <... futex resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6272] <... set_robust_list resumed>) = 0 [pid 6268] <... write resumed>) = 1048576 [pid 6265] <... futex resumed>) = 1 [pid 6260] <... futex resumed>) = 0 [pid 6259] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6255] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6254] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] lstat("./44/binderfs", [pid 6272] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6268] munmap(0x7f56517c2000, 1048576 [pid 6265] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6260] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6259] <... open resumed>) = 6 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6272] <... mmap resumed>) = 0x20000000 [pid 6268] <... munmap resumed>) = 0 [pid 6265] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6260] <... futex resumed>) = 0 [pid 6259] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [ 124.833261][ T27] audit: type=1800 audit(1678856076.235:270): pid=6259 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop5" ino=19 res=0 errno=0 [pid 5085] unlink("./44/binderfs" [pid 6272] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6268] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6265] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6260] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6259] <... futex resumed>) = 1 [pid 6255] <... futex resumed>) = 0 [pid 5085] <... unlink resumed>) = 0 [pid 6272] <... futex resumed>) = 1 [pid 6268] <... openat resumed>) = 4 [pid 6259] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6255] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6254] <... futex resumed>) = 0 [pid 5085] umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6272] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6268] ioctl(4, LOOP_SET_FD, 3 [pid 6265] <... openat resumed>) = 4 [pid 6259] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6255] <... futex resumed>) = 0 [pid 6254] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6269] <... write resumed>) = 1048576 [pid 6268] <... ioctl resumed>) = 0 [pid 6254] <... futex resumed>) = 1 [pid 6254] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6268] close(3) = 0 [pid 6268] mkdir("./bus", 0777) = 0 [pid 6268] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6259] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6256] <... futex resumed>) = 0 [ 124.899650][ T6268] loop3: detected capacity change from 0 to 2048 [ 124.904599][ T5118] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 124.929941][ T5118] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6255] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6269] munmap(0x7f56517c2000, 1048576 [pid 6265] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6256] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6269] <... munmap resumed>) = 0 [pid 6265] <... futex resumed>) = 1 [pid 6260] <... futex resumed>) = 0 [pid 6259] <... write resumed>) = 262144 [pid 6256] <... open resumed>) = 5 [pid 6269] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6265] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6260] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6256] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6269] <... openat resumed>) = 4 [pid 6265] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6260] <... futex resumed>) = 0 [pid 6256] <... futex resumed>) = 1 [pid 6269] ioctl(4, LOOP_SET_FD, 3 [pid 6265] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6260] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6256] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6265] <... write resumed>) = 262144 [pid 6259] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6255] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6254] <... futex resumed>) = 0 [pid 6255] exit_group(0) = ? [pid 6265] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6260] <... futex resumed>) = 0 [pid 6260] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6260] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6259] <... futex resumed>) = ? [pid 6254] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6265] <... futex resumed>) = 1 [pid 6265] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6256] <... futex resumed>) = 0 [pid 6254] <... futex resumed>) = 1 [pid 6265] <... mmap resumed>) = 0x20000000 [ 124.940735][ T27] audit: type=1800 audit(1678856076.345:271): pid=6256 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop1" ino=19 res=0 errno=0 [ 124.944227][ T6269] loop2: detected capacity change from 0 to 2048 [ 124.972893][ T5118] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [pid 6256] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 6254] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6265] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6259] +++ exited with 0 +++ [pid 6256] <... mount resumed>) = 0 [pid 6255] +++ exited with 0 +++ [pid 6265] <... futex resumed>) = 1 [pid 6260] <... futex resumed>) = 0 [pid 6256] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6255, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=5 /* 0.05 s */} --- [pid 6265] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6260] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6256] <... futex resumed>) = 0 [pid 5086] restart_syscall(<... resuming interrupted clone ...> [pid 6265] <... open resumed>) = 5 [pid 6260] <... futex resumed>) = 0 [pid 6256] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6254] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] <... restart_syscall resumed>) = 0 [pid 6265] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6260] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6265] <... futex resumed>) = 0 [pid 6260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6265] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6260] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6265] <... mount resumed>) = 0 [pid 6260] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6265] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6260] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6265] <... futex resumed>) = 0 [ 124.990740][ T5118] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 125.004334][ T27] audit: type=1800 audit(1678856076.405:272): pid=6265 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop0" ino=19 res=0 errno=0 [ 125.006207][ T6268] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/46/bus supports timestamps until 2038 (0x7fffffff) [ 125.024805][ T5118] EXT4-fs (loop4): This should not happen!! Data will be lost [ 125.024805][ T5118] [pid 6260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] <... openat resumed>) = 3 [pid 6265] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6260] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6254] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] fstat(3, [pid 6265] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6260] <... futex resumed>) = 0 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6265] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6260] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] getdents64(3, [pid 6269] <... ioctl resumed>) = 0 [pid 6265] <... open resumed>) = 6 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6269] close(3 [pid 6265] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6269] <... close resumed>) = 0 [pid 6265] <... futex resumed>) = 1 [pid 6260] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6269] mkdir("./bus", 0777 [pid 6265] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6260] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] lstat("./45/binderfs", [pid 6269] <... mkdir resumed>) = 0 [pid 6268] <... mount resumed>) = 0 [pid 6265] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6260] <... futex resumed>) = 0 [pid 6256] <... futex resumed>) = 0 [pid 6254] <... futex resumed>) = 1 [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6269] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6265] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6260] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6256] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5086] unlink("./45/binderfs" [pid 6268] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6256] <... open resumed>) = 6 [pid 6254] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6268] <... openat resumed>) = 3 [pid 5086] <... unlink resumed>) = 0 [pid 6268] chdir("./bus" [pid 6265] <... write resumed>) = 262144 [pid 6256] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6268] <... chdir resumed>) = 0 [pid 6268] ioctl(4, LOOP_CLR_FD) = 0 [pid 6268] close(4 [pid 6265] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6268] <... close resumed>) = 0 [pid 6265] <... futex resumed>) = 1 [pid 6260] <... futex resumed>) = 0 [pid 6256] <... futex resumed>) = 1 [pid 6254] <... futex resumed>) = 0 [pid 6268] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6265] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6260] exit_group(0 [pid 6254] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6268] <... futex resumed>) = 1 [pid 6254] <... futex resumed>) = 0 [pid 6268] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 125.048941][ T5118] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 125.063608][ T5118] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [pid 6254] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6260] <... exit_group resumed>) = ? [pid 6265] <... futex resumed>) = ? [pid 6263] <... futex resumed>) = 0 [pid 6256] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6265] +++ exited with 0 +++ [pid 6263] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6260] +++ exited with 0 +++ [pid 5085] <... umount2 resumed>) = 0 [pid 5085] umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./44/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] umount2("./44/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./44/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5085] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, [pid 6268] <... futex resumed>) = 0 [pid 6263] <... futex resumed>) = 1 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6260, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 6268] chdir("./file0" [pid 6263] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6256] <... write resumed>) = 262144 [pid 6254] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5085] getdents64(4, [pid 6268] <... chdir resumed>) = 0 [ 125.095899][ T5118] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 125.119648][ T5118] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6256] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6254] exit_group(0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5081] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6272] <... futex resumed>) = ? [pid 6268] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6256] <... futex resumed>) = ? [pid 6254] <... exit_group resumed>) = ? [pid 5085] close(4 [pid 6272] +++ exited with 0 +++ [pid 6268] <... futex resumed>) = 1 [pid 6256] +++ exited with 0 +++ [pid 6254] +++ exited with 0 +++ [pid 5085] <... close resumed>) = 0 [pid 6268] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] rmdir("./44/bus") = 0 [pid 5085] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5085] close(3 [pid 6263] <... futex resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6254, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6263] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] rmdir("./44" [pid 5081] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6268] <... futex resumed>) = 0 [pid 6263] <... futex resumed>) = 1 [pid 5085] <... rmdir resumed>) = 0 [pid 6268] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6263] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] mkdir("./45", 0777 [pid 5081] <... openat resumed>) = 3 [pid 5085] <... mkdir resumed>) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6268] <... openat resumed>) = 4 [pid 5085] <... openat resumed>) = 3 [pid 5082] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] fstat(3, [pid 6268] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] ioctl(3, LOOP_CLR_FD [pid 6268] <... futex resumed>) = 1 [pid 6263] <... futex resumed>) = 0 [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6268] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6263] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] close(3 [pid 5082] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5081] getdents64(3, [pid 6268] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6263] <... futex resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 6268] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6263] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5082] <... openat resumed>) = 3 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] fstat(3, [pid 5081] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6277 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] getdents64(3, [pid 5081] lstat("./45/binderfs", [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] unlink("./45/binderfs"./strace-static-x86_64: Process 6277 attached [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] <... unlink resumed>) = 0 [pid 6277] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 6277] chdir("./45") = 0 [pid 6277] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6277] setpgid(0, 0) = 0 [pid 6277] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6277] write(3, "1000", 4) = 4 [pid 6277] close(3) = 0 [pid 6277] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6277] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5082] lstat("./45/binderfs", [pid 6277] <... mmap resumed>) = 0x7f5659bc2000 [pid 5081] umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6277] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5082] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6277] <... mprotect resumed>) = 0 [pid 5082] unlink("./45/binderfs" [pid 6277] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5082] <... unlink resumed>) = 0 [pid 6277] <... clone resumed>, parent_tid=[6278], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6278 [ 125.153196][ T6269] ext4 filesystem being mounted at /root/syzkaller.22hR0w/45/bus supports timestamps until 2038 (0x7fffffff) [ 125.184156][ T5118] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [pid 6277] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6277] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6278 attached [pid 6278] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6278] memfd_create("syzkaller", 0) = 3 [pid 6278] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6278] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5082] umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6269] <... mount resumed>) = 0 [pid 6263] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6269] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6263] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6269] <... openat resumed>) = 3 [pid 6263] <... futex resumed>) = 0 [pid 6269] chdir("./bus" [pid 6263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6269] <... chdir resumed>) = 0 [pid 6263] <... mmap resumed>) = 0x7f56518a1000 [pid 6263] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 6269] ioctl(4, LOOP_CLR_FD [pid 6263] <... mprotect resumed>) = 0 [pid 6269] <... ioctl resumed>) = 0 [pid 6263] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6269] close(4) = 0 [pid 6263] <... clone resumed>, parent_tid=[6279], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 6279 [pid 6269] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6263] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6269] <... futex resumed>) = 1 [pid 6267] <... futex resumed>) = 0 [pid 6263] <... futex resumed>) = 0 [pid 6269] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6267] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6263] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6279 attached [pid 6269] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6267] <... futex resumed>) = 0 [pid 6279] set_robust_list(0x7f56518c19e0, 24 [pid 6269] chdir("./file0" [pid 6268] <... write resumed>) = 262144 [pid 6267] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6279] <... set_robust_list resumed>) = 0 [pid 6269] <... chdir resumed>) = 0 [pid 6268] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6269] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 125.202989][ T1062] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 125.221863][ T9] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 6269] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6267] <... futex resumed>) = 0 [pid 6279] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6268] <... futex resumed>) = 0 [pid 6267] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6269] <... futex resumed>) = 0 [pid 6267] <... futex resumed>) = 1 [pid 6269] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6268] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6267] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6279] <... mmap resumed>) = 0x20000000 [pid 6269] <... openat resumed>) = 4 [pid 6269] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6269] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6279] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6267] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6279] <... futex resumed>) = 1 [pid 6267] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6263] <... futex resumed>) = 0 [pid 6278] <... write resumed>) = 1048576 [pid 6278] munmap(0x7f56517c2000, 1048576 [pid 6269] <... futex resumed>) = 0 [pid 6267] <... futex resumed>) = 1 [ 125.249665][ T1062] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 125.265108][ T9] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 125.280022][ T5118] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 6263] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6269] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6267] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6263] <... futex resumed>) = 1 [pid 6279] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6268] <... futex resumed>) = 0 [pid 6263] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6268] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 6278] <... munmap resumed>) = 0 [pid 6278] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6278] ioctl(4, LOOP_SET_FD, 3 [pid 6268] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6263] <... futex resumed>) = 0 [ 125.294019][ T1062] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:6: mark_inode_dirty error [ 125.313548][ T27] audit: type=1800 audit(1678856076.715:273): pid=6268 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop3" ino=19 res=0 errno=0 [ 125.319521][ T5118] EXT4-fs (loop5): This should not happen!! Data will be lost [ 125.319521][ T5118] [ 125.340286][ T6278] loop4: detected capacity change from 0 to 2048 [pid 6268] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6267] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6263] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6267] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6263] <... futex resumed>) = 0 [pid 6267] <... futex resumed>) = 0 [pid 6263] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6267] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6269] <... write resumed>) = 262144 [pid 6267] <... mmap resumed>) = 0x7f56518a1000 [pid 6267] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6267] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6280], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 6280 [pid 6267] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6267] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6269] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6269] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6268] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6268] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL./strace-static-x86_64: Process 6280 attached ) = 0 [pid 6280] set_robust_list(0x7f56518c19e0, 24 [pid 6268] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6280] <... set_robust_list resumed>) = 0 [pid 6268] <... futex resumed>) = 1 [pid 6263] <... futex resumed>) = 0 [pid 6280] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6268] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6263] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6280] <... mmap resumed>) = 0x20000000 [pid 6268] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6263] <... futex resumed>) = 0 [pid 6280] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6263] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6280] <... futex resumed>) = 1 [pid 6267] <... futex resumed>) = 0 [pid 6280] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6267] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6269] <... futex resumed>) = 0 [pid 6267] <... futex resumed>) = 1 [pid 6269] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6267] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6269] <... open resumed>) = 5 [pid 6268] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6269] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6268] <... open resumed>) = 6 [pid 6267] <... futex resumed>) = 0 [pid 6269] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6268] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6267] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6269] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6268] <... futex resumed>) = 1 [pid 6267] <... futex resumed>) = 0 [pid 6263] <... futex resumed>) = 0 [pid 6269] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 6268] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6267] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6263] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6278] <... ioctl resumed>) = 0 [pid 6269] <... mount resumed>) = 0 [pid 6268] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6263] <... futex resumed>) = 0 [pid 6278] close(3 [pid 6269] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6263] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6278] <... close resumed>) = 0 [pid 6269] <... futex resumed>) = 1 [ 125.351730][ T9] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [ 125.351899][ T1062] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 6267] <... futex resumed>) = 0 [pid 6278] mkdir("./bus", 0777 [pid 6269] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6268] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6267] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6278] <... mkdir resumed>) = 0 [pid 6269] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6267] <... futex resumed>) = 0 [pid 6278] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6269] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6267] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6269] <... open resumed>) = 6 [pid 6269] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6267] <... futex resumed>) = 0 [pid 6269] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6267] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6269] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6267] <... futex resumed>) = 0 [ 125.401675][ T9] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 125.422911][ T27] audit: type=1800 audit(1678856076.785:274): pid=6269 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop2" ino=19 res=0 errno=0 [pid 6269] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6268] <... write resumed>) = 262144 [pid 6267] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6268] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6263] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6263] exit_group(0) = ? [pid 6269] <... write resumed>) = 262144 [pid 6269] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6267] <... futex resumed>) = 0 [pid 6269] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6267] exit_group(0 [pid 6280] <... futex resumed>) = ? [pid 6269] <... futex resumed>) = ? [pid 6267] <... exit_group resumed>) = ? [pid 6280] +++ exited with 0 +++ [pid 6269] +++ exited with 0 +++ [pid 6267] +++ exited with 0 +++ [pid 6279] <... futex resumed>) = ? [pid 6268] <... futex resumed>) = ? [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6267, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5083] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6268] +++ exited with 0 +++ [pid 5083] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5083] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] getdents64(3, [pid 6279] +++ exited with 0 +++ [pid 6263] +++ exited with 0 +++ [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6263, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5083] lstat("./45/binderfs", [pid 5084] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] unlink("./45/binderfs" [pid 5084] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] <... unlink resumed>) = 0 [pid 5084] <... openat resumed>) = 3 [pid 5083] umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW [ 125.432050][ T5118] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 125.457193][ T1062] EXT4-fs (loop0): This should not happen!! Data will be lost [ 125.457193][ T1062] [ 125.478595][ T948] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 125.493240][ T9] EXT4-fs (loop1): This should not happen!! Data will be lost [pid 5084] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [ 125.493240][ T9] [ 125.501167][ T1062] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 125.505916][ T948] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 125.516942][ T5118] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 125.532321][ T9] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 125.539799][ T1062] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 125.574485][ T948] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [ 125.581924][ T9] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 5084] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] lstat("./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5084] unlink("./46/binderfs") = 0 [pid 5084] umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6278] <... mount resumed>) = 0 [pid 6278] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6278] chdir("./bus") = 0 [pid 6278] ioctl(4, LOOP_CLR_FD) = 0 [pid 6278] close(4) = 0 [pid 6278] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6278] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6277] <... futex resumed>) = 0 [pid 6277] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6278] <... futex resumed>) = 0 [pid 6277] <... futex resumed>) = 1 [pid 6278] chdir("./file0" [pid 6277] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... umount2 resumed>) = 0 [pid 5081] umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] lstat("./45/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./45/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5081] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5081] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5081] close(4) = 0 [pid 5081] rmdir("./45/bus") = 0 [ 125.600072][ T6278] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/45/bus supports timestamps until 2038 (0x7fffffff) [ 125.600145][ T46] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 125.637284][ T948] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5081] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6278] <... chdir resumed>) = 0 [pid 6278] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6277] <... futex resumed>) = 0 [pid 5081] close(3 [pid 6278] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6277] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... umount2 resumed>) = 0 [pid 5081] <... close resumed>) = 0 [ 125.653177][ T46] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 125.663378][ T948] EXT4-fs (loop2): This should not happen!! Data will be lost [ 125.663378][ T948] [ 125.673490][ T46] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:3: mark_inode_dirty error [ 125.688024][ T948] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 6278] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6277] <... futex resumed>) = 0 [pid 5082] umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW [ 125.701605][ T46] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 125.718939][ T46] EXT4-fs (loop3): This should not happen!! Data will be lost [ 125.718939][ T46] [ 125.731341][ T948] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 5081] rmdir("./45" [pid 6278] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6277] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... umount2 resumed>) = 0 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] <... rmdir resumed>) = 0 [pid 5082] lstat("./45/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6278] <... openat resumed>) = 4 [pid 5086] umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] openat(AT_FDCWD, "./45/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5081] mkdir("./46", 0777 [pid 6278] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... openat resumed>) = 4 [pid 5081] <... mkdir resumed>) = 0 [pid 6278] <... futex resumed>) = 1 [pid 5086] lstat("./45/bus", [pid 5082] fstat(4, [pid 6277] <... futex resumed>) = 0 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6277] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6278] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6277] <... futex resumed>) = 0 [pid 5086] umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] getdents64(4, [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6277] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] getdents64(4, [pid 5086] openat(AT_FDCWD, "./45/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5081] <... openat resumed>) = 3 [pid 5086] <... openat resumed>) = 4 [pid 5082] close(4 [pid 5086] fstat(4, [pid 5082] <... close resumed>) = 0 [pid 5081] ioctl(3, LOOP_CLR_FD [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] rmdir("./45/bus") = 0 [pid 5086] getdents64(4, [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, [pid 5081] close(3 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5081] <... close resumed>) = 0 [ 125.731958][ T46] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 125.758647][ T46] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [pid 5086] close(4 [pid 5082] getdents64(3, [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5086] <... close resumed>) = 0 [pid 5086] rmdir("./45/bus" [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5086] <... rmdir resumed>) = 0 [pid 5082] close(3 [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6283 [pid 5086] getdents64(3, [pid 5082] <... close resumed>) = 0 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] rmdir("./45" [pid 5086] close(3) = 0 [pid 5083] <... umount2 resumed>) = 0 [pid 5082] <... rmdir resumed>) = 0 [pid 5086] rmdir("./45") = 0 [pid 5084] <... umount2 resumed>) = 0 [pid 5082] mkdir("./46", 0777 [pid 5084] umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] lstat("./46/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... mkdir resumed>) = 0 [pid 5086] mkdir("./46", 0777 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] openat(AT_FDCWD, "./46/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5084] fstat(4, [pid 5086] <... mkdir resumed>) = 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5086] <... openat resumed>) = 3 [pid 5082] <... openat resumed>) = 3 [pid 5086] ioctl(3, LOOP_CLR_FD [pid 5082] ioctl(3, LOOP_CLR_FD [pid 5084] getdents64(4, [pid 5082] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5086] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5082] close(3 [pid 5086] close(3 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5084] close(4) = 0 [pid 5082] <... close resumed>) = 0 [pid 6277] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5086] <... close resumed>) = 0 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6277] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6277] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6277] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] rmdir("./46/bus" [pid 6277] <... futex resumed>) = 0 [pid 6277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5084] <... rmdir resumed>) = 0 [pid 5084] getdents64(3, [pid 6277] <... mmap resumed>) = 0x7f56518a1000 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6277] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 5084] close(3 [pid 6277] <... mprotect resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 6277] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5084] rmdir("./46") = 0 [pid 6277] <... clone resumed>, parent_tid=[6285], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 6285 [pid 6277] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6277] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6284 [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6286 [pid 5084] mkdir("./47", 0777./strace-static-x86_64: Process 6283 attached ) = 0 ./strace-static-x86_64: Process 6285 attached ./strace-static-x86_64: Process 6284 attached [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6283] set_robust_list(0x555556f1a5e0, 24 [pid 6285] set_robust_list(0x7f56518c19e0, 24 [pid 6284] set_robust_list(0x555556f1a5e0, 24 [pid 6283] <... set_robust_list resumed>) = 0 [pid 5084] <... openat resumed>) = 3 [pid 6285] <... set_robust_list resumed>) = 0 [pid 6284] <... set_robust_list resumed>) = 0 [pid 5084] ioctl(3, LOOP_CLR_FD [pid 6283] chdir("./46" [pid 5083] umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6283] <... chdir resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6283] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5083] lstat("./45/bus", [pid 6283] <... prctl resumed>) = 0 [pid 6285] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6284] chdir("./46" [pid 6283] setpgid(0, 0 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6285] <... mmap resumed>) = 0x20000000 [pid 6284] <... chdir resumed>) = 0 [pid 6283] <... setpgid resumed>) = 0 [pid 5084] close(3 [pid 5083] umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6286 attached [pid 6285] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6284] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6278] <... write resumed>) = 237568 [pid 5084] <... close resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6285] <... futex resumed>) = 1 [pid 6284] <... prctl resumed>) = 0 [pid 6283] <... openat resumed>) = 3 [pid 6278] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6277] <... futex resumed>) = 0 [pid 5083] openat(AT_FDCWD, "./45/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6286] set_robust_list(0x555556f1a5e0, 24 [pid 6283] write(3, "1000", 4 [pid 6278] <... futex resumed>) = 0 [pid 6286] <... set_robust_list resumed>) = 0 [pid 6283] <... write resumed>) = 4 [pid 6278] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] <... openat resumed>) = 4 [pid 6286] chdir("./46" [pid 6285] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6284] setpgid(0, 0 [pid 6283] close(3 [pid 6277] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5083] fstat(4, [pid 6286] <... chdir resumed>) = 0 [pid 6284] <... setpgid resumed>) = 0 [pid 6283] <... close resumed>) = 0 [pid 6278] <... futex resumed>) = 0 [pid 6277] <... futex resumed>) = 1 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6286] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6283] symlink("/dev/binderfs", "./binderfs" [pid 6278] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6277] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6287 [pid 5083] getdents64(4, [pid 6286] <... prctl resumed>) = 0 [pid 6284] <... openat resumed>) = 3 [pid 6283] <... symlink resumed>) = 0 [pid 6278] <... open resumed>) = 5 [pid 6284] write(3, "1000", 4) = 4 [pid 6284] close(3) = 0 [pid 6284] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6284] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6286] setpgid(0, 0./strace-static-x86_64: Process 6287 attached ) = 0 [pid 6284] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6283] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6278] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] getdents64(4, [pid 6287] set_robust_list(0x555556f1a5e0, 24 [pid 6286] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6284] <... mprotect resumed>) = 0 [pid 6283] <... futex resumed>) = 0 [pid 6278] <... futex resumed>) = 1 [pid 6277] <... futex resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6287] <... set_robust_list resumed>) = 0 [pid 6286] <... openat resumed>) = 3 [pid 6284] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6278] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6277] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] close(4 [pid 6287] chdir("./47" [pid 6286] write(3, "1000", 4 [pid 6283] <... mmap resumed>) = 0x7f5659bc2000 [pid 6278] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6277] <... futex resumed>) = 0 [pid 5083] <... close resumed>) = 0 [pid 6287] <... chdir resumed>) = 0 [pid 6286] <... write resumed>) = 4 [pid 6284] <... clone resumed>, parent_tid=[6288], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6288 [pid 6283] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6278] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 6277] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] rmdir("./45/bus"./strace-static-x86_64: Process 6288 attached [pid 6287] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6286] close(3 [pid 6284] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6283] <... mprotect resumed>) = 0 [pid 6278] <... mount resumed>) = 0 [pid 6288] set_robust_list(0x7f5659be29e0, 24 [pid 6284] <... futex resumed>) = 0 [pid 5083] <... rmdir resumed>) = 0 [pid 6287] <... prctl resumed>) = 0 [pid 6286] <... close resumed>) = 0 [pid 6288] <... set_robust_list resumed>) = 0 [pid 6284] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6287] setpgid(0, 0 [pid 6283] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6278] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6286] symlink("/dev/binderfs", "./binderfs" [pid 5083] getdents64(3, [pid 6288] memfd_create("syzkaller", 0 [pid 6287] <... setpgid resumed>) = 0 [pid 6286] <... symlink resumed>) = 0 [pid 6278] <... futex resumed>) = 1 [pid 6277] <... futex resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6288] <... memfd_create resumed>) = 3 [pid 6277] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6288] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6286] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6283] <... clone resumed>, parent_tid=[6289], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6289 [pid 6278] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6277] <... futex resumed>) = 0 [pid 5083] close(3 [pid 6288] <... mmap resumed>) = 0x7f56517c2000 [pid 6287] <... openat resumed>) = 3 [pid 6286] <... futex resumed>) = 0 [pid 6283] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6278] <... open resumed>) = 6 [ 125.880562][ T27] audit: type=1800 audit(1678856077.285:275): pid=6278 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop4" ino=19 res=0 errno=0 [pid 6277] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... close resumed>) = 0 ./strace-static-x86_64: Process 6289 attached [pid 6288] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6287] write(3, "1000", 4 [pid 6286] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6283] <... futex resumed>) = 0 [pid 6278] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6277] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] rmdir("./45" [pid 6289] set_robust_list(0x7f5659be29e0, 24 [pid 6287] <... write resumed>) = 4 [pid 6286] <... mmap resumed>) = 0x7f5659bc2000 [pid 6283] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6278] <... futex resumed>) = 0 [pid 6277] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6289] <... set_robust_list resumed>) = 0 [pid 6287] close(3 [pid 6286] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6278] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6277] <... futex resumed>) = 0 [pid 5083] <... rmdir resumed>) = 0 [pid 6277] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6289] memfd_create("syzkaller", 0 [pid 6287] <... close resumed>) = 0 [pid 6286] <... mprotect resumed>) = 0 [pid 6289] <... memfd_create resumed>) = 3 [pid 6287] symlink("/dev/binderfs", "./binderfs" [pid 6286] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6278] <... write resumed>) = 237568 [pid 5083] mkdir("./46", 0777 [pid 6289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6287] <... symlink resumed>) = 0 [pid 6278] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6277] <... futex resumed>) = 0 [pid 5083] <... mkdir resumed>) = 0 [pid 6289] <... mmap resumed>) = 0x7f56517c2000 [pid 6287] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6286] <... clone resumed>, parent_tid=[6290], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6290 [pid 6278] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6277] exit_group(0 [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6285] <... futex resumed>) = ? [pid 6278] <... futex resumed>) = ? [pid 6277] <... exit_group resumed>) = ? [pid 6289] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6288] <... write resumed>) = 1048576 [pid 6287] <... futex resumed>) = 0 [pid 6286] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6285] +++ exited with 0 +++ [pid 6278] +++ exited with 0 +++ [pid 6277] +++ exited with 0 +++ [pid 5083] <... openat resumed>) = 3 [pid 6287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6286] <... futex resumed>) = 0 [pid 5083] ioctl(3, LOOP_CLR_FD [pid 6287] <... mmap resumed>) = 0x7f5659bc2000 [pid 6286] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6287] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6277, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6287] <... mprotect resumed>) = 0 [pid 5085] umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] close(3 [pid 6287] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] <... close resumed>) = 0 [pid 5085] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6290 attached [pid 6287] <... clone resumed>, parent_tid=[6291], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6291 [pid 5085] <... openat resumed>) = 3 [pid 6290] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6287] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] fstat(3, [pid 6290] memfd_create("syzkaller", 0 [pid 6287] <... futex resumed>) = 0 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6292 [pid 6290] <... memfd_create resumed>) = 3 [pid 6288] munmap(0x7f56517c2000, 1048576 [pid 6287] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5085] getdents64(3, ./strace-static-x86_64: Process 6292 attached [pid 6290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6288] <... munmap resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6292] set_robust_list(0x555556f1a5e0, 24 [pid 6290] <... mmap resumed>) = 0x7f56517c2000 [pid 6288] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5085] umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6292] <... set_robust_list resumed>) = 0 [pid 6290] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6291 attached [pid 6292] chdir("./46" [pid 6288] <... openat resumed>) = 4 [pid 5085] lstat("./45/binderfs", [pid 6292] <... chdir resumed>) = 0 [pid 6291] set_robust_list(0x7f5659be29e0, 24 [pid 6288] ioctl(4, LOOP_SET_FD, 3 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6292] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6291] <... set_robust_list resumed>) = 0 [pid 6288] <... ioctl resumed>) = 0 [pid 5085] unlink("./45/binderfs" [pid 6292] <... prctl resumed>) = 0 [pid 6291] memfd_create("syzkaller", 0 [pid 6292] setpgid(0, 0 [pid 5085] <... unlink resumed>) = 0 [pid 6291] <... memfd_create resumed>) = 3 [pid 6292] <... setpgid resumed>) = 0 [pid 5085] umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6290] <... write resumed>) = 1048576 [pid 6289] <... write resumed>) = 1048576 [pid 6292] <... openat resumed>) = 3 [pid 6292] write(3, "1000", 4) = 4 [pid 6292] close(3) = 0 [pid 6292] symlink("/dev/binderfs", "./binderfs" [pid 6288] close(3 [pid 6292] <... symlink resumed>) = 0 [pid 6288] <... close resumed>) = 0 [pid 6292] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6288] mkdir("./bus", 0777 [pid 6292] <... futex resumed>) = 0 [pid 6292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6288] <... mkdir resumed>) = 0 [pid 6292] <... mmap resumed>) = 0x7f5659bc2000 [pid 6288] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6292] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6291] <... mmap resumed>) = 0x7f56517c2000 [pid 6289] munmap(0x7f56517c2000, 1048576 [pid 6292] <... mprotect resumed>) = 0 [pid 6292] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6293], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6293 [pid 6292] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6292] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6293 attached [pid 6289] <... munmap resumed>) = 0 [pid 6289] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6289] ioctl(4, LOOP_SET_FD, 3 [ 126.012467][ T6288] loop1: detected capacity change from 0 to 2048 [ 126.036962][ T948] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 6293] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6293] memfd_create("syzkaller", 0) = 3 [pid 6293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6289] <... ioctl resumed>) = 0 [pid 6290] munmap(0x7f56517c2000, 1048576 [pid 6291] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6290] <... munmap resumed>) = 0 [pid 6293] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6290] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6289] close(3 [pid 6293] <... write resumed>) = 1048576 [pid 6291] <... write resumed>) = 1048576 [pid 6289] <... close resumed>) = 0 [pid 6293] munmap(0x7f56517c2000, 1048576 [pid 6291] munmap(0x7f56517c2000, 1048576 [ 126.062548][ T6289] loop0: detected capacity change from 0 to 2048 [ 126.084986][ T6288] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/46/bus supports timestamps until 2038 (0x7fffffff) [ 126.097184][ T948] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6289] mkdir("./bus", 0777 [pid 6293] <... munmap resumed>) = 0 [pid 6291] <... munmap resumed>) = 0 [pid 6290] <... openat resumed>) = 4 [pid 6289] <... mkdir resumed>) = 0 [pid 6288] <... mount resumed>) = 0 [pid 6293] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6291] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6289] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6288] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6293] <... openat resumed>) = 4 [pid 6291] <... openat resumed>) = 4 [pid 6288] <... openat resumed>) = 3 [pid 6293] ioctl(4, LOOP_SET_FD, 3 [pid 6291] ioctl(4, LOOP_SET_FD, 3 [pid 6288] chdir("./bus" [ 126.108590][ T948] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [ 126.113366][ T6293] loop2: detected capacity change from 0 to 2048 [ 126.121673][ T948] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 58 with error 117 [ 126.139788][ T948] EXT4-fs (loop4): This should not happen!! Data will be lost [ 126.139788][ T948] [ 126.150856][ T6291] loop3: detected capacity change from 0 to 2048 [pid 6290] ioctl(4, LOOP_SET_FD, 3 [pid 6291] <... ioctl resumed>) = 0 [pid 6288] <... chdir resumed>) = 0 [pid 6293] <... ioctl resumed>) = 0 [pid 6293] close(3) = 0 [pid 6293] mkdir("./bus", 0777) = 0 [pid 6293] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6288] ioctl(4, LOOP_CLR_FD [pid 6291] close(3) = 0 [pid 6290] <... ioctl resumed>) = 0 [pid 6288] <... ioctl resumed>) = 0 [pid 6291] mkdir("./bus", 0777 [pid 6290] close(3 [pid 6288] close(4 [pid 6291] <... mkdir resumed>) = 0 [pid 6290] <... close resumed>) = 0 [pid 6288] <... close resumed>) = 0 [pid 6291] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [ 126.152530][ T6290] loop5: detected capacity change from 0 to 2048 [ 126.159241][ T948] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 126.177873][ T948] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 6290] mkdir("./bus", 0777 [pid 6288] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6290] <... mkdir resumed>) = 0 [pid 6289] <... mount resumed>) = 0 [pid 6290] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6291] <... mount resumed>) = 0 [pid 6289] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6288] <... futex resumed>) = 1 [pid 6284] <... futex resumed>) = 0 [pid 6289] <... openat resumed>) = 3 [pid 6288] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6284] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6289] chdir("./bus" [pid 6284] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6293] <... mount resumed>) = 0 [pid 6291] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6289] <... chdir resumed>) = 0 [pid 6288] chdir("./file0" [pid 6293] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6291] <... openat resumed>) = 3 [pid 6289] ioctl(4, LOOP_CLR_FD [pid 6288] <... chdir resumed>) = 0 [pid 6293] <... openat resumed>) = 3 [pid 6291] chdir("./bus" [pid 6289] <... ioctl resumed>) = 0 [pid 6288] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... umount2 resumed>) = 0 [pid 6293] chdir("./bus" [pid 6291] <... chdir resumed>) = 0 [pid 6289] close(4 [pid 6288] <... futex resumed>) = 1 [pid 6284] <... futex resumed>) = 0 [pid 5085] umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6293] <... chdir resumed>) = 0 [pid 6291] ioctl(4, LOOP_CLR_FD [pid 6289] <... close resumed>) = 0 [pid 6288] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6284] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6293] ioctl(4, LOOP_CLR_FD [pid 6291] <... ioctl resumed>) = 0 [pid 6289] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6284] <... futex resumed>) = 0 [pid 5085] lstat("./45/bus", [pid 6293] <... ioctl resumed>) = 0 [pid 6291] close(4 [pid 6289] <... futex resumed>) = 1 [pid 6288] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6284] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6283] <... futex resumed>) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6293] close(4 [pid 6291] <... close resumed>) = 0 [pid 6289] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6288] <... openat resumed>) = 4 [pid 6283] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] umount2("./45/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6293] <... close resumed>) = 0 [pid 6291] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6289] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6288] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6283] <... futex resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6293] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... futex resumed>) = 1 [pid 6289] chdir("./file0" [pid 6288] <... futex resumed>) = 1 [pid 6287] <... futex resumed>) = 0 [pid 6284] <... futex resumed>) = 0 [pid 6283] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] openat(AT_FDCWD, "./45/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6293] <... futex resumed>) = 1 [pid 6292] <... futex resumed>) = 0 [pid 6291] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6289] <... chdir resumed>) = 0 [pid 6288] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6287] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6284] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... openat resumed>) = 4 [pid 6293] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6292] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6289] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6287] <... futex resumed>) = 0 [pid 6284] <... futex resumed>) = 0 [pid 5085] fstat(4, [pid 6293] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6292] <... futex resumed>) = 0 [pid 6291] chdir("./file0" [pid 6289] <... futex resumed>) = 1 [pid 6288] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6287] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6284] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6283] <... futex resumed>) = 0 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6293] chdir("./file0" [pid 6292] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6291] <... chdir resumed>) = 0 [ 126.205679][ T6289] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/46/bus supports timestamps until 2038 (0x7fffffff) [ 126.222427][ T6291] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/47/bus supports timestamps until 2038 (0x7fffffff) [ 126.238827][ T6293] ext4 filesystem being mounted at /root/syzkaller.22hR0w/46/bus supports timestamps until 2038 (0x7fffffff) [pid 6289] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6283] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] getdents64(4, [pid 6293] <... chdir resumed>) = 0 [pid 6291] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6289] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6283] <... futex resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6293] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... futex resumed>) = 1 [pid 6289] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6287] <... futex resumed>) = 0 [pid 6283] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] getdents64(4, [pid 6293] <... futex resumed>) = 1 [pid 6292] <... futex resumed>) = 0 [pid 6291] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6289] <... openat resumed>) = 4 [pid 6288] <... write resumed>) = 262144 [pid 6287] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6293] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6292] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6289] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6287] <... futex resumed>) = 0 [pid 5085] close(4 [pid 6292] <... futex resumed>) = 0 [pid 6291] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6288] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6287] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... close resumed>) = 0 [pid 6293] <... openat resumed>) = 4 [pid 6292] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6289] <... futex resumed>) = 1 [pid 6288] <... futex resumed>) = 0 [pid 6284] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6283] <... futex resumed>) = 0 [pid 5085] rmdir("./45/bus" [pid 6293] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... openat resumed>) = 4 [pid 6290] <... mount resumed>) = 0 [pid 6289] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6288] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6284] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6283] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6293] <... futex resumed>) = 1 [pid 6292] <... futex resumed>) = 0 [pid 6291] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6290] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6289] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6284] <... futex resumed>) = 0 [pid 6283] <... futex resumed>) = 0 [pid 5085] <... rmdir resumed>) = 0 [ 126.294012][ T6290] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/46/bus supports timestamps until 2038 (0x7fffffff) [pid 6293] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6292] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... futex resumed>) = 1 [pid 6290] <... openat resumed>) = 3 [pid 6289] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6288] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6287] <... futex resumed>) = 0 [pid 6284] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6283] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] getdents64(3, [pid 6293] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6292] <... futex resumed>) = 0 [pid 6291] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6290] chdir("./bus" [pid 6288] <... mmap resumed>) = 0x20000000 [pid 6287] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6293] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6292] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6291] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6290] <... chdir resumed>) = 0 [pid 6288] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6287] <... futex resumed>) = 0 [pid 5085] close(3 [pid 6288] <... futex resumed>) = 1 [pid 6284] <... futex resumed>) = 0 [pid 6288] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6284] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6290] ioctl(4, LOOP_CLR_FD [pid 6288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6287] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6284] <... futex resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 6293] <... write resumed>) = 262144 [pid 6290] <... ioctl resumed>) = 0 [pid 6289] <... write resumed>) = 262144 [pid 6288] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6284] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] rmdir("./45" [pid 6293] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6290] close(4 [pid 6293] <... futex resumed>) = 1 [pid 6289] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6293] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6289] <... futex resumed>) = 1 [pid 6283] <... futex resumed>) = 0 [pid 6289] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6288] <... open resumed>) = 5 [pid 6283] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6289] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6283] <... futex resumed>) = 0 [pid 6289] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6283] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6292] <... futex resumed>) = 0 [pid 6290] <... close resumed>) = 0 [pid 6289] <... mmap resumed>) = 0x20000000 [pid 5085] <... rmdir resumed>) = 0 [pid 6289] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6283] <... futex resumed>) = 0 [pid 6289] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6283] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6292] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6289] <... open resumed>) = 5 [pid 6283] <... futex resumed>) = 0 [pid 6290] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] mkdir("./46", 0777 [pid 6288] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6293] <... futex resumed>) = 0 [pid 6292] <... futex resumed>) = 1 [pid 6290] <... futex resumed>) = 1 [pid 6289] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6286] <... futex resumed>) = 0 [pid 6283] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6293] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6289] <... futex resumed>) = 0 [pid 6286] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] <... mkdir resumed>) = 0 [pid 6292] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6293] <... mmap resumed>) = 0x20000000 [pid 6290] chdir("./file0" [pid 6289] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6288] <... futex resumed>) = 1 [pid 6286] <... futex resumed>) = 0 [pid 6284] <... futex resumed>) = 0 [pid 6283] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6293] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6289] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6286] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6284] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6283] <... futex resumed>) = 0 [pid 6293] <... futex resumed>) = 1 [pid 6292] <... futex resumed>) = 0 [pid 6290] <... chdir resumed>) = 0 [pid 6289] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6288] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 6284] <... futex resumed>) = 0 [pid 6283] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... openat resumed>) = 3 [pid 6293] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6292] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... write resumed>) = 262144 [pid 6290] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6289] <... mount resumed>) = 0 [pid 6288] <... mount resumed>) = 0 [pid 6284] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] ioctl(3, LOOP_CLR_FD [pid 6293] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6292] <... futex resumed>) = 0 [pid 6290] <... futex resumed>) = 1 [pid 6289] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6288] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6286] <... futex resumed>) = 0 [pid 6284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6293] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6292] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6290] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6289] <... futex resumed>) = 1 [pid 6288] <... futex resumed>) = 0 [pid 6283] <... futex resumed>) = 0 [pid 6293] <... open resumed>) = 5 [pid 6290] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6289] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6286] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6284] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6288] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6283] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] close(3 [pid 6293] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6290] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6289] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6288] <... open resumed>) = 6 [pid 6286] <... futex resumed>) = 0 [pid 6284] <... futex resumed>) = 0 [pid 6283] <... futex resumed>) = 0 [pid 6293] <... futex resumed>) = 1 [pid 6292] <... futex resumed>) = 0 [pid 6289] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6283] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... close resumed>) = 0 [pid 6286] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6284] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6293] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6292] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6289] <... open resumed>) = 6 [pid 6288] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6293] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6289] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6293] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 6289] <... futex resumed>) = 1 [pid 6283] <... futex resumed>) = 0 [pid 6293] <... mount resumed>) = 0 [pid 6292] <... futex resumed>) = 0 [pid 6290] <... openat resumed>) = 4 [pid 6289] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6284] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6283] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6293] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6289] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6283] <... futex resumed>) = 0 [pid 6293] <... futex resumed>) = 0 [pid 6292] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6290] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6289] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6288] <... futex resumed>) = 0 [pid 6284] <... futex resumed>) = 0 [pid 6283] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6293] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6292] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6291] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6290] <... futex resumed>) = 1 [pid 6288] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6286] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6304 attached [pid 6304] set_robust_list(0x555556f1a5e0, 24 [pid 6284] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6304] <... set_robust_list resumed>) = 0 [pid 6304] chdir("./46") = 0 [pid 6304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6304] setpgid(0, 0 [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6304 [pid 6292] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6290] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6286] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6304] <... setpgid resumed>) = 0 [pid 6290] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6293] <... futex resumed>) = 0 [pid 6292] <... futex resumed>) = 1 [pid 6286] <... futex resumed>) = 0 [pid 6304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6293] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6304] <... openat resumed>) = 3 [pid 6293] <... open resumed>) = 6 [pid 6304] write(3, "1000", 4 [pid 6293] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6304] <... write resumed>) = 4 [pid 6293] <... futex resumed>) = 0 [pid 6304] close(3 [pid 6293] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6304] <... close resumed>) = 0 [pid 6304] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6304] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6304] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6292] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6290] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6286] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6292] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6289] <... write resumed>) = 262144 [pid 6304] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6305], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6305 [pid 6304] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6304] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6305 attached [pid 6305] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6305] memfd_create("syzkaller", 0) = 3 [pid 6305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6287] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6287] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6287] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6292] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6289] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6293] <... futex resumed>) = 0 [pid 6289] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6283] <... futex resumed>) = 0 [pid 6292] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6293] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6283] exit_group(0 [pid 6291] <... futex resumed>) = 1 [pid 6290] <... write resumed>) = 262144 [pid 6289] <... futex resumed>) = ? [pid 6288] <... write resumed>) = 262144 [pid 6287] <... futex resumed>) = 0 [pid 6283] <... exit_group resumed>) = ? [pid 6291] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6290] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6287] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=22000000} [pid 6288] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6293] <... write resumed>) = 262144 [pid 6293] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6293] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6289] +++ exited with 0 +++ [pid 6283] +++ exited with 0 +++ [pid 6292] <... futex resumed>) = 0 [pid 6290] <... futex resumed>) = 1 [pid 6286] <... futex resumed>) = 0 [pid 6286] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... mmap resumed>) = 0x20000000 [pid 6286] <... futex resumed>) = 0 [pid 6288] <... futex resumed>) = 1 [pid 6284] <... futex resumed>) = 0 [pid 6290] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6283, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6292] exit_group(0 [pid 6286] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6284] exit_group(0 [pid 6290] <... mmap resumed>) = 0x20000000 [pid 6288] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6284] <... exit_group resumed>) = ? [pid 6288] <... futex resumed>) = ? [pid 6293] <... futex resumed>) = ? [pid 6292] <... exit_group resumed>) = ? [pid 6293] +++ exited with 0 +++ [pid 6288] +++ exited with 0 +++ [pid 6284] +++ exited with 0 +++ [pid 6292] +++ exited with 0 +++ [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6284, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6291] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6290] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... futex resumed>) = 1 [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6292, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6287] <... futex resumed>) = 0 [pid 6291] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6290] <... futex resumed>) = 1 [pid 6287] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6286] <... futex resumed>) = 0 [pid 5083] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6287] <... futex resumed>) = 0 [pid 6286] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6291] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6290] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6287] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6286] <... futex resumed>) = 0 [pid 5083] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... openat resumed>) = 3 [pid 6291] <... open resumed>) = 5 [pid 6290] <... open resumed>) = 5 [pid 6286] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... openat resumed>) = 3 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] fstat(3, [pid 6305] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6291] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6290] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6286] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] fstat(3, [pid 5082] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6305] <... write resumed>) = 1048576 [pid 6291] <... futex resumed>) = 1 [pid 6290] <... futex resumed>) = 0 [pid 6287] <... futex resumed>) = 0 [pid 6286] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6291] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6290] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 6287] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6286] <... futex resumed>) = 0 [pid 5083] getdents64(3, [pid 5082] <... openat resumed>) = 3 [pid 5081] getdents64(3, [pid 6291] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6290] <... mount resumed>) = 0 [pid 6287] <... futex resumed>) = 0 [pid 6286] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] fstat(3, [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6291] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 6290] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6287] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6286] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6291] <... mount resumed>) = 0 [pid 6290] <... futex resumed>) = 0 [pid 6286] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] getdents64(3, [pid 6290] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6286] <... futex resumed>) = 0 [pid 6291] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6291] <... futex resumed>) = 1 [pid 6290] <... open resumed>) = 6 [pid 6287] <... futex resumed>) = 0 [pid 6286] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] lstat("./46/binderfs", [pid 5082] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] lstat("./46/binderfs", [pid 6291] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6290] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6287] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6286] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6291] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6290] <... futex resumed>) = 0 [pid 6287] <... futex resumed>) = 0 [pid 6286] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] unlink("./46/binderfs" [pid 5082] lstat("./46/binderfs", [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6291] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6290] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6287] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6286] <... futex resumed>) = 0 [pid 5083] <... unlink resumed>) = 0 [pid 5082] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5081] unlink("./46/binderfs" [pid 6305] munmap(0x7f56517c2000, 1048576) = 0 [pid 6305] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6305] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6286] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] unlink("./46/binderfs" [pid 5081] <... unlink resumed>) = 0 [pid 6291] <... open resumed>) = 6 [pid 5083] umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... unlink resumed>) = 0 [pid 5081] umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6291] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6290] <... write resumed>) = 262144 [pid 6291] <... futex resumed>) = 1 [pid 6290] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6287] <... futex resumed>) = 0 [pid 5082] umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6290] <... futex resumed>) = 1 [pid 6290] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6305] close(3) = 0 [pid 6305] mkdir("./bus", 0777) = 0 [ 126.509983][ T6305] loop4: detected capacity change from 0 to 2048 [ 126.525765][ T948] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 126.539378][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 6305] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6291] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6287] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6286] <... futex resumed>) = 0 [pid 6291] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6287] <... futex resumed>) = 0 [pid 6286] exit_group(0 [pid 6291] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6290] <... futex resumed>) = ? [pid 6287] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6286] <... exit_group resumed>) = ? [pid 6290] +++ exited with 0 +++ [pid 6286] +++ exited with 0 +++ [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6286, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5086] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5086] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5086] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6291] <... write resumed>) = 262144 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./46/binderfs", [pid 6291] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./46/binderfs" [pid 6291] <... futex resumed>) = 1 [pid 6287] <... futex resumed>) = 0 [pid 5086] <... unlink resumed>) = 0 [pid 6287] exit_group(0) = ? [ 126.555594][ T46] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 126.570459][ T9] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 126.572342][ T948] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 126.590828][ T46] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5086] umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6291] +++ exited with 0 +++ [pid 6287] +++ exited with 0 +++ [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6287, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5084] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5084] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [ 126.617453][ T9] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [ 126.630817][ T5118] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 126.644818][ T948] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [pid 5084] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5084] unlink("./47/binderfs") = 0 [pid 5084] umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6305] <... mount resumed>) = 0 [pid 6305] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6305] chdir("./bus") = 0 [pid 6305] ioctl(4, LOOP_CLR_FD) = 0 [pid 6305] close(4) = 0 [pid 6305] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6304] <... futex resumed>) = 0 [pid 6304] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6304] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6305] <... futex resumed>) = 1 [pid 6305] chdir("./file0") = 0 [ 126.664213][ T6305] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/46/bus supports timestamps until 2038 (0x7fffffff) [ 126.679276][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 126.691011][ T5118] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 126.701831][ T9] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 6305] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6304] <... futex resumed>) = 0 [pid 6304] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6304] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 126.712567][ T948] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 126.716087][ T46] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:3: mark_inode_dirty error [ 126.728210][ T948] EXT4-fs (loop2): This should not happen!! Data will be lost [ 126.728210][ T948] [ 126.749373][ T11] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6305] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6305] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6304] <... futex resumed>) = 0 [pid 6304] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6304] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 126.756984][ T5118] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [ 126.761685][ T948] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 126.783460][ T9] EXT4-fs (loop0): This should not happen!! Data will be lost [ 126.783460][ T9] [ 126.794345][ T948] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 6305] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 6305] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6304] <... futex resumed>) = 0 [pid 6304] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6304] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6305] <... futex resumed>) = 1 [pid 6305] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6305] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6304] <... futex resumed>) = 0 [pid 6304] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6304] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6305] <... futex resumed>) = 1 [pid 6305] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 6305] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6304] <... futex resumed>) = 0 [pid 6304] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6304] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6305] <... futex resumed>) = 1 [pid 6305] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL) = 0 [pid 6305] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6304] <... futex resumed>) = 0 [pid 6304] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6304] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6305] <... futex resumed>) = 1 [pid 6305] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 6305] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6304] <... futex resumed>) = 0 [pid 6304] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6304] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6305] <... futex resumed>) = 1 [ 126.794571][ T11] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 126.808808][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 126.837135][ T5083] EXT4-fs unmount: 220 callbacks suppressed [ 126.837156][ T5083] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.853042][ T46] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 6305] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6304] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5083] <... umount2 resumed>) = 0 [pid 5083] umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6305] <... write resumed>) = 262144 [pid 6305] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 126.855353][ T9] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 126.866772][ T5118] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 126.902557][ T46] EXT4-fs (loop1): This should not happen!! Data will be lost [ 126.902557][ T46] [pid 6305] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6304] exit_group(0) = ? [pid 6305] <... futex resumed>) = ? [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] lstat("./46/bus", [pid 6305] +++ exited with 0 +++ [pid 6304] +++ exited with 0 +++ [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6304, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] openat(AT_FDCWD, "./46/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] <... openat resumed>) = 4 [pid 5085] <... openat resumed>) = 3 [pid 5083] fstat(4, [pid 5085] fstat(3, [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, [pid 5083] getdents64(4, [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5085] umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [ 126.915008][ T5081] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.924117][ T11] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 126.937770][ T11] EXT4-fs (loop3): This should not happen!! Data will be lost [ 126.937770][ T11] [ 126.949399][ T46] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [pid 5083] getdents64(4, [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./46/binderfs", [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5083] close(4 [pid 5085] unlink("./46/binderfs" [pid 5083] <... close resumed>) = 0 [pid 5085] <... unlink resumed>) = 0 [pid 5083] rmdir("./46/bus" [pid 5085] umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... rmdir resumed>) = 0 [ 126.967471][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 126.982849][ T46] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:3: Invalid inode table block 0 in block_group 0 [ 126.983500][ T5118] EXT4-fs (loop5): This should not happen!! Data will be lost [ 126.983500][ T5118] [pid 5083] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5083] close(3) = 0 [pid 5083] rmdir("./46") = 0 [pid 5083] mkdir("./47", 0777 [pid 5081] <... umount2 resumed>) = 0 [pid 5083] <... mkdir resumed>) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5083] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5083] close(3) = 0 [ 127.008104][ T9] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 127.022392][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 127.040217][ T5082] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.060311][ T9] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6308 attached [pid 5082] <... umount2 resumed>) = 0 [pid 5081] umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6308 [pid 6308] set_robust_list(0x555556f1a5e0, 24 [pid 5082] umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6308] <... set_robust_list resumed>) = 0 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] lstat("./46/bus", [pid 6308] chdir("./47" [pid 5082] lstat("./46/bus", [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6308] <... chdir resumed>) = 0 [pid 6308] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5082] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6308] <... prctl resumed>) = 0 [pid 5082] umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6308] setpgid(0, 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6308] <... setpgid resumed>) = 0 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./46/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5084] <... umount2 resumed>) = 0 [pid 5082] openat(AT_FDCWD, "./46/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5081] <... openat resumed>) = 4 [pid 5084] umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] lstat("./47/bus", [pid 6308] <... openat resumed>) = 3 [pid 5082] <... openat resumed>) = 4 [pid 5081] fstat(4, [pid 5082] fstat(4, [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6308] write(3, "1000", 4 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] getdents64(4, [pid 6308] <... write resumed>) = 4 [ 127.061409][ T5084] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.072077][ T5118] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 127.106263][ T9] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [pid 6308] close(3 [pid 5082] getdents64(4, [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] openat(AT_FDCWD, "./47/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6308] <... close resumed>) = 0 [pid 5084] fstat(4, [pid 5082] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6308] symlink("/dev/binderfs", "./binderfs" [pid 5081] getdents64(4, [pid 5082] getdents64(4, [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5084] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5084] close(4) = 0 [pid 5084] rmdir("./47/bus" [pid 6308] <... symlink resumed>) = 0 [pid 5084] <... rmdir resumed>) = 0 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6308] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] close(4 [pid 5081] close(4 [pid 6308] <... futex resumed>) = 0 [pid 6308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5082] <... close resumed>) = 0 [pid 5081] <... close resumed>) = 0 [pid 5084] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5084] close(3) = 0 [pid 5084] rmdir("./47") = 0 [pid 5084] mkdir("./48", 0777) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6308] <... mmap resumed>) = 0x7f5659bc2000 [pid 5082] rmdir("./46/bus" [pid 5081] rmdir("./46/bus" [pid 5084] <... openat resumed>) = 3 [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5082] <... rmdir resumed>) = 0 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5084] close(3 [pid 6308] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5084] <... close resumed>) = 0 [pid 5082] getdents64(3, [pid 5081] <... rmdir resumed>) = 0 [ 127.121180][ T9] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 127.135015][ T9] EXT4-fs (loop4): This should not happen!! Data will be lost [ 127.135015][ T9] [ 127.149265][ T9] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 6309 [pid 6308] <... mprotect resumed>) = 0 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5081] getdents64(3, [pid 5082] close(3 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6308] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5081] close(3 [pid 5082] <... close resumed>) = 0 [pid 5082] rmdir("./46" [pid 5081] <... close resumed>) = 0 ./strace-static-x86_64: Process 6309 attached [pid 5082] <... rmdir resumed>) = 0 [pid 6308] <... clone resumed>, parent_tid=[6310], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6310 [pid 5081] rmdir("./46" [pid 6308] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] mkdir("./47", 0777 [pid 6309] set_robust_list(0x555556f1a5e0, 24 [pid 6308] <... futex resumed>) = 0 [pid 5081] <... rmdir resumed>) = 0 [pid 6309] <... set_robust_list resumed>) = 0 [pid 6309] chdir("./48" [pid 6308] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5082] <... mkdir resumed>) = 0 [pid 5081] mkdir("./47", 0777 [pid 6309] <... chdir resumed>) = 0 [pid 6309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5081] <... mkdir resumed>) = 0 [pid 6309] setpgid(0, 0) = 0 [ 127.166066][ T9] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 127.191635][ T5118] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 127.192516][ T5085] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 6309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 6310 attached [pid 6309] <... openat resumed>) = 3 [pid 5082] <... openat resumed>) = 3 [pid 6310] set_robust_list(0x7f5659be29e0, 24 [pid 6309] write(3, "1000", 4 [pid 5081] <... openat resumed>) = 3 [pid 6310] <... set_robust_list resumed>) = 0 [pid 6309] <... write resumed>) = 4 [pid 5082] ioctl(3, LOOP_CLR_FD [pid 5081] ioctl(3, LOOP_CLR_FD [pid 6310] memfd_create("syzkaller", 0 [pid 6309] close(3 [pid 6310] <... memfd_create resumed>) = 3 [pid 6309] <... close resumed>) = 0 [pid 5082] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6309] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5082] close(3 [pid 5081] close(3 [pid 6310] <... mmap resumed>) = 0x7f56517c2000 [pid 6309] <... mmap resumed>) = 0x7f5659bc2000 [pid 6309] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5082] <... close resumed>) = 0 [pid 5081] <... close resumed>) = 0 [pid 6309] <... mprotect resumed>) = 0 [pid 6309] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6311], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6311 [pid 6309] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6309] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6310] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 6313 [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6312 ./strace-static-x86_64: Process 6311 attached [ 127.209063][ T5086] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 6311] set_robust_list(0x7f5659be29e0, 24./strace-static-x86_64: Process 6313 attached ) = 0 [pid 5086] <... umount2 resumed>) = 0 [pid 6313] set_robust_list(0x555556f1a5e0, 24 [pid 6311] memfd_create("syzkaller", 0./strace-static-x86_64: Process 6312 attached [pid 6313] <... set_robust_list resumed>) = 0 [pid 6311] <... memfd_create resumed>) = 3 [pid 6313] chdir("./47" [pid 6312] set_robust_list(0x555556f1a5e0, 24 [pid 6311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6313] <... chdir resumed>) = 0 [pid 6312] <... set_robust_list resumed>) = 0 [pid 6311] <... mmap resumed>) = 0x7f56517c2000 [pid 6313] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6312] chdir("./47" [pid 6311] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6310] <... write resumed>) = 1048576 [pid 5085] <... umount2 resumed>) = 0 [pid 6313] <... prctl resumed>) = 0 [pid 6312] <... chdir resumed>) = 0 [pid 6310] munmap(0x7f56517c2000, 1048576 [pid 5085] umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6313] setpgid(0, 0 [pid 6312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6310] <... munmap resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6313] <... setpgid resumed>) = 0 [pid 6312] setpgid(0, 0 [pid 5086] umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6310] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5085] lstat("./46/bus", [pid 6313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6312] <... setpgid resumed>) = 0 [pid 6313] <... openat resumed>) = 3 [pid 6312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6310] <... openat resumed>) = 4 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6313] write(3, "1000", 4 [pid 6312] <... openat resumed>) = 3 [pid 6310] ioctl(4, LOOP_SET_FD, 3 [pid 5086] lstat("./46/bus", [pid 5085] umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6313] <... write resumed>) = 4 [pid 6312] write(3, "1000", 4 [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6312] <... write resumed>) = 4 [pid 5086] umount2("./46/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6312] close(3 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6312] <... close resumed>) = 0 [pid 5086] openat(AT_FDCWD, "./46/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6313] close(3 [pid 6312] symlink("/dev/binderfs", "./binderfs" [pid 5086] <... openat resumed>) = 4 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6313] <... close resumed>) = 0 [pid 6312] <... symlink resumed>) = 0 [pid 6310] <... ioctl resumed>) = 0 [pid 5086] fstat(4, [pid 5085] openat(AT_FDCWD, "./46/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6313] symlink("/dev/binderfs", "./binderfs" [pid 6312] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6311] <... write resumed>) = 1048576 [pid 6310] close(3 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] <... openat resumed>) = 4 [pid 6313] <... symlink resumed>) = 0 [pid 6312] <... futex resumed>) = 0 [pid 6311] munmap(0x7f56517c2000, 1048576 [pid 6310] <... close resumed>) = 0 [pid 5086] getdents64(4, [pid 5085] fstat(4, [pid 6313] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6311] <... munmap resumed>) = 0 [pid 6310] mkdir("./bus", 0777 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6313] <... futex resumed>) = 0 [pid 6312] <... mmap resumed>) = 0x7f5659bc2000 [pid 6311] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6310] <... mkdir resumed>) = 0 [pid 5086] getdents64(4, [pid 5085] getdents64(4, [pid 6313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6312] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6311] <... openat resumed>) = 4 [pid 6310] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5086] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6313] <... mmap resumed>) = 0x7f5659bc2000 [pid 6312] <... mprotect resumed>) = 0 [pid 6311] ioctl(4, LOOP_SET_FD, 3 [pid 5086] close(4 [pid 5085] getdents64(4, [pid 6313] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6312] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5086] <... close resumed>) = 0 [pid 5086] rmdir("./46/bus" [pid 6312] <... clone resumed>, parent_tid=[6314], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6314 [pid 5086] <... rmdir resumed>) = 0 [pid 6312] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] getdents64(3, [pid 6312] <... futex resumed>) = 0 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6312] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5086] close(3 [pid 6313] <... mprotect resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6313] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5086] rmdir("./46" [pid 5085] close(4./strace-static-x86_64: Process 6315 attached ./strace-static-x86_64: Process 6314 attached [pid 6311] <... ioctl resumed>) = 0 [pid 5086] <... rmdir resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 6315] set_robust_list(0x7f5659be29e0, 24 [pid 6314] set_robust_list(0x7f5659be29e0, 24 [pid 6313] <... clone resumed>, parent_tid=[6315], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6315 [pid 6311] close(3 [ 127.310336][ T6310] loop2: detected capacity change from 0 to 2048 [ 127.347785][ T6311] loop3: detected capacity change from 0 to 2048 [pid 5086] mkdir("./47", 0777 [pid 5085] rmdir("./46/bus" [pid 5086] <... mkdir resumed>) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5086] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5086] close(3 [pid 6315] <... set_robust_list resumed>) = 0 [pid 6314] <... set_robust_list resumed>) = 0 [pid 6313] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6311] <... close resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5085] <... rmdir resumed>) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6315] memfd_create("syzkaller", 0 [pid 6314] memfd_create("syzkaller", 0 [pid 6313] <... futex resumed>) = 0 [pid 6311] mkdir("./bus", 0777 [pid 5085] getdents64(3, [pid 6310] <... mount resumed>) = 0 [pid 6315] <... memfd_create resumed>) = 3 [pid 6314] <... memfd_create resumed>) = 3 [pid 6313] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6318 ./strace-static-x86_64: Process 6318 attached [pid 6315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6311] <... mkdir resumed>) = 0 [pid 6310] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6318] set_robust_list(0x555556f1a5e0, 24 [pid 6315] <... mmap resumed>) = 0x7f56517c2000 [pid 6314] <... mmap resumed>) = 0x7f56517c2000 [pid 6311] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5085] close(3 [pid 6310] <... openat resumed>) = 3 [pid 6318] <... set_robust_list resumed>) = 0 [pid 6318] chdir("./47") = 0 [pid 6318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6318] setpgid(0, 0) = 0 [pid 6318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6318] write(3, "1000", 4) = 4 [pid 6318] close(3) = 0 [pid 6318] symlink("/dev/binderfs", "./binderfs" [pid 6315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5085] <... close resumed>) = 0 [pid 6310] chdir("./bus" [pid 5085] rmdir("./46" [pid 6310] <... chdir resumed>) = 0 [pid 5085] <... rmdir resumed>) = 0 [pid 5085] mkdir("./47", 0777 [pid 6310] ioctl(4, LOOP_CLR_FD [pid 5085] <... mkdir resumed>) = 0 [pid 6310] <... ioctl resumed>) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6310] close(4 [pid 5085] <... openat resumed>) = 3 [pid 6310] <... close resumed>) = 0 [pid 5085] ioctl(3, LOOP_CLR_FD [pid 6310] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6318] <... symlink resumed>) = 0 [pid 6314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6310] <... futex resumed>) = 1 [pid 6308] <... futex resumed>) = 0 [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6318] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6310] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6308] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] close(3 [pid 6318] <... futex resumed>) = 0 [pid 6310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6308] <... futex resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 6310] chdir("./file0" [pid 6308] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [ 127.362356][ T6310] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 127.375876][ T6310] ext4 filesystem being mounted at /root/syzkaller.22hR0w/47/bus supports timestamps until 2038 (0x7fffffff) [pid 6318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6310] <... chdir resumed>) = 0 [pid 6318] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6310] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6321 [pid 6318] <... mprotect resumed>) = 0 [pid 6310] <... futex resumed>) = 1 [pid 6308] <... futex resumed>) = 0 [pid 6310] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6308] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6318] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6308] <... futex resumed>) = 0 [pid 6310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6308] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6321 attached [pid 6321] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 6321] chdir("./47") = 0 [pid 6321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6321] setpgid(0, 0) = 0 [pid 6321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6321] write(3, "1000", 4) = 4 [pid 6321] close(3) = 0 [pid 6321] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6321] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6321] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6321] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6321] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6322], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6322 [pid 6321] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6321] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6322 attached [pid 6322] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6322] memfd_create("syzkaller", 0) = 3 [pid 6322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6322] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6310] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 6318] <... clone resumed>, parent_tid=[6323], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6323 [pid 6310] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6318] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6318] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6308] <... futex resumed>) = 0 [pid 6310] <... futex resumed>) = 1 [pid 6308] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6310] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6308] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6314] <... write resumed>) = 1048576 [ 127.435334][ T6311] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 6314] munmap(0x7f56517c2000, 1048576) = 0 [pid 6314] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6314] ioctl(4, LOOP_SET_FD, 3 [pid 6315] <... write resumed>) = 1048576 [pid 6314] <... ioctl resumed>) = 0 [pid 6314] close(3) = 0 [pid 6314] mkdir("./bus", 0777 [pid 6315] munmap(0x7f56517c2000, 1048576./strace-static-x86_64: Process 6323 attached ) = 0 [pid 6323] set_robust_list(0x7f5659be29e0, 24 [pid 6315] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6323] <... set_robust_list resumed>) = 0 [pid 6323] memfd_create("syzkaller", 0 [pid 6315] <... openat resumed>) = 4 [pid 6314] <... mkdir resumed>) = 0 [pid 6323] <... memfd_create resumed>) = 3 [pid 6315] ioctl(4, LOOP_SET_FD, 3 [ 127.475594][ T6314] loop1: detected capacity change from 0 to 2048 [ 127.510146][ T6311] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/48/bus supports timestamps until 2038 (0x7fffffff) [pid 6314] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6308] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6308] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6311] <... mount resumed>) = 0 [pid 6311] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6311] chdir("./bus") = 0 [pid 6311] ioctl(4, LOOP_CLR_FD) = 0 [pid 6311] close(4 [pid 6308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6323] <... mmap resumed>) = 0x7f56517c2000 [pid 6308] <... mmap resumed>) = 0x7f56518a1000 [pid 6308] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6308] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6310] <... write resumed>) = 262144 [pid 6308] <... clone resumed>, parent_tid=[6324], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 6324 [pid 6308] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6310] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6310] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6315] <... ioctl resumed>) = 0 [pid 6311] <... close resumed>) = 0 [pid 6315] close(3) = 0 [pid 6315] mkdir("./bus", 0777 [pid 6311] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6309] <... futex resumed>) = 0 [pid 6309] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6309] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6311] chdir("./file0") = 0 [pid 6311] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6324 attached [ 127.523114][ T6315] loop0: detected capacity change from 0 to 2048 [pid 6323] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6322] <... write resumed>) = 1048576 [pid 6311] <... futex resumed>) = 1 [pid 6315] <... mkdir resumed>) = 0 [pid 6309] <... futex resumed>) = 0 [pid 6311] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6309] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6315] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6324] set_robust_list(0x7f56518c19e0, 24 [pid 6309] <... futex resumed>) = 0 [pid 6309] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6324] <... set_robust_list resumed>) = 0 [pid 6322] munmap(0x7f56517c2000, 1048576 [pid 6311] <... openat resumed>) = 4 [pid 6324] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6311] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] <... futex resumed>) = 0 [pid 6309] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6311] <... futex resumed>) = 1 [pid 6309] <... futex resumed>) = 0 [pid 6309] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6311] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6324] <... mmap resumed>) = 0x20000000 [pid 6323] <... write resumed>) = 1048576 [pid 6324] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6322] <... munmap resumed>) = 0 [pid 6308] <... futex resumed>) = 0 [pid 6324] <... futex resumed>) = 1 [pid 6322] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6308] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6324] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6310] <... futex resumed>) = 0 [pid 6308] <... futex resumed>) = 1 [pid 6322] <... openat resumed>) = 4 [pid 6310] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6308] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6322] ioctl(4, LOOP_SET_FD, 3 [pid 6310] <... open resumed>) = 5 [pid 6323] munmap(0x7f56517c2000, 1048576 [pid 6310] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6323] <... munmap resumed>) = 0 [pid 6310] <... futex resumed>) = 1 [pid 6310] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6323] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 6323] ioctl(4, LOOP_SET_FD, 3 [pid 6322] <... ioctl resumed>) = 0 [pid 6308] <... futex resumed>) = 0 [pid 6322] close(3 [pid 6308] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6310] <... futex resumed>) = 0 [pid 6308] <... futex resumed>) = 1 [pid 6322] <... close resumed>) = 0 [pid 6310] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 6308] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6322] mkdir("./bus", 0777 [pid 6310] <... mount resumed>) = 0 [pid 6310] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6310] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6323] <... ioctl resumed>) = 0 [pid 6308] <... futex resumed>) = 0 [pid 6308] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6323] close(3) = 0 [pid 6308] <... futex resumed>) = 1 [pid 6310] <... futex resumed>) = 0 [pid 6308] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6310] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 6310] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6308] <... futex resumed>) = 0 [pid 6308] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6310] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6323] mkdir("./bus", 0777) = 0 [pid 6323] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6310] <... write resumed>) = 262144 [pid 6311] <... write resumed>) = 262144 [pid 6311] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6311] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6322] <... mkdir resumed>) = 0 [ 127.592898][ T6322] loop4: detected capacity change from 0 to 2048 [ 127.595599][ T6323] loop5: detected capacity change from 0 to 2048 [ 127.615016][ T6315] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 6322] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6310] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] <... futex resumed>) = 0 [pid 6310] <... futex resumed>) = 1 [pid 6309] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6308] <... futex resumed>) = 0 [pid 6310] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6309] <... futex resumed>) = 1 [pid 6308] exit_group(0 [pid 6309] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6310] <... futex resumed>) = ? [pid 6324] <... futex resumed>) = ? [pid 6308] <... exit_group resumed>) = ? [pid 6311] <... futex resumed>) = 0 [pid 6324] +++ exited with 0 +++ [pid 6311] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6310] +++ exited with 0 +++ [pid 6308] +++ exited with 0 +++ [pid 6314] <... mount resumed>) = 0 [pid 6314] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6314] chdir("./bus") = 0 [pid 6314] ioctl(4, LOOP_CLR_FD) = 0 [pid 6311] <... mmap resumed>) = 0x20000000 [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6308, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6314] close(4) = 0 [pid 6311] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] restart_syscall(<... resuming interrupted clone ...> [pid 6314] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... restart_syscall resumed>) = 0 [pid 6314] <... futex resumed>) = 1 [pid 6314] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6315] <... mount resumed>) = 0 [pid 6315] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6312] <... futex resumed>) = 0 [pid 6311] <... futex resumed>) = 1 [pid 6309] <... futex resumed>) = 0 [pid 6312] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6312] <... futex resumed>) = 1 [pid 6309] <... futex resumed>) = 0 [pid 5083] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6312] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6311] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6309] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6314] <... futex resumed>) = 0 [pid 6314] chdir("./file0") = 0 [pid 5083] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6314] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6315] <... openat resumed>) = 3 [pid 6315] chdir("./bus" [pid 6311] <... open resumed>) = 5 [pid 6314] <... futex resumed>) = 1 [pid 6312] <... futex resumed>) = 0 [pid 6312] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... openat resumed>) = 3 [pid 6314] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6312] <... futex resumed>) = 0 [pid 6311] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] fstat(3, [pid 6315] <... chdir resumed>) = 0 [pid 6315] ioctl(4, LOOP_CLR_FD) = 0 [pid 6315] close(4) = 0 [pid 6312] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6315] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] getdents64(3, [pid 6313] <... futex resumed>) = 0 [pid 6315] <... futex resumed>) = 1 [pid 6313] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6315] chdir("./file0" [pid 6313] <... futex resumed>) = 0 [pid 6313] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6315] <... chdir resumed>) = 0 [ 127.634374][ T6314] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 127.639583][ T6315] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/47/bus supports timestamps until 2038 (0x7fffffff) [ 127.660334][ T6314] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/47/bus supports timestamps until 2038 (0x7fffffff) [pid 6314] <... openat resumed>) = 4 [pid 6311] <... futex resumed>) = 1 [pid 6309] <... futex resumed>) = 0 [pid 5083] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6315] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6314] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6311] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6309] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6315] <... futex resumed>) = 1 [pid 6314] <... futex resumed>) = 1 [pid 6313] <... futex resumed>) = 0 [pid 6312] <... futex resumed>) = 0 [pid 6311] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6309] <... futex resumed>) = 0 [pid 5083] lstat("./47/binderfs", [pid 6315] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6314] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6313] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6312] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6311] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 6309] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6315] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6314] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6313] <... futex resumed>) = 0 [pid 6312] <... futex resumed>) = 0 [ 127.692689][ T6323] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 6311] <... mount resumed>) = 0 [pid 5083] unlink("./47/binderfs" [pid 6315] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6314] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6313] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6312] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6311] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... unlink resumed>) = 0 [pid 6315] <... openat resumed>) = 4 [pid 6311] <... futex resumed>) = 1 [pid 6309] <... futex resumed>) = 0 [pid 5083] umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6315] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6311] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6309] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6311] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 127.735865][ T6322] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 127.736104][ T6323] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/47/bus supports timestamps until 2038 (0x7fffffff) [ 127.763550][ T5118] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [pid 6315] <... futex resumed>) = 1 [pid 6314] <... write resumed>) = 262144 [pid 6311] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6309] <... futex resumed>) = 0 [pid 6315] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6314] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6313] <... futex resumed>) = 0 [pid 6311] <... open resumed>) = 6 [pid 6309] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6314] <... futex resumed>) = 1 [pid 6313] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6311] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6315] <... futex resumed>) = 0 [pid 6314] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6313] <... futex resumed>) = 1 [pid 6311] <... futex resumed>) = 1 [pid 6309] <... futex resumed>) = 0 [pid 6315] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6313] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6311] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6309] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6312] <... futex resumed>) = 0 [pid 6309] <... futex resumed>) = 0 [pid 6309] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6312] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6314] <... futex resumed>) = 0 [pid 6312] <... futex resumed>) = 1 [pid 6314] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6314] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6314] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6312] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6312] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6314] <... futex resumed>) = 0 [pid 6312] <... futex resumed>) = 1 [pid 6314] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6312] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6311] <... write resumed>) = 262144 [pid 6314] <... open resumed>) = 5 [pid 6311] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6314] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6311] <... futex resumed>) = 1 [pid 6309] <... futex resumed>) = 0 [pid 6314] <... futex resumed>) = 1 [pid 6312] <... futex resumed>) = 0 [pid 6311] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6309] exit_group(0 [pid 6314] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6312] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6311] <... futex resumed>) = ? [ 127.768286][ T6322] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/47/bus supports timestamps until 2038 (0x7fffffff) [ 127.785177][ T5118] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 127.798760][ T5118] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [ 127.814220][ T5118] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 127.826766][ T5118] EXT4-fs (loop2): This should not happen!! Data will be lost [ 127.826766][ T5118] [pid 6309] <... exit_group resumed>) = ? [pid 6315] <... write resumed>) = 262144 [pid 6314] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6312] <... futex resumed>) = 0 [pid 6311] +++ exited with 0 +++ [pid 6309] +++ exited with 0 +++ [pid 6313] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6323] <... mount resumed>) = 0 [pid 6315] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6314] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 6313] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6312] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6309, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6323] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6322] <... mount resumed>) = 0 [pid 6315] <... futex resumed>) = 0 [pid 6314] <... mount resumed>) = 0 [pid 6313] <... futex resumed>) = 0 [pid 6323] <... openat resumed>) = 3 [pid 6322] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6323] chdir("./bus" [pid 6322] <... openat resumed>) = 3 [pid 6323] <... chdir resumed>) = 0 [pid 6322] chdir("./bus" [pid 6323] ioctl(4, LOOP_CLR_FD [pid 6322] <... chdir resumed>) = 0 [pid 6323] <... ioctl resumed>) = 0 [pid 6322] ioctl(4, LOOP_CLR_FD [pid 6314] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6313] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6323] close(4 [pid 6322] <... ioctl resumed>) = 0 [pid 6314] <... futex resumed>) = 1 [pid 6312] <... futex resumed>) = 0 [pid 6323] <... close resumed>) = 0 [pid 6322] close(4 [pid 6323] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6322] <... close resumed>) = 0 [pid 6323] <... futex resumed>) = 1 [pid 6322] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6318] <... futex resumed>) = 0 [pid 6323] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6322] <... futex resumed>) = 1 [pid 6318] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6323] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6322] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6318] <... futex resumed>) = 0 [pid 6323] chdir("./file0" [pid 6318] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6323] <... chdir resumed>) = 0 [pid 6323] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6318] <... futex resumed>) = 0 [pid 6323] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6318] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6323] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6318] <... futex resumed>) = 0 [pid 6323] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6318] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6323] <... openat resumed>) = 4 [pid 6323] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6318] <... futex resumed>) = 0 [pid 6323] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6318] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6323] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6318] <... futex resumed>) = 0 [pid 6323] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6318] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6323] <... write resumed>) = 262144 [pid 6321] <... futex resumed>) = 0 [pid 6315] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6314] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6312] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6321] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6323] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6318] <... futex resumed>) = 0 [pid 6318] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6318] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6323] <... futex resumed>) = 1 [pid 6315] <... mmap resumed>) = 0x20000000 [pid 6314] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6312] <... futex resumed>) = 0 [pid 6322] <... futex resumed>) = 0 [pid 6321] <... futex resumed>) = 1 [pid 6314] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6312] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6322] chdir("./file0" [pid 6321] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6315] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6314] <... open resumed>) = 6 [pid 6314] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6322] <... chdir resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6322] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6315] <... futex resumed>) = 1 [pid 6314] <... futex resumed>) = 1 [pid 6313] <... futex resumed>) = 0 [pid 6312] <... futex resumed>) = 0 [pid 5084] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6323] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6322] <... futex resumed>) = 1 [pid 6322] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6321] <... futex resumed>) = 0 [pid 6315] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6314] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6313] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6312] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... openat resumed>) = 3 [pid 6323] <... mmap resumed>) = 0x20000000 [pid 6321] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6323] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6318] <... futex resumed>) = 0 [pid 6323] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6318] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6313] <... futex resumed>) = 0 [pid 6318] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6313] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6323] <... open resumed>) = 5 [pid 6322] <... futex resumed>) = 0 [pid 6321] <... futex resumed>) = 1 [pid 6312] <... futex resumed>) = 0 [pid 5084] fstat(3, [pid 6323] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6318] <... futex resumed>) = 0 [pid 6323] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 6318] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6312] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6321] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6315] <... open resumed>) = 5 [pid 6323] <... mount resumed>) = 0 [pid 6322] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6318] <... futex resumed>) = 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6323] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6318] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6323] <... futex resumed>) = 0 [pid 6318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6323] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6318] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] getdents64(3, [pid 6323] <... open resumed>) = 6 [pid 6318] <... futex resumed>) = 0 [pid 6323] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6318] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6323] <... futex resumed>) = 0 [pid 6318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6323] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6318] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6323] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6322] <... openat resumed>) = 4 [pid 6318] <... futex resumed>) = 0 [pid 6315] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6323] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 127.838066][ T5118] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 127.851934][ T5118] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 127.870256][ T5083] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 6318] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6313] <... futex resumed>) = 0 [pid 6315] <... futex resumed>) = 1 [pid 6322] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6315] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6313] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6322] <... futex resumed>) = 1 [pid 6321] <... futex resumed>) = 0 [pid 6315] <... mount resumed>) = 0 [pid 6321] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] lstat("./48/binderfs", [pid 6313] <... futex resumed>) = 0 [pid 6323] <... write resumed>) = 262144 [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6322] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6321] <... futex resumed>) = 0 [pid 6315] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6313] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] unlink("./48/binderfs" [pid 6323] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6318] <... futex resumed>) = 0 [pid 6323] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6318] exit_group(0 [pid 6323] <... futex resumed>) = ? [pid 6318] <... exit_group resumed>) = ? [pid 6323] +++ exited with 0 +++ [pid 6318] +++ exited with 0 +++ [pid 6314] <... write resumed>) = 262144 [pid 6314] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6312] <... futex resumed>) = 0 [pid 6321] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6313] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6314] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6312] exit_group(0 [pid 6314] <... futex resumed>) = ? [pid 6313] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6312] <... exit_group resumed>) = ? [pid 5084] <... unlink resumed>) = 0 [pid 6315] <... futex resumed>) = 0 [pid 6313] <... futex resumed>) = 0 [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6318, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5084] umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6315] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6313] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6314] +++ exited with 0 +++ [pid 6312] +++ exited with 0 +++ [pid 6322] <... write resumed>) = 262144 [pid 6315] <... open resumed>) = 6 [pid 6322] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6315] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6312, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6322] <... futex resumed>) = 1 [pid 6321] <... futex resumed>) = 0 [pid 6315] <... futex resumed>) = 1 [pid 6313] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6322] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6321] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6315] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6313] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 127.930173][ T9] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 127.945877][ T9] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 127.958435][ T9] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [pid 6322] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6321] <... futex resumed>) = 0 [pid 6315] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6313] <... futex resumed>) = 0 [pid 5086] <... openat resumed>) = 3 [pid 5083] <... umount2 resumed>) = 0 [pid 5082] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6322] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6321] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6315] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6313] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] fstat(3, [pid 5083] umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... openat resumed>) = 3 [pid 6322] <... mmap resumed>) = 0x20000000 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] fstat(3, [pid 6322] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] getdents64(3, [pid 5083] lstat("./47/bus", [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6322] <... futex resumed>) = 1 [pid 6315] <... write resumed>) = 262144 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(3, [pid 6321] <... futex resumed>) = 0 [pid 6321] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6315] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6322] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6321] <... futex resumed>) = 0 [pid 5083] umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6315] <... futex resumed>) = 1 [pid 6313] <... futex resumed>) = 0 [pid 6315] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6313] exit_group(0 [pid 6322] <... open resumed>) = 5 [pid 6321] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6315] <... futex resumed>) = ? [pid 6313] <... exit_group resumed>) = ? [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6322] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6315] +++ exited with 0 +++ [pid 6313] +++ exited with 0 +++ [pid 5086] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] openat(AT_FDCWD, "./47/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6322] <... futex resumed>) = 1 [pid 6321] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] <... openat resumed>) = 4 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6313, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 6322] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 6321] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] lstat("./47/binderfs", [pid 5083] fstat(4, [pid 5082] lstat("./47/binderfs", [pid 5081] restart_syscall(<... resuming interrupted clone ...> [pid 6321] <... futex resumed>) = 0 [pid 5081] <... restart_syscall resumed>) = 0 [pid 6322] <... mount resumed>) = 0 [pid 6322] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6321] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6322] <... futex resumed>) = 0 [pid 6321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] unlink("./47/binderfs" [pid 5083] getdents64(4, [pid 5082] unlink("./47/binderfs" [pid 5081] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6321] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6321] <... futex resumed>) = 0 [pid 5086] <... unlink resumed>) = 0 [pid 5081] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6322] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6321] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5082] <... unlink resumed>) = 0 [pid 5081] <... openat resumed>) = 3 [ 127.973660][ T9] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 127.993807][ T9] EXT4-fs (loop3): This should not happen!! Data will be lost [ 127.993807][ T9] [pid 6322] <... open resumed>) = 6 [pid 5083] getdents64(4, [pid 5082] umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] lstat("./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5081] unlink("./47/binderfs") = 0 [pid 6322] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5081] umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] close(4 [pid 6322] <... futex resumed>) = 1 [pid 6321] <... futex resumed>) = 0 [pid 6322] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] <... close resumed>) = 0 [ 128.031388][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 128.048892][ T9] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 128.067950][ T5118] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [pid 6322] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6321] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] rmdir("./47/bus" [pid 6322] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6321] <... futex resumed>) = 0 [pid 5083] <... rmdir resumed>) = 0 [ 128.073218][ T9] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 128.085702][ T11] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 128.098425][ T5084] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.108384][ T1062] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6321] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5083] close(3) = 0 [pid 5083] rmdir("./47") = 0 [pid 5083] mkdir("./48", 0777) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 6322] <... write resumed>) = 262144 [ 128.126666][ T5118] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 128.137383][ T11] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 128.147880][ T5118] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [ 128.164895][ T11] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [pid 6322] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] ioctl(3, LOOP_CLR_FD [pid 6322] <... futex resumed>) = 1 [pid 6321] <... futex resumed>) = 0 [pid 5084] <... umount2 resumed>) = 0 [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6322] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6321] exit_group(0 [pid 5084] umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] close(3 [pid 6322] <... futex resumed>) = ? [pid 6321] <... exit_group resumed>) = ? [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] <... close resumed>) = 0 [pid 6322] +++ exited with 0 +++ [pid 6321] +++ exited with 0 +++ [pid 5084] lstat("./48/bus", [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6321, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5084] umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6333 [pid 5085] umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] openat(AT_FDCWD, "./48/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 6333 attached [pid 5085] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5084] <... openat resumed>) = 4 [pid 6333] set_robust_list(0x555556f1a5e0, 24 [pid 5085] <... openat resumed>) = 3 [pid 5084] fstat(4, [pid 5085] fstat(3, [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] getdents64(4, [pid 5085] getdents64(3, [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5084] getdents64(4, [pid 5085] umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] close(4 [ 128.168197][ T1062] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:6: mark_inode_dirty error [ 128.177924][ T5118] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 128.208525][ T5118] EXT4-fs (loop1): This should not happen!! Data will be lost [ 128.208525][ T5118] [pid 5085] lstat("./47/binderfs", [pid 5084] <... close resumed>) = 0 [pid 6333] <... set_robust_list resumed>) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5084] rmdir("./48/bus" [pid 6333] chdir("./48" [pid 5085] unlink("./47/binderfs" [pid 5084] <... rmdir resumed>) = 0 [pid 6333] <... chdir resumed>) = 0 [pid 5085] <... unlink resumed>) = 0 [pid 5084] getdents64(3, [pid 6333] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5085] umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6333] <... prctl resumed>) = 0 [pid 5084] close(3 [pid 6333] setpgid(0, 0 [pid 5084] <... close resumed>) = 0 [pid 6333] <... setpgid resumed>) = 0 [pid 5084] rmdir("./48" [pid 6333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5084] <... rmdir resumed>) = 0 [pid 5084] mkdir("./49", 0777 [pid 6333] <... openat resumed>) = 3 [pid 5084] <... mkdir resumed>) = 0 [pid 6333] write(3, "1000", 4 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6333] <... write resumed>) = 4 [pid 5084] <... openat resumed>) = 3 [pid 6333] close(3 [pid 5084] ioctl(3, LOOP_CLR_FD [pid 6333] <... close resumed>) = 0 [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6333] symlink("/dev/binderfs", "./binderfs" [pid 5084] close(3) = 0 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6333] <... symlink resumed>) = 0 [pid 6333] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6334 [ 128.221042][ T5118] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 128.229202][ T1062] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 128.229336][ T11] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 128.259247][ T1062] EXT4-fs (loop5): This should not happen!! Data will be lost [ 128.259247][ T1062] [pid 6333] <... futex resumed>) = 0 [pid 6333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 6334 attached ) = 0x7f5659bc2000 [pid 6333] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6334] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 6334] chdir("./49") = 0 [pid 6333] <... mprotect resumed>) = 0 [pid 6334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6334] setpgid(0, 0) = 0 [pid 6334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6334] write(3, "1000", 4) = 4 [pid 6334] close(3) = 0 [pid 6334] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6334] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6334] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6334] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6335], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6335 [pid 6334] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6333] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6334] <... futex resumed>) = 0 [pid 6334] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6333] <... clone resumed>, parent_tid=[6336], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6336 [pid 6333] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6333] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6336 attached [pid 6336] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6336] memfd_create("syzkaller", 0) = 3 [pid 6336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [ 128.282369][ T5118] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 128.284430][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 128.311897][ T948] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 6336] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 6335 attached [pid 6335] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6335] memfd_create("syzkaller", 0) = 3 [pid 6335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [ 128.331483][ T5082] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.339046][ T11] EXT4-fs (loop0): This should not happen!! Data will be lost [ 128.339046][ T11] [ 128.366301][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [pid 6335] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6336] <... write resumed>) = 1048576 [pid 6336] munmap(0x7f56517c2000, 1048576) = 0 [pid 6336] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6336] ioctl(4, LOOP_SET_FD, 3 [pid 5082] <... umount2 resumed>) = 0 [pid 6336] <... ioctl resumed>) = 0 [pid 6336] close(3) = 0 [ 128.371966][ T948] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 128.396966][ T11] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 128.420923][ T6336] loop2: detected capacity change from 0 to 2048 [pid 6336] mkdir("./bus", 0777 [pid 6335] <... write resumed>) = 1048576 [pid 5082] umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6336] <... mkdir resumed>) = 0 [pid 6336] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6335] munmap(0x7f56517c2000, 1048576 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6335] <... munmap resumed>) = 0 [pid 6335] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 128.434626][ T5086] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.442057][ T948] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [ 128.452746][ T11] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 128.459805][ T948] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 6335] ioctl(4, LOOP_SET_FD, 3 [pid 5082] lstat("./47/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6335] <... ioctl resumed>) = 0 [pid 6335] close(3 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6335] <... close resumed>) = 0 [pid 6335] mkdir("./bus", 0777) = 0 [pid 6335] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5082] openat(AT_FDCWD, "./47/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5082] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5082] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] close(4) = 0 [pid 5082] rmdir("./47/bus") = 0 [pid 5082] getdents64(3, [pid 5086] <... umount2 resumed>) = 0 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5086] umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] close(3 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... close resumed>) = 0 [pid 5082] rmdir("./47" [pid 5086] lstat("./47/bus", [pid 5082] <... rmdir resumed>) = 0 [pid 5082] mkdir("./48", 0777) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... openat resumed>) = 3 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5086] openat(AT_FDCWD, "./47/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] close(3) = 0 [ 128.474543][ T6335] loop3: detected capacity change from 0 to 2048 [ 128.493228][ T948] EXT4-fs (loop4): This should not happen!! Data will be lost [ 128.493228][ T948] [ 128.505959][ T5081] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5086] <... openat resumed>) = 4 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5086] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6341 [ 128.532266][ T948] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 128.546986][ T6335] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 128.562627][ T6336] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5086] getdents64(4, ./strace-static-x86_64: Process 6341 attached [pid 6335] <... mount resumed>) = 0 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./47/bus") = 0 [pid 5086] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./47") = 0 [pid 5086] mkdir("./48", 0777) = 0 [pid 6335] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6335] <... openat resumed>) = 3 [pid 5086] <... openat resumed>) = 3 [pid 6335] chdir("./bus" [pid 5086] ioctl(3, LOOP_CLR_FD [pid 6335] <... chdir resumed>) = 0 [pid 6335] ioctl(4, LOOP_CLR_FD [pid 5086] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6335] <... ioctl resumed>) = 0 [pid 5086] close(3 [pid 6341] set_robust_list(0x555556f1a5e0, 24 [pid 6336] <... mount resumed>) = 0 [pid 6335] close(4 [pid 5086] <... close resumed>) = 0 [pid 5081] <... umount2 resumed>) = 0 [pid 6341] <... set_robust_list resumed>) = 0 [pid 6336] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6335] <... close resumed>) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5081] umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6341] chdir("./48" [pid 6336] <... openat resumed>) = 3 [pid 6335] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6341] <... chdir resumed>) = 0 [pid 6336] chdir("./bus" [pid 6335] <... futex resumed>) = 1 [pid 6334] <... futex resumed>) = 0 [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6342 [pid 5081] lstat("./47/bus", [pid 6341] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6336] <... chdir resumed>) = 0 [pid 6335] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6334] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6341] <... prctl resumed>) = 0 [pid 6336] ioctl(4, LOOP_CLR_FD [pid 6335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 128.574440][ T6335] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/49/bus supports timestamps until 2038 (0x7fffffff) [ 128.587963][ T6336] ext4 filesystem being mounted at /root/syzkaller.22hR0w/48/bus supports timestamps until 2038 (0x7fffffff) [ 128.594967][ T948] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 5081] umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6341] setpgid(0, 0 [pid 6336] <... ioctl resumed>) = 0 [pid 6335] chdir("./file0" [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6341] <... setpgid resumed>) = 0 [pid 6336] close(4 [pid 6334] <... futex resumed>) = 0 [pid 5081] openat(AT_FDCWD, "./47/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6336] <... close resumed>) = 0 [pid 6335] <... chdir resumed>) = 0 [pid 5081] <... openat resumed>) = 4 [pid 6341] <... openat resumed>) = 3 [pid 6336] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6335] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6334] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] fstat(4, [pid 6341] write(3, "1000", 4 [pid 6336] <... futex resumed>) = 1 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6341] <... write resumed>) = 4 [pid 6336] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] getdents64(4, [pid 6341] close(3 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6341] <... close resumed>) = 0 [pid 5081] getdents64(4, [pid 6341] symlink("/dev/binderfs", "./binderfs" [pid 5081] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6341] <... symlink resumed>) = 0 [pid 5081] close(4 [pid 6341] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... close resumed>) = 0 [pid 6341] <... futex resumed>) = 0 [pid 5081] rmdir("./47/bus" [pid 6341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5081] <... rmdir resumed>) = 0 [pid 6341] <... mmap resumed>) = 0x7f5659bc2000 [pid 6335] <... futex resumed>) = 0 [pid 6334] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6333] <... futex resumed>) = 0 [pid 5081] getdents64(3, ./strace-static-x86_64: Process 6342 attached [pid 6341] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6335] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6334] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6333] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6336] <... futex resumed>) = 0 [pid 6335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6334] <... futex resumed>) = 0 [pid 6333] <... futex resumed>) = 1 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6342] set_robust_list(0x555556f1a5e0, 24 [pid 6341] <... mprotect resumed>) = 0 [pid 6336] chdir("./file0" [pid 6335] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6334] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6333] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] close(3 [pid 6342] <... set_robust_list resumed>) = 0 [pid 6341] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6336] <... chdir resumed>) = 0 [pid 6335] <... openat resumed>) = 4 ./strace-static-x86_64: Process 6343 attached [pid 6342] chdir("./48" [pid 6336] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6335] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... close resumed>) = 0 [pid 6342] <... chdir resumed>) = 0 [pid 6341] <... clone resumed>, parent_tid=[6343], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6343 [pid 6336] <... futex resumed>) = 1 [pid 6335] <... futex resumed>) = 1 [ 128.627680][ T5085] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 6334] <... futex resumed>) = 0 [pid 6333] <... futex resumed>) = 0 [pid 5081] rmdir("./47" [pid 6342] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6341] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6336] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6335] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... rmdir resumed>) = 0 [pid 6342] <... prctl resumed>) = 0 [pid 6341] <... futex resumed>) = 0 [pid 5081] mkdir("./48", 0777 [pid 6342] setpgid(0, 0 [pid 6341] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5081] <... mkdir resumed>) = 0 [pid 6342] <... setpgid resumed>) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6342] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5081] <... openat resumed>) = 3 [pid 6342] <... openat resumed>) = 3 [pid 6335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6334] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6333] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] ioctl(3, LOOP_CLR_FD [pid 6342] write(3, "1000", 4 [pid 6336] <... futex resumed>) = 0 [pid 6335] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6334] <... futex resumed>) = 0 [pid 6333] <... futex resumed>) = 1 [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6342] <... write resumed>) = 4 [pid 6336] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5081] close(3 [pid 6342] close(3 [pid 5081] <... close resumed>) = 0 [pid 6342] <... close resumed>) = 0 [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6342] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6344 [pid 6342] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6342] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6342] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6334] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6333] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6342] <... clone resumed>, parent_tid=[6345], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6345 [pid 6342] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6336] <... openat resumed>) = 4 [pid 6342] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6336] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6333] <... futex resumed>) = 0 [pid 6336] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6333] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6336] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6333] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6345 attached [pid 6336] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6333] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6345] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6345] memfd_create("syzkaller", 0) = 3 [pid 6345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6343] set_robust_list(0x7f5659be29e0, 24 [pid 5085] <... umount2 resumed>) = 0 [pid 6343] <... set_robust_list resumed>) = 0 [pid 6343] memfd_create("syzkaller", 0) = 3 [pid 6343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 ./strace-static-x86_64: Process 6344 attached [pid 6344] set_robust_list(0x555556f1a5e0, 24 [pid 6345] <... write resumed>) = 1048576 [pid 6344] <... set_robust_list resumed>) = 0 [pid 6343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6336] <... write resumed>) = 262144 [pid 6335] <... write resumed>) = 262144 [pid 6334] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5085] umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6344] chdir("./48" [pid 6336] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6335] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6334] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6333] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6334] <... futex resumed>) = 0 [pid 6336] <... futex resumed>) = 0 [pid 6335] <... futex resumed>) = 0 [pid 6334] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6333] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] lstat("./47/bus", [pid 6344] <... chdir resumed>) = 0 [pid 6336] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6335] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6333] <... futex resumed>) = 0 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6345] munmap(0x7f56517c2000, 1048576 [pid 6335] <... mmap resumed>) = 0x20000000 [pid 6336] <... mmap resumed>) = 0x20000000 [pid 6333] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6344] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6335] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] umount2("./47/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6344] <... prctl resumed>) = 0 [pid 6336] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6335] <... futex resumed>) = 1 [pid 6334] <... futex resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6345] <... munmap resumed>) = 0 [pid 6344] setpgid(0, 0 [pid 6336] <... futex resumed>) = 1 [pid 6335] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6334] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6333] <... futex resumed>) = 0 [pid 5085] openat(AT_FDCWD, "./47/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6345] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6344] <... setpgid resumed>) = 0 [pid 6336] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6334] <... futex resumed>) = 0 [pid 6333] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... openat resumed>) = 4 [pid 6345] <... openat resumed>) = 4 [pid 6334] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6333] <... futex resumed>) = 0 [pid 6345] ioctl(4, LOOP_SET_FD, 3 [pid 6344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6335] <... open resumed>) = 5 [pid 6333] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] fstat(4, [pid 6345] <... ioctl resumed>) = 0 [pid 6344] <... openat resumed>) = 3 [pid 6336] <... open resumed>) = 5 [pid 6344] write(3, "1000", 4 [pid 6336] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6335] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6344] <... write resumed>) = 4 [pid 6336] <... futex resumed>) = 1 [pid 6335] <... futex resumed>) = 1 [pid 6334] <... futex resumed>) = 0 [pid 6333] <... futex resumed>) = 0 [pid 5085] getdents64(4, [pid 6345] close(3 [pid 6344] close(3 [pid 6343] <... write resumed>) = 1048576 [pid 6336] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6335] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6334] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6333] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6345] <... close resumed>) = 0 [pid 6344] <... close resumed>) = 0 [pid 6343] munmap(0x7f56517c2000, 1048576 [pid 6336] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6334] <... futex resumed>) = 0 [pid 6333] <... futex resumed>) = 0 [pid 5085] getdents64(4, [pid 6345] mkdir("./bus", 0777 [pid 6344] symlink("/dev/binderfs", "./binderfs" [pid 6343] <... munmap resumed>) = 0 [pid 6336] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 6335] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 6334] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6333] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6345] <... mkdir resumed>) = 0 [pid 6344] <... symlink resumed>) = 0 [pid 6343] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6336] <... mount resumed>) = 0 [pid 6335] <... mount resumed>) = 0 [pid 5085] close(4 [pid 6345] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6344] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6343] <... openat resumed>) = 4 [pid 6336] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6335] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... close resumed>) = 0 [pid 6344] <... futex resumed>) = 0 [ 128.761472][ T6345] loop5: detected capacity change from 0 to 2048 [pid 6343] ioctl(4, LOOP_SET_FD, 3 [pid 6336] <... futex resumed>) = 1 [pid 6335] <... futex resumed>) = 1 [pid 6334] <... futex resumed>) = 0 [pid 6333] <... futex resumed>) = 0 [pid 5085] rmdir("./47/bus" [pid 6344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6336] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6335] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6343] <... ioctl resumed>) = 0 [pid 6334] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6333] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... rmdir resumed>) = 0 [pid 6344] <... mmap resumed>) = 0x7f5659bc2000 [pid 6343] close(3 [pid 6336] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6334] <... futex resumed>) = 0 [pid 6333] <... futex resumed>) = 0 [pid 5085] getdents64(3, [pid 6344] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6343] <... close resumed>) = 0 [pid 6336] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6335] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6334] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6333] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6344] <... mprotect resumed>) = 0 [pid 6343] mkdir("./bus", 0777 [pid 6336] <... open resumed>) = 6 [pid 6335] <... open resumed>) = 6 [pid 6344] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6343] <... mkdir resumed>) = 0 [pid 6336] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6335] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] close(3 [pid 6343] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6336] <... futex resumed>) = 1 [pid 6335] <... futex resumed>) = 1 [pid 6334] <... futex resumed>) = 0 [pid 6333] <... futex resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 6344] <... clone resumed>, parent_tid=[6346], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6346 ./strace-static-x86_64: Process 6346 attached [pid 6346] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6346] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6336] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6335] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6344] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6334] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6333] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] rmdir("./47" [pid 6335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6334] <... futex resumed>) = 0 [pid 6333] <... futex resumed>) = 0 [pid 6346] <... futex resumed>) = 0 [pid 6344] <... futex resumed>) = 1 [pid 6336] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6335] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6334] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6333] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... rmdir resumed>) = 0 [pid 6346] memfd_create("syzkaller", 0 [pid 6344] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 128.813168][ T6343] loop1: detected capacity change from 0 to 2048 [ 128.840259][ T6345] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 6336] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6346] <... memfd_create resumed>) = 3 [pid 6345] <... mount resumed>) = 0 [pid 6336] <... write resumed>) = 262144 [pid 5085] mkdir("./48", 0777 [pid 6346] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6345] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6336] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6335] <... write resumed>) = 262144 [pid 6346] <... mmap resumed>) = 0x7f56517c2000 [pid 6345] <... openat resumed>) = 3 [pid 6336] <... futex resumed>) = 1 [pid 6335] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6333] <... futex resumed>) = 0 [pid 5085] <... mkdir resumed>) = 0 [pid 6336] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6335] <... futex resumed>) = 1 [pid 6334] <... futex resumed>) = 0 [pid 6335] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6334] exit_group(0 [pid 6335] <... futex resumed>) = ? [pid 6334] <... exit_group resumed>) = ? [pid 6346] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6345] chdir("./bus" [pid 6335] +++ exited with 0 +++ [pid 6333] exit_group(0 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6334] +++ exited with 0 +++ [pid 6345] <... chdir resumed>) = 0 [pid 6336] <... futex resumed>) = ? [pid 6333] <... exit_group resumed>) = ? [pid 5085] <... openat resumed>) = 3 [pid 6345] ioctl(4, LOOP_CLR_FD [pid 5085] ioctl(3, LOOP_CLR_FD [pid 6345] <... ioctl resumed>) = 0 [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6345] close(4 [pid 6336] +++ exited with 0 +++ [pid 6333] +++ exited with 0 +++ [pid 5085] close(3 [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6334, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- [pid 6346] <... write resumed>) = 1048576 [pid 6345] <... close resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 6345] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6345] <... futex resumed>) = 1 [pid 6345] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6351 [pid 6342] <... futex resumed>) = 0 [pid 5084] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6342] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6333, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6345] <... futex resumed>) = 0 [pid 6342] <... futex resumed>) = 1 [pid 5084] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] restart_syscall(<... resuming interrupted clone ...> [pid 6345] chdir("./file0" [pid 6342] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... openat resumed>) = 3 [pid 5083] <... restart_syscall resumed>) = 0 [pid 6345] <... chdir resumed>) = 0 [pid 5084] fstat(3, [pid 6345] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6342] <... futex resumed>) = 0 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6345] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6342] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] getdents64(3, [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6345] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6342] <... futex resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [ 128.859757][ T6345] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/48/bus supports timestamps until 2038 (0x7fffffff) [ 128.895746][ T6343] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 5083] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6345] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6342] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... openat resumed>) = 3 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] fstat(3, [pid 6346] munmap(0x7f56517c2000, 1048576 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5083] getdents64(3, [pid 6345] <... openat resumed>) = 4 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5084] unlink("./49/binderfs" [pid 6345] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] <... unlink resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6342] <... futex resumed>) = 0 [pid 6345] <... futex resumed>) = 1 [pid 6342] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6345] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5084] umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] lstat("./48/binderfs", [pid 6346] <... munmap resumed>) = 0 [pid 6342] <... futex resumed>) = 0 [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6346] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6342] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] unlink("./48/binderfs" [pid 6346] <... openat resumed>) = 4 [pid 6346] ioctl(4, LOOP_SET_FD, 3 [pid 5083] <... unlink resumed>) = 0 [ 128.922520][ T6346] loop0: detected capacity change from 0 to 2048 [ 128.931069][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 128.941186][ T6343] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/48/bus supports timestamps until 2038 (0x7fffffff) [ 128.956873][ T9] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 5083] umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6346] <... ioctl resumed>) = 0 [pid 6346] close(3) = 0 [pid 6346] mkdir("./bus", 0777) = 0 [pid 6346] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6343] <... mount resumed>) = 0 [pid 6343] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6343] chdir("./bus") = 0 [pid 6343] ioctl(4, LOOP_CLR_FD) = 0 [pid 6343] close(4) = 0 [pid 6343] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6343] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6351 attached [pid 6351] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 6351] chdir("./48") = 0 [pid 6351] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6351] setpgid(0, 0) = 0 [pid 6351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6351] write(3, "1000", 4) = 4 [pid 6351] close(3) = 0 [pid 6351] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6351] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6351] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6351] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6352], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6352 [pid 6351] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6351] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6352 attached [pid 6352] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6352] memfd_create("syzkaller", 0) = 3 [pid 6352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6341] <... futex resumed>) = 0 [pid 6341] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6343] <... futex resumed>) = 0 [pid 6343] chdir("./file0" [pid 6341] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6342] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6342] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6342] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6343] <... chdir resumed>) = 0 [pid 6342] <... mmap resumed>) = 0x7f56518a1000 [pid 6342] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE [pid 6343] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6342] <... mprotect resumed>) = 0 [pid 6343] <... futex resumed>) = 1 [pid 6341] <... futex resumed>) = 0 [pid 6343] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6342] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6341] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6341] <... futex resumed>) = 0 [pid 6343] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6342] <... clone resumed>, parent_tid=[6353], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 6353 [pid 6341] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6342] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6342] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6343] <... openat resumed>) = 4 ./strace-static-x86_64: Process 6353 attached [pid 6353] set_robust_list(0x7f56518c19e0, 24) = 0 [pid 6343] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6353] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6343] <... futex resumed>) = 1 [pid 6341] <... futex resumed>) = 0 [pid 6341] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6343] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6341] <... futex resumed>) = 0 [pid 6341] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6345] <... write resumed>) = 253952 [pid 6345] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6345] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6352] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6353] <... mmap resumed>) = 0x20000000 [pid 6353] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6342] <... futex resumed>) = 0 [pid 6353] <... futex resumed>) = 1 [pid 6342] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6345] <... futex resumed>) = 0 [pid 6342] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6353] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6345] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6352] <... write resumed>) = 1048576 [pid 6345] <... open resumed>) = 5 [pid 6343] <... write resumed>) = 262144 [pid 6341] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6345] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6341] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6345] <... futex resumed>) = 1 [pid 6342] <... futex resumed>) = 0 [ 129.020876][ T27] kauditd_printk_skb: 14 callbacks suppressed [ 129.020893][ T27] audit: type=1800 audit(1678856080.425:290): pid=6345 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop5" ino=19 res=0 errno=0 [ 129.036402][ T11] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6342] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6341] <... mmap resumed>) = 0x7f56518a1000 [pid 6342] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6345] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL) = 0 [pid 6341] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6345] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6342] <... futex resumed>) = 0 [pid 6341] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6342] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6342] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6345] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 6345] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6342] <... futex resumed>) = 0 [pid 6345] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6342] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6341] <... clone resumed>, parent_tid=[6356], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 6356 [pid 6345] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6342] <... futex resumed>) = 0 [pid 6341] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6345] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6342] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6341] <... futex resumed>) = 0 [pid 6343] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6341] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6356 attached [pid 6356] set_robust_list(0x7f56518c19e0, 24) = 0 [pid 6356] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6343] <... futex resumed>) = 0 [pid 6343] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6356] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6341] <... futex resumed>) = 0 [pid 6356] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [ 129.063121][ T6346] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 129.089104][ T9] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6341] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6343] <... futex resumed>) = 0 [pid 6341] <... futex resumed>) = 1 [pid 6341] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6343] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6352] munmap(0x7f56517c2000, 1048576 [pid 6345] <... write resumed>) = 253952 [pid 6343] <... open resumed>) = 5 [pid 6352] <... munmap resumed>) = 0 [pid 6352] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6352] ioctl(4, LOOP_SET_FD, 3 [pid 6345] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6343] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6342] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 129.120677][ T27] audit: type=1800 audit(1678856080.515:291): pid=6343 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop1" ino=19 res=0 errno=0 [ 129.131838][ T11] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 129.144835][ T6352] loop4: detected capacity change from 0 to 2048 [ 129.154611][ T11] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 6345] <... futex resumed>) = 0 [pid 6343] <... futex resumed>) = 1 [pid 6342] exit_group(0 [pid 6341] <... futex resumed>) = 0 [pid 6353] <... futex resumed>) = ? [pid 6343] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6342] <... exit_group resumed>) = ? [pid 6341] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6352] <... ioctl resumed>) = 0 [pid 6352] close(3) = 0 [pid 6352] mkdir("./bus", 0777) = 0 [pid 6352] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6353] +++ exited with 0 +++ [pid 6345] +++ exited with 0 +++ [pid 6343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 129.159731][ T6346] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/48/bus supports timestamps until 2038 (0x7fffffff) [ 129.172140][ T11] EXT4-fs (loop3): This should not happen!! Data will be lost [ 129.172140][ T11] [ 129.184750][ T9] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [ 129.195021][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 6343] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 6342] +++ exited with 0 +++ [pid 6341] <... futex resumed>) = 0 [pid 6346] <... mount resumed>) = 0 [pid 6346] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6346] chdir("./bus") = 0 [pid 6346] ioctl(4, LOOP_CLR_FD) = 0 [pid 6346] close(4) = 0 [pid 6346] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6344] <... futex resumed>) = 0 [pid 6344] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6344] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6346] <... futex resumed>) = 1 [pid 6346] chdir("./file0" [pid 6343] <... mount resumed>) = 0 [pid 6341] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6346] <... chdir resumed>) = 0 [pid 6343] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6341] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6342, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 6346] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6344] <... futex resumed>) = 0 [pid 6343] <... futex resumed>) = 0 [pid 6341] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6346] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6344] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] <... openat resumed>) = 4 [pid 6344] <... futex resumed>) = 0 [pid 6343] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6341] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6344] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6346] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6344] <... futex resumed>) = 0 [pid 6346] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6344] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6343] <... open resumed>) = 6 [pid 6341] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6344] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6343] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6341] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] <... openat resumed>) = 3 [pid 6343] <... futex resumed>) = 0 [ 129.218913][ T9] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 129.221237][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 129.236469][ T9] EXT4-fs (loop2): This should not happen!! Data will be lost [ 129.236469][ T9] [ 129.256163][ T9] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 6343] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6341] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] fstat(3, [pid 6341] <... futex resumed>) = 0 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6341] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5086] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5086] unlink("./48/binderfs") = 0 [pid 5086] umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6343] <... write resumed>) = 262144 [pid 6346] <... write resumed>) = 262144 [pid 6346] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6344] <... futex resumed>) = 0 [pid 6344] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6343] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6344] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6346] <... futex resumed>) = 1 [pid 6346] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6346] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6344] <... futex resumed>) = 0 [pid 6344] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6344] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6346] <... futex resumed>) = 1 [ 129.293962][ T6352] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 129.314237][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [pid 6346] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 6343] <... futex resumed>) = 1 [pid 6341] <... futex resumed>) = 0 [pid 6341] exit_group(0 [pid 6344] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6344] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f56518a1000 [pid 6344] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6344] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6359], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 6359 [pid 6344] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6344] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6356] <... futex resumed>) = ? [pid 6341] <... exit_group resumed>) = ? [pid 6356] +++ exited with 0 +++ [ 129.318303][ T27] audit: type=1800 audit(1678856080.715:292): pid=6346 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop0" ino=19 res=0 errno=0 [ 129.330805][ T6352] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/48/bus supports timestamps until 2038 (0x7fffffff) [ 129.349754][ T1062] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 129.363587][ T5084] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.372054][ T9] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 6352] <... mount resumed>) = 0 [pid 6346] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6359 attached [pid 6352] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6346] <... futex resumed>) = 0 [pid 6343] +++ exited with 0 +++ [pid 6341] +++ exited with 0 +++ [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6341, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5082] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5082] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5082] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6359] set_robust_list(0x7f56518c19e0, 24 [pid 6352] <... openat resumed>) = 3 [pid 6346] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6344] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 129.391424][ T1062] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:6: mark_inode_dirty error [ 129.395121][ T5083] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.413787][ T1062] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 62 with error 117 [ 129.429739][ T1062] EXT4-fs (loop5): This should not happen!! Data will be lost [ 129.429739][ T1062] [pid 5082] lstat("./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] unlink("./48/binderfs") = 0 [ 129.441057][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 129.455078][ T5118] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 129.468300][ T1062] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [pid 5082] umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6359] <... set_robust_list resumed>) = 0 [pid 6352] chdir("./bus" [pid 6344] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... umount2 resumed>) = 0 [pid 6359] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6352] <... chdir resumed>) = 0 [pid 6346] <... futex resumed>) = 0 [pid 6344] <... futex resumed>) = 1 [pid 6359] <... mount resumed>) = 0 [pid 6352] ioctl(4, LOOP_CLR_FD [pid 6346] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6344] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6359] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6352] <... ioctl resumed>) = 0 [pid 6346] <... open resumed>) = 6 [pid 6359] <... futex resumed>) = 0 [pid 6352] close(4 [pid 6346] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6359] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6352] <... close resumed>) = 0 [pid 6346] <... futex resumed>) = 1 [pid 6344] <... futex resumed>) = 0 [pid 6352] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6344] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6352] <... futex resumed>) = 1 [pid 6351] <... futex resumed>) = 0 [pid 6346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6344] <... futex resumed>) = 0 [pid 6352] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6351] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6344] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6351] <... futex resumed>) = 0 [pid 6352] chdir("./file0" [pid 6351] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6352] <... chdir resumed>) = 0 [pid 5084] umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6352] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] <... write resumed>) = 262144 [pid 6352] <... futex resumed>) = 1 [pid 6351] <... futex resumed>) = 0 [pid 6352] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6351] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6351] <... futex resumed>) = 0 [pid 6352] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6351] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6346] <... futex resumed>) = 1 [pid 6344] <... futex resumed>) = 0 [pid 5084] lstat("./49/bus", [pid 6352] <... openat resumed>) = 4 [pid 6346] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6344] exit_group(0 [pid 5084] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] <... umount2 resumed>) = 0 [pid 6359] <... futex resumed>) = ? [pid 6352] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] <... futex resumed>) = ? [pid 6344] <... exit_group resumed>) = ? [pid 5084] umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6359] +++ exited with 0 +++ [pid 6352] <... futex resumed>) = 1 [pid 6351] <... futex resumed>) = 0 [pid 6346] +++ exited with 0 +++ [pid 6344] +++ exited with 0 +++ [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6352] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6351] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] openat(AT_FDCWD, "./49/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6351] <... futex resumed>) = 0 [ 129.490586][ T5086] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6352] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6351] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... openat resumed>) = 4 [pid 5083] lstat("./48/bus", [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6344, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 6352] <... write resumed>) = 262144 [pid 6352] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6351] <... futex resumed>) = 0 [pid 6351] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6351] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] restart_syscall(<... resuming interrupted clone ...> [pid 5084] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5084] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5084] close(4) = 0 [pid 5084] rmdir("./49/bus") = 0 [pid 5084] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5084] close(3) = 0 [pid 5084] rmdir("./49") = 0 [pid 5084] mkdir("./50", 0777 [pid 5083] umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] <... restart_syscall resumed>) = 0 [pid 5084] <... mkdir resumed>) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6352] <... futex resumed>) = 1 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5083] openat(AT_FDCWD, "./48/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6352] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5084] <... openat resumed>) = 3 [pid 6352] <... mmap resumed>) = 0x20000000 [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5083] <... openat resumed>) = 4 [pid 5081] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5083] fstat(4, [pid 6352] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] close(3 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6352] <... futex resumed>) = 1 [pid 6351] <... futex resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 5083] getdents64(4, [pid 5081] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6352] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [ 129.553231][ T5118] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 129.575186][ T27] audit: type=1800 audit(1678856080.975:293): pid=6352 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop4" ino=19 res=0 errno=0 [pid 6351] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... umount2 resumed>) = 0 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6352] <... open resumed>) = 5 [pid 6351] <... futex resumed>) = 0 [pid 5081] <... openat resumed>) = 3 [pid 6352] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6351] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6360 [pid 6352] <... futex resumed>) = 0 [pid 6351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6352] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 6351] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6352] <... mount resumed>) = 0 [pid 6351] <... futex resumed>) = 0 [pid 5086] umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6352] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6351] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6352] <... futex resumed>) = 0 [pid 6351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] lstat("./48/bus", ./strace-static-x86_64: Process 6360 attached [pid 6352] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6351] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6360] set_robust_list(0x555556f1a5e0, 24 [pid 6352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6351] <... futex resumed>) = 0 [pid 5086] umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6360] <... set_robust_list resumed>) = 0 [pid 6352] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6351] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6360] chdir("./50" [pid 6352] <... open resumed>) = 6 [pid 5086] openat(AT_FDCWD, "./48/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6360] <... chdir resumed>) = 0 [pid 6352] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... openat resumed>) = 4 [pid 6360] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6352] <... futex resumed>) = 1 [pid 6351] <... futex resumed>) = 0 [pid 5086] fstat(4, [pid 6360] <... prctl resumed>) = 0 [pid 6352] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6351] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6360] setpgid(0, 0 [pid 6352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6351] <... futex resumed>) = 0 [pid 5086] getdents64(4, [pid 5083] getdents64(4, [pid 5081] fstat(3, [pid 6360] <... setpgid resumed>) = 0 [pid 6352] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6351] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5086] getdents64(4, [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6360] <... openat resumed>) = 3 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6360] write(3, "1000", 4 [pid 5086] close(4 [pid 5081] getdents64(3, [pid 5083] close(4 [pid 6360] <... write resumed>) = 4 [pid 5086] <... close resumed>) = 0 [pid 6360] close(3 [pid 5086] rmdir("./48/bus" [pid 6360] <... close resumed>) = 0 [pid 5086] <... rmdir resumed>) = 0 [pid 6360] symlink("/dev/binderfs", "./binderfs" [pid 5086] getdents64(3, [pid 6360] <... symlink resumed>) = 0 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6360] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] close(3 [pid 6360] <... futex resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 6360] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5086] rmdir("./48" [pid 6360] <... mmap resumed>) = 0x7f5659bc2000 [pid 5086] <... rmdir resumed>) = 0 [pid 6360] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5086] mkdir("./49", 0777 [pid 6360] <... mprotect resumed>) = 0 [pid 6352] <... write resumed>) = 262144 [pid 5086] <... mkdir resumed>) = 0 [pid 5083] <... close resumed>) = 0 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6360] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [ 129.590176][ T5118] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [pid 6352] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5083] rmdir("./48/bus" [pid 5081] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6352] <... futex resumed>) = 1 [pid 6351] <... futex resumed>) = 0 [pid 5086] <... openat resumed>) = 3 [pid 6360] <... clone resumed>, parent_tid=[6361], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6361 [pid 6352] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6351] exit_group(0 [pid 5086] ioctl(3, LOOP_CLR_FD [pid 5083] <... rmdir resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6360] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6352] <... futex resumed>) = ? [pid 6351] <... exit_group resumed>) = ? [pid 5086] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6360] <... futex resumed>) = 0 [pid 6352] +++ exited with 0 +++ [pid 6351] +++ exited with 0 +++ [pid 5086] close(3 [pid 5083] getdents64(3, [pid 5081] lstat("./48/binderfs", [pid 6360] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5086] <... close resumed>) = 0 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6351, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6361 attached [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5083] close(3 [pid 5081] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6361] set_robust_list(0x7f5659be29e0, 24 [pid 5083] <... close resumed>) = 0 [pid 5081] unlink("./48/binderfs" [pid 6361] <... set_robust_list resumed>) = 0 [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6362 [pid 5083] rmdir("./48" [pid 6361] memfd_create("syzkaller", 0 [pid 5081] <... unlink resumed>) = 0 [pid 6361] <... memfd_create resumed>) = 3 [pid 5083] <... rmdir resumed>) = 0 [pid 5081] umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5085] umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] mkdir("./49", 0777./strace-static-x86_64: Process 6362 attached [pid 6361] <... mmap resumed>) = 0x7f56517c2000 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6361] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5085] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] <... mkdir resumed>) = 0 [pid 6362] set_robust_list(0x555556f1a5e0, 24 [pid 5085] <... openat resumed>) = 3 [pid 6362] <... set_robust_list resumed>) = 0 [pid 5085] fstat(3, [pid 6362] chdir("./49" [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6362] <... chdir resumed>) = 0 [pid 5085] getdents64(3, [pid 6362] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6362] <... prctl resumed>) = 0 [pid 5085] umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6362] setpgid(0, 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6362] <... setpgid resumed>) = 0 [pid 5085] lstat("./48/binderfs", [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6362] <... openat resumed>) = 3 [pid 5085] unlink("./48/binderfs" [pid 5083] <... openat resumed>) = 3 [pid 6362] write(3, "1000", 4 [pid 5085] <... unlink resumed>) = 0 [pid 5083] ioctl(3, LOOP_CLR_FD [pid 6362] <... write resumed>) = 4 [ 129.662837][ T1062] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 129.673587][ T5118] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5085] umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6362] close(3 [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6362] <... close resumed>) = 0 [pid 6362] symlink("/dev/binderfs", "./binderfs" [pid 5083] close(3 [pid 6362] <... symlink resumed>) = 0 [pid 6362] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6362] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6362] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6363], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6363 [pid 6362] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6362] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6363 attached [pid 6363] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6363] memfd_create("syzkaller", 0) = 3 [pid 6363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5083] <... close resumed>) = 0 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6363] <... mmap resumed>) = 0x7f56517c2000 ./strace-static-x86_64: Process 6364 attached [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6364 [pid 6364] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 6364] chdir("./49") = 0 [pid 6361] <... write resumed>) = 1048576 [pid 6364] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6361] munmap(0x7f56517c2000, 1048576 [pid 6364] setpgid(0, 0) = 0 [pid 6364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6364] write(3, "1000", 4) = 4 [pid 6361] <... munmap resumed>) = 0 [pid 6364] close(3) = 0 [pid 6363] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6361] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6364] symlink("/dev/binderfs", "./binderfs" [pid 6361] <... openat resumed>) = 4 [pid 6364] <... symlink resumed>) = 0 [pid 6364] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 129.701945][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 129.719841][ T1062] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 129.745000][ T11] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6361] ioctl(4, LOOP_SET_FD, 3 [pid 6364] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6361] <... ioctl resumed>) = 0 [pid 6364] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6364] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6365], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6365 [pid 6364] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 129.770137][ T6361] loop3: detected capacity change from 0 to 2048 [ 129.770619][ T1062] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:6: mark_inode_dirty error [ 129.780609][ T5118] EXT4-fs (loop1): This should not happen!! Data will be lost [ 129.780609][ T5118] [ 129.807907][ T11] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [pid 6364] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6365 attached [pid 6361] close(3) = 0 [pid 6361] mkdir("./bus", 0777) = 0 [pid 6361] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6363] <... write resumed>) = 1048576 [pid 6363] munmap(0x7f56517c2000, 1048576 [pid 6365] set_robust_list(0x7f5659be29e0, 24 [pid 6363] <... munmap resumed>) = 0 [pid 6363] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 6363] ioctl(4, LOOP_SET_FD, 3 [pid 6365] <... set_robust_list resumed>) = 0 [pid 6365] memfd_create("syzkaller", 0) = 3 [ 129.808875][ T1062] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 129.833598][ T1062] EXT4-fs (loop0): This should not happen!! Data will be lost [ 129.833598][ T1062] [ 129.836811][ T6363] loop5: detected capacity change from 0 to 2048 [ 129.845414][ T1062] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [pid 6365] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6365] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6363] <... ioctl resumed>) = 0 [ 129.865546][ T11] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 129.866423][ T1062] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 129.881013][ T5118] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 129.904026][ T5081] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 6363] close(3) = 0 [pid 6363] mkdir("./bus", 0777 [pid 6365] <... write resumed>) = 1048576 [pid 6363] <... mkdir resumed>) = 0 [pid 5081] <... umount2 resumed>) = 0 [ 129.915192][ T11] EXT4-fs (loop4): This should not happen!! Data will be lost [ 129.915192][ T11] [ 129.928423][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 129.944234][ T5118] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 129.955512][ T6361] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 6365] munmap(0x7f56517c2000, 1048576 [pid 6363] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5081] umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6365] <... munmap resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] lstat("./48/bus", [pid 6365] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6361] <... mount resumed>) = 0 [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6365] <... openat resumed>) = 4 [pid 6361] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5081] umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6361] <... openat resumed>) = 3 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6365] ioctl(4, LOOP_SET_FD, 3 [pid 6361] chdir("./bus" [pid 5081] openat(AT_FDCWD, "./48/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6361] <... chdir resumed>) = 0 [pid 5081] <... openat resumed>) = 4 [pid 6361] ioctl(4, LOOP_CLR_FD [pid 5081] fstat(4, [pid 6361] <... ioctl resumed>) = 0 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6361] close(4) = 0 [pid 5081] getdents64(4, [pid 6365] <... ioctl resumed>) = 0 [pid 6361] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6365] close(3 [pid 6361] <... futex resumed>) = 1 [pid 6360] <... futex resumed>) = 0 [ 129.958592][ T11] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 129.969635][ T6361] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/50/bus supports timestamps until 2038 (0x7fffffff) [ 130.002095][ T6365] loop2: detected capacity change from 0 to 2048 [pid 5081] getdents64(4, [pid 6365] <... close resumed>) = 0 [pid 6361] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6360] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6360] <... futex resumed>) = 0 [pid 6360] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6365] mkdir("./bus", 0777 [pid 6361] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5081] close(4 [pid 6361] chdir("./file0" [pid 6365] <... mkdir resumed>) = 0 [pid 5081] <... close resumed>) = 0 [pid 6361] <... chdir resumed>) = 0 [pid 6365] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5081] rmdir("./48/bus" [pid 6363] <... mount resumed>) = 0 [pid 6361] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6363] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6361] <... futex resumed>) = 1 [pid 6360] <... futex resumed>) = 0 [pid 5081] <... rmdir resumed>) = 0 [pid 6363] <... openat resumed>) = 3 [pid 6361] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6360] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6360] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6363] chdir("./bus" [pid 5081] getdents64(3, [pid 6361] <... openat resumed>) = 4 [pid 6363] <... chdir resumed>) = 0 [pid 6361] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6363] ioctl(4, LOOP_CLR_FD [pid 6361] <... futex resumed>) = 1 [pid 5081] close(3 [pid 6363] <... ioctl resumed>) = 0 [pid 6361] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... close resumed>) = 0 [pid 6363] close(4 [pid 5081] rmdir("./48" [pid 6363] <... close resumed>) = 0 [pid 6360] <... futex resumed>) = 0 [pid 5081] <... rmdir resumed>) = 0 [pid 6363] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6360] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] mkdir("./49", 0777 [pid 6363] <... futex resumed>) = 1 [pid 6362] <... futex resumed>) = 0 [ 130.021870][ T5082] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.022484][ T5085] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.031883][ T6363] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 130.055642][ T6363] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/49/bus supports timestamps until 2038 (0x7fffffff) [pid 6361] <... futex resumed>) = 0 [pid 6360] <... futex resumed>) = 1 [pid 5081] <... mkdir resumed>) = 0 [pid 6363] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6362] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6361] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6360] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6362] <... futex resumed>) = 0 [pid 6361] <... write resumed>) = 262144 [pid 5085] <... umount2 resumed>) = 0 [pid 5082] <... umount2 resumed>) = 0 [pid 5081] <... openat resumed>) = 3 [pid 6363] chdir("./file0" [pid 6362] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5081] ioctl(3, LOOP_CLR_FD [pid 6363] <... chdir resumed>) = 0 [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6363] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] close(3) = 0 [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 6372 [pid 6361] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6360] <... futex resumed>) = 0 [pid 6361] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6360] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6361] <... mmap resumed>) = 0x20000000 [pid 6360] <... futex resumed>) = 0 [pid 6363] <... futex resumed>) = 1 [pid 6362] <... futex resumed>) = 0 [pid 6360] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6363] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6362] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] lstat("./48/bus", [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6372 attached [pid 6363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6362] <... futex resumed>) = 0 [pid 6361] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] lstat("./48/bus", [pid 6372] set_robust_list(0x555556f1a5e0, 24 [pid 6363] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6362] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6361] <... futex resumed>) = 1 [pid 6360] <... futex resumed>) = 0 [pid 5085] umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6372] <... set_robust_list resumed>) = 0 [pid 6363] <... openat resumed>) = 4 [pid 6361] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6360] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6372] chdir("./49" [pid 6363] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6361] <... open resumed>) = 5 [pid 6360] <... futex resumed>) = 0 [pid 5085] openat(AT_FDCWD, "./48/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6372] <... chdir resumed>) = 0 [pid 6363] <... futex resumed>) = 1 [pid 6362] <... futex resumed>) = 0 [pid 6361] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6360] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... openat resumed>) = 4 [pid 5082] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6372] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6363] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6362] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6361] <... futex resumed>) = 0 [pid 6360] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] fstat(4, [pid 6372] <... prctl resumed>) = 0 [pid 6363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6362] <... futex resumed>) = 0 [pid 6361] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6360] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6372] setpgid(0, 0 [pid 6363] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6362] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6361] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6360] <... futex resumed>) = 0 [pid 5085] getdents64(4, [pid 6372] <... setpgid resumed>) = 0 [pid 6361] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [ 130.122629][ T6365] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 130.143385][ T6365] ext4 filesystem being mounted at /root/syzkaller.22hR0w/49/bus supports timestamps until 2038 (0x7fffffff) [pid 6360] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6363] <... write resumed>) = 262144 [pid 6361] <... mount resumed>) = 0 [pid 5085] getdents64(4, [pid 5082] umount2("./48/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6372] <... openat resumed>) = 3 [pid 6365] <... mount resumed>) = 0 [pid 6361] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6372] write(3, "1000", 4 [pid 6365] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6361] <... futex resumed>) = 1 [pid 6360] <... futex resumed>) = 0 [pid 5085] close(4 [pid 6372] <... write resumed>) = 4 [pid 6365] <... openat resumed>) = 3 [pid 6361] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6360] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... close resumed>) = 0 [pid 5082] openat(AT_FDCWD, "./48/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6372] close(3 [pid 6365] chdir("./bus" [pid 6363] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6361] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6360] <... futex resumed>) = 0 [pid 5085] rmdir("./48/bus" [pid 5082] <... openat resumed>) = 4 [pid 6372] <... close resumed>) = 0 [pid 6365] <... chdir resumed>) = 0 [pid 6363] <... futex resumed>) = 1 [pid 6362] <... futex resumed>) = 0 [pid 6361] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6360] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... rmdir resumed>) = 0 [pid 5082] fstat(4, [pid 6372] symlink("/dev/binderfs", "./binderfs" [pid 6365] ioctl(4, LOOP_CLR_FD [pid 6363] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6362] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6361] <... open resumed>) = 6 [pid 5085] getdents64(3, [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6372] <... symlink resumed>) = 0 [pid 6365] <... ioctl resumed>) = 0 [pid 6363] <... mmap resumed>) = 0x20000000 [ 130.155639][ T27] audit: type=1800 audit(1678856081.555:294): pid=6361 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop3" ino=19 res=0 errno=0 [pid 6362] <... futex resumed>) = 0 [pid 6361] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5082] getdents64(4, [pid 6372] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6365] close(4 [pid 6363] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6362] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6361] <... futex resumed>) = 1 [pid 6360] <... futex resumed>) = 0 [pid 5085] close(3 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6372] <... futex resumed>) = 0 [pid 6365] <... close resumed>) = 0 [pid 6363] <... futex resumed>) = 0 [pid 6362] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6361] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6360] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... close resumed>) = 0 [pid 6372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6365] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6363] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6362] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6361] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6360] <... futex resumed>) = 0 [pid 5085] rmdir("./48" [pid 5082] getdents64(4, [pid 6372] <... mmap resumed>) = 0x7f5659bc2000 [pid 6365] <... futex resumed>) = 1 [pid 6364] <... futex resumed>) = 0 [pid 6363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6362] <... futex resumed>) = 0 [pid 6361] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6360] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... rmdir resumed>) = 0 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6372] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6365] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6364] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6363] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6362] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] mkdir("./49", 0777 [pid 6372] <... mprotect resumed>) = 0 [pid 6365] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6364] <... futex resumed>) = 0 [pid 6363] <... open resumed>) = 5 [pid 6361] <... write resumed>) = 262144 [pid 5085] <... mkdir resumed>) = 0 [pid 5082] close(4 [pid 6372] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6364] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6363] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6363] <... futex resumed>) = 1 [pid 6362] <... futex resumed>) = 0 [pid 5085] <... openat resumed>) = 3 [pid 6372] <... clone resumed>, parent_tid=[6373], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6373 [pid 6363] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6362] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] ioctl(3, LOOP_CLR_FD [pid 6372] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6362] <... futex resumed>) = 0 [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6372] <... futex resumed>) = 0 [pid 6363] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 6362] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] close(3./strace-static-x86_64: Process 6373 attached [pid 6372] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6363] <... mount resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 6373] set_robust_list(0x7f5659be29e0, 24 [pid 6363] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6373] <... set_robust_list resumed>) = 0 [pid 6363] <... futex resumed>) = 1 [pid 6362] <... futex resumed>) = 0 [pid 6373] memfd_create("syzkaller", 0 [pid 6363] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6362] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6374 [pid 6373] <... memfd_create resumed>) = 3 [pid 6365] chdir("./file0" [pid 6363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6362] <... futex resumed>) = 0 [pid 6361] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... close resumed>) = 0 [pid 6373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6365] <... chdir resumed>) = 0 [pid 6363] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6362] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6361] <... futex resumed>) = 1 [pid 6360] <... futex resumed>) = 0 [pid 5082] rmdir("./48/bus" [pid 6373] <... mmap resumed>) = 0x7f56517c2000 [pid 6365] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6363] <... open resumed>) = 6 [pid 6361] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6360] exit_group(0 [pid 6373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6365] <... futex resumed>) = 1 [pid 6364] <... futex resumed>) = 0 [pid 6363] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6361] <... futex resumed>) = ? [pid 6360] <... exit_group resumed>) = ? [pid 5082] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6374 attached [pid 6365] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6364] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6363] <... futex resumed>) = 1 [pid 6362] <... futex resumed>) = 0 [pid 6361] +++ exited with 0 +++ [pid 6360] +++ exited with 0 +++ [pid 5082] getdents64(3, [pid 6365] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6364] <... futex resumed>) = 0 [pid 6363] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6362] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6360, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6374] set_robust_list(0x555556f1a5e0, 24 [pid 6365] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6364] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6362] <... futex resumed>) = 0 [pid 5084] restart_syscall(<... resuming interrupted clone ...> [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6374] <... set_robust_list resumed>) = 0 [ 130.241552][ T27] audit: type=1800 audit(1678856081.645:295): pid=6363 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop5" ino=19 res=0 errno=0 [pid 6363] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6362] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... restart_syscall resumed>) = 0 [pid 6374] chdir("./49" [pid 6365] <... openat resumed>) = 4 [pid 6363] <... write resumed>) = 262144 [pid 5082] close(3 [pid 6374] <... chdir resumed>) = 0 [pid 6365] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6363] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6374] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6365] <... futex resumed>) = 1 [pid 6364] <... futex resumed>) = 0 [pid 6363] <... futex resumed>) = 1 [pid 6362] <... futex resumed>) = 0 [pid 5082] <... close resumed>) = 0 [pid 6374] <... prctl resumed>) = 0 [pid 6365] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6364] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6363] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6362] exit_group(0 [pid 5084] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] rmdir("./48" [pid 6374] setpgid(0, 0 [pid 6365] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6364] <... futex resumed>) = 0 [pid 6363] <... futex resumed>) = ? [pid 6362] <... exit_group resumed>) = ? [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6374] <... setpgid resumed>) = 0 [pid 6373] <... write resumed>) = 1048576 [pid 6365] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6364] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6363] +++ exited with 0 +++ [pid 6362] +++ exited with 0 +++ [pid 5084] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] <... rmdir resumed>) = 0 [pid 6374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6362, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5086] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5084] <... openat resumed>) = 3 [pid 5082] mkdir("./49", 0777 [pid 6374] <... openat resumed>) = 3 [pid 5086] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] fstat(3, [pid 6373] munmap(0x7f56517c2000, 1048576 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6374] write(3, "1000", 4 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... mkdir resumed>) = 0 [pid 6374] <... write resumed>) = 4 [pid 6373] <... munmap resumed>) = 0 [pid 5086] lstat("./49/binderfs", [pid 5084] getdents64(3, [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6374] close(3 [pid 6373] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] <... openat resumed>) = 3 [pid 6374] <... close resumed>) = 0 [pid 6373] <... openat resumed>) = 4 [pid 5086] unlink("./49/binderfs" [pid 5084] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] ioctl(3, LOOP_CLR_FD [pid 6374] symlink("/dev/binderfs", "./binderfs" [pid 6373] ioctl(4, LOOP_SET_FD, 3 [pid 5086] <... unlink resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6374] <... symlink resumed>) = 0 [pid 6373] <... ioctl resumed>) = 0 [pid 5086] umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] lstat("./50/binderfs", [pid 6374] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6365] <... write resumed>) = 262144 [pid 5082] close(3 [pid 6374] <... futex resumed>) = 0 [pid 6365] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] <... close resumed>) = 0 [pid 6374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6365] <... futex resumed>) = 1 [pid 6364] <... futex resumed>) = 0 [pid 5084] unlink("./50/binderfs" [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6374] <... mmap resumed>) = 0x7f5659bc2000 [pid 6365] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6364] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... unlink resumed>) = 0 [pid 6373] close(3 [pid 6364] <... futex resumed>) = 0 [pid 6365] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6374] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6365] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6364] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6375 [pid 6374] <... mprotect resumed>) = 0 [pid 6365] <... mmap resumed>) = 0x20000000 [ 130.341705][ T6373] loop0: detected capacity change from 0 to 2048 [ 130.351459][ T9] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 130.376443][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 6374] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6373] <... close resumed>) = 0 [pid 6365] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6376 attached ./strace-static-x86_64: Process 6375 attached [pid 6374] <... clone resumed>, parent_tid=[6376], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6376 [pid 6373] mkdir("./bus", 0777 [pid 6365] <... futex resumed>) = 1 [pid 6364] <... futex resumed>) = 0 [pid 6376] set_robust_list(0x7f5659be29e0, 24 [pid 6375] set_robust_list(0x555556f1a5e0, 24 [pid 6374] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6365] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6364] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] <... set_robust_list resumed>) = 0 [pid 6375] <... set_robust_list resumed>) = 0 [pid 6365] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6364] <... futex resumed>) = 0 [pid 6376] memfd_create("syzkaller", 0 [pid 6375] chdir("./49" [ 130.393119][ T9] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 130.400803][ T11] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 130.409210][ T27] audit: type=1800 audit(1678856081.805:296): pid=6365 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop2" ino=19 res=0 errno=0 [pid 6365] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6364] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6376] <... memfd_create resumed>) = 3 [pid 6375] <... chdir resumed>) = 0 [pid 6374] <... futex resumed>) = 0 [pid 6373] <... mkdir resumed>) = 0 [pid 6365] <... open resumed>) = 5 [pid 6376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6375] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6365] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] <... mmap resumed>) = 0x7f56517c2000 [pid 6375] <... prctl resumed>) = 0 [pid 6365] <... futex resumed>) = 1 [pid 6364] <... futex resumed>) = 0 [pid 6376] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6375] setpgid(0, 0 [pid 6365] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6364] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6375] <... setpgid resumed>) = 0 [pid 6365] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6364] <... futex resumed>) = 0 [pid 6375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6365] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 6364] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6375] <... openat resumed>) = 3 [pid 6374] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6373] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6365] <... mount resumed>) = 0 [pid 6375] write(3, "1000", 4 [pid 6365] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6375] <... write resumed>) = 4 [ 130.415156][ T11] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 130.432830][ T9] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:0: mark_inode_dirty error [ 130.444788][ T11] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 130.469644][ T11] EXT4-fs (loop3): This should not happen!! Data will be lost [ 130.469644][ T11] [pid 6365] <... futex resumed>) = 1 [pid 6364] <... futex resumed>) = 0 [pid 6376] <... write resumed>) = 1048576 [pid 6375] close(3 [pid 6376] munmap(0x7f56517c2000, 1048576 [pid 6375] <... close resumed>) = 0 [pid 6365] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6364] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] <... munmap resumed>) = 0 [pid 6375] symlink("/dev/binderfs", "./binderfs" [pid 6365] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6364] <... futex resumed>) = 0 [pid 6376] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6375] <... symlink resumed>) = 0 [pid 6365] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6364] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6376] <... openat resumed>) = 4 [pid 6375] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6365] <... open resumed>) = 6 [pid 6376] ioctl(4, LOOP_SET_FD, 3 [pid 6375] <... futex resumed>) = 0 [pid 6365] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6365] <... futex resumed>) = 1 [pid 6364] <... futex resumed>) = 0 [pid 6375] <... mmap resumed>) = 0x7f5659bc2000 [pid 6365] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6364] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6375] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6365] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6364] <... futex resumed>) = 0 [pid 6375] <... mprotect resumed>) = 0 [pid 6365] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6364] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6375] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6378], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6378 [pid 6375] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6375] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6376] <... ioctl resumed>) = 0 [pid 6376] close(3) = 0 [pid 6376] mkdir("./bus", 0777 [pid 6365] <... write resumed>) = 262144 [pid 6365] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6364] <... futex resumed>) = 0 [pid 6364] exit_group(0 [pid 6365] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6364] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 6378 attached [pid 6365] <... futex resumed>) = ? [ 130.481626][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 130.482905][ T9] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 130.500916][ T6376] loop4: detected capacity change from 0 to 2048 [ 130.507932][ T9] EXT4-fs (loop5): This should not happen!! Data will be lost [ 130.507932][ T9] [pid 6378] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6376] <... mkdir resumed>) = 0 [pid 6365] +++ exited with 0 +++ [pid 6364] +++ exited with 0 +++ [pid 6376] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6378] memfd_create("syzkaller", 0 [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6364, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 6378] <... memfd_create resumed>) = 3 [ 130.534252][ T9] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [ 130.550099][ T11] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 130.552332][ T6373] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 130.565268][ T9] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:0: Invalid inode table block 0 in block_group 0 [pid 5083] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6378] <... mmap resumed>) = 0x7f56517c2000 [pid 6373] <... mount resumed>) = 0 [pid 5083] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6373] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5083] <... openat resumed>) = 3 [pid 6373] <... openat resumed>) = 3 [pid 6373] chdir("./bus") = 0 [pid 6373] ioctl(4, LOOP_CLR_FD) = 0 [pid 6373] close(4) = 0 [pid 6373] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6373] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6372] <... futex resumed>) = 0 [pid 6372] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6373] <... futex resumed>) = 0 [pid 6372] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6373] chdir("./file0" [pid 5083] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6373] <... chdir resumed>) = 0 [pid 5083] getdents64(3, [pid 6373] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6373] <... futex resumed>) = 1 [pid 6372] <... futex resumed>) = 0 [pid 6378] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6372] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6372] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6373] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 5083] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5083] lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5083] unlink("./49/binderfs") = 0 [pid 5083] umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6373] <... openat resumed>) = 4 [pid 6373] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6372] <... futex resumed>) = 0 [pid 6373] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6372] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6372] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6378] <... write resumed>) = 1048576 [pid 6378] munmap(0x7f56517c2000, 1048576) = 0 [pid 6378] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 130.588761][ T6373] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/49/bus supports timestamps until 2038 (0x7fffffff) [ 130.613107][ T5086] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.628570][ T5084] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 6378] ioctl(4, LOOP_SET_FD, 3 [pid 6373] <... write resumed>) = 262144 [pid 6378] <... ioctl resumed>) = 0 [pid 6378] close(3) = 0 [pid 6378] mkdir("./bus", 0777) = 0 [pid 6378] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6373] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6373] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6372] <... futex resumed>) = 0 [ 130.668809][ T6378] loop1: detected capacity change from 0 to 2048 [ 130.681128][ T6376] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 130.700172][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 6372] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6373] <... futex resumed>) = 0 [pid 6372] <... futex resumed>) = 1 [pid 6373] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6372] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6373] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6372] <... futex resumed>) = 0 [pid 6373] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6372] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6372] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... umount2 resumed>) = 0 [pid 6373] <... open resumed>) = 5 [pid 6373] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6372] <... futex resumed>) = 0 [ 130.700967][ T6376] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/49/bus supports timestamps until 2038 (0x7fffffff) [ 130.733770][ T27] audit: type=1800 audit(1678856082.135:297): pid=6373 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop0" ino=19 res=0 errno=0 [pid 6373] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6372] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6372] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... umount2 resumed>) = 0 [pid 5086] umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] lstat("./49/bus", [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] lstat("./50/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] openat(AT_FDCWD, "./49/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] <... openat resumed>) = 4 [pid 5084] openat(AT_FDCWD, "./50/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5084] getdents64(4, [pid 6373] <... mount resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5086] close(4 [pid 5084] getdents64(4, [pid 6373] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6372] <... futex resumed>) = 0 [pid 6373] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6372] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6372] <... futex resumed>) = 0 [pid 6373] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6372] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... close resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6373] <... open resumed>) = 6 [pid 6373] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] rmdir("./49/bus" [pid 5084] close(4 [pid 6373] <... futex resumed>) = 1 [pid 6372] <... futex resumed>) = 0 [pid 6373] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6372] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6372] <... futex resumed>) = 0 [pid 6373] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6372] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... rmdir resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 6376] <... mount resumed>) = 0 [pid 6376] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6376] chdir("./bus") = 0 [pid 6376] ioctl(4, LOOP_CLR_FD) = 0 [pid 6376] close(4) = 0 [pid 6376] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 130.760262][ T11] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 130.781166][ T11] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 130.794073][ T11] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 130.796175][ T6378] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 6376] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6374] <... futex resumed>) = 0 [pid 6374] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6374] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6376] <... futex resumed>) = 0 [pid 6376] chdir("./file0") = 0 [pid 6376] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6374] <... futex resumed>) = 0 [pid 6376] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6374] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6374] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] getdents64(3, [pid 5084] rmdir("./50/bus" [pid 6376] <... openat resumed>) = 4 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5084] <... rmdir resumed>) = 0 [pid 6376] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6374] <... futex resumed>) = 0 [pid 6376] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6374] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6372] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5086] close(3 [pid 5084] getdents64(3, [pid 6374] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5086] <... close resumed>) = 0 [pid 5086] rmdir("./49" [pid 5084] close(3 [pid 6376] <... write resumed>) = 262144 [pid 5086] <... rmdir resumed>) = 0 [pid 5084] <... close resumed>) = 0 [pid 5084] rmdir("./50" [pid 5086] mkdir("./50", 0777 [pid 6373] <... write resumed>) = 262144 [pid 5086] <... mkdir resumed>) = 0 [pid 5084] <... rmdir resumed>) = 0 [pid 6373] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6372] exit_group(0 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5084] mkdir("./51", 0777 [pid 6376] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 130.811796][ T11] EXT4-fs (loop2): This should not happen!! Data will be lost [ 130.811796][ T11] [ 130.852140][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 6376] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6372] <... exit_group resumed>) = ? [pid 5086] <... openat resumed>) = 3 [pid 6374] <... futex resumed>) = 0 [pid 6373] <... futex resumed>) = ? [pid 5086] ioctl(3, LOOP_CLR_FD [pid 5084] <... mkdir resumed>) = 0 [pid 6374] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6378] <... mount resumed>) = 0 [pid 6378] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6378] chdir("./bus") = 0 [pid 6378] ioctl(4, LOOP_CLR_FD [pid 6376] <... futex resumed>) = 0 [pid 6374] <... futex resumed>) = 1 [pid 6373] +++ exited with 0 +++ [pid 6372] +++ exited with 0 +++ [pid 5086] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6376] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6376] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6376] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6378] <... ioctl resumed>) = 0 [pid 6374] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] close(3 [pid 5084] <... openat resumed>) = 3 [pid 6378] close(4 [pid 6374] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] <... close resumed>) = 0 [pid 5084] ioctl(3, LOOP_CLR_FD [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6372, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6378] <... close resumed>) = 0 [pid 6374] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5081] restart_syscall(<... resuming interrupted clone ...> [pid 6378] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] <... futex resumed>) = 0 [pid 6374] <... futex resumed>) = 1 [pid 5084] close(3 [pid 5081] <... restart_syscall resumed>) = 0 [pid 6378] <... futex resumed>) = 1 [pid 6374] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6384 [pid 5084] <... close resumed>) = 0 [pid 6378] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5081] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6385 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6376] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6375] <... futex resumed>) = 0 [pid 5081] <... openat resumed>) = 3 [ 130.869150][ T6378] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/49/bus supports timestamps until 2038 (0x7fffffff) [ 130.885200][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 130.910102][ T5083] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5081] fstat(3, [pid 6376] <... open resumed>) = 5 [pid 6375] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5081] unlink("./49/binderfs") = 0 [pid 5081] umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6376] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6378] <... futex resumed>) = 0 [pid 6376] <... futex resumed>) = 1 [pid 6375] <... futex resumed>) = 1 [pid 6374] <... futex resumed>) = 0 [pid 6378] chdir("./file0" [pid 6374] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6374] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6384 attached [pid 6384] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 6384] chdir("./50") = 0 [pid 6384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6384] setpgid(0, 0 [pid 6376] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 6384] <... setpgid resumed>) = 0 [pid 6378] <... chdir resumed>) = 0 [pid 6375] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6378] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] <... mount resumed>) = 0 [pid 6375] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6384] <... openat resumed>) = 3 [pid 6378] <... futex resumed>) = 0 [pid 6376] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6375] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6385 attached [pid 6384] write(3, "1000", 4 [pid 6378] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6376] <... futex resumed>) = 1 [pid 6375] <... futex resumed>) = 0 [pid 6374] <... futex resumed>) = 0 [pid 6384] <... write resumed>) = 4 [pid 6376] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6375] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6374] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] close(3 [pid 6378] <... openat resumed>) = 4 [pid 6374] <... futex resumed>) = 0 [pid 6385] set_robust_list(0x555556f1a5e0, 24 [pid 6384] <... close resumed>) = 0 [pid 6378] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] <... open resumed>) = 6 [pid 6374] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6385] <... set_robust_list resumed>) = 0 [pid 6384] symlink("/dev/binderfs", "./binderfs" [pid 6378] <... futex resumed>) = 1 [pid 6376] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6375] <... futex resumed>) = 0 [pid 6385] chdir("./51" [pid 6384] <... symlink resumed>) = 0 [pid 6378] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6376] <... futex resumed>) = 1 [pid 6375] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6374] <... futex resumed>) = 0 [pid 6385] <... chdir resumed>) = 0 [pid 6384] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6378] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6376] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6375] <... futex resumed>) = 0 [pid 6374] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6385] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6384] <... futex resumed>) = 0 [pid 6378] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6376] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6375] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6374] <... futex resumed>) = 0 [pid 6385] <... prctl resumed>) = 0 [pid 6384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6374] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6384] <... mmap resumed>) = 0x7f5659bc2000 [pid 6384] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6384] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6386], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6386 [pid 6385] setpgid(0, 0 [pid 6384] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6384] <... futex resumed>) = 0 [pid 6384] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6386 attached [pid 6386] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6386] memfd_create("syzkaller", 0) = 3 [pid 6385] <... setpgid resumed>) = 0 [pid 6386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6386] <... mmap resumed>) = 0x7f56517c2000 [pid 6385] <... openat resumed>) = 3 [ 130.923029][ T27] audit: type=1800 audit(1678856082.325:298): pid=6376 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop4" ino=19 res=0 errno=0 [ 130.945275][ T11] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 6386] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6385] write(3, "1000", 4 [pid 6378] <... write resumed>) = 262144 [pid 6385] <... write resumed>) = 4 [pid 6385] close(3) = 0 [pid 6385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6376] <... write resumed>) = 262144 [pid 6385] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6378] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6385] <... futex resumed>) = 0 [pid 6378] <... futex resumed>) = 1 [pid 6376] <... futex resumed>) = 1 [pid 6375] <... futex resumed>) = 0 [pid 6374] <... futex resumed>) = 0 [pid 6385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6378] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6376] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6375] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6374] exit_group(0) = ? [pid 5083] <... umount2 resumed>) = 0 [pid 5083] umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5083] lstat("./49/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6385] <... mmap resumed>) = 0x7f5659bc2000 [pid 6378] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6376] <... futex resumed>) = ? [pid 6375] <... futex resumed>) = 0 [pid 5083] umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6385] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6378] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6376] +++ exited with 0 +++ [pid 6374] +++ exited with 0 +++ [pid 5083] openat(AT_FDCWD, "./49/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6385] <... mprotect resumed>) = 0 [pid 6375] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6374, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5083] <... openat resumed>) = 4 [pid 6385] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6378] <... mmap resumed>) = 0x20000000 [pid 5083] fstat(4, [pid 6378] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6385] <... clone resumed>, parent_tid=[6387], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6387 [pid 6378] <... futex resumed>) = 1 [pid 6375] <... futex resumed>) = 0 [pid 5085] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] getdents64(4, [pid 6385] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6378] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6375] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5085] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5083] getdents64(4, [pid 5085] <... openat resumed>) = 3 [pid 5083] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5085] fstat(3, [pid 5083] close(4 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] <... close resumed>) = 0 [pid 5085] getdents64(3, [pid 5083] rmdir("./49/bus" [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5083] <... rmdir resumed>) = 0 [pid 5085] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] getdents64(3, ./strace-static-x86_64: Process 6387 attached [pid 6385] <... futex resumed>) = 0 [pid 6378] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6375] <... futex resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6387] set_robust_list(0x7f5659be29e0, 24 [pid 6385] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6378] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [ 131.021646][ T11] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 131.050819][ T11] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [pid 6375] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] lstat("./49/binderfs", [pid 5083] close(3 [pid 6387] <... set_robust_list resumed>) = 0 [pid 6378] <... open resumed>) = 5 [pid 5085] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5083] <... close resumed>) = 0 [pid 6387] memfd_create("syzkaller", 0 [pid 6386] <... write resumed>) = 1048576 [pid 6378] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] unlink("./49/binderfs" [pid 5083] rmdir("./49" [pid 6387] <... memfd_create resumed>) = 3 [pid 6386] munmap(0x7f56517c2000, 1048576 [pid 6378] <... futex resumed>) = 1 [pid 6375] <... futex resumed>) = 0 [pid 5085] <... unlink resumed>) = 0 [pid 5083] <... rmdir resumed>) = 0 [pid 6387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6386] <... munmap resumed>) = 0 [pid 6378] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6375] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] mkdir("./50", 0777 [pid 6386] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5083] <... mkdir resumed>) = 0 [pid 6386] <... openat resumed>) = 4 [ 131.067114][ T27] audit: type=1800 audit(1678856082.465:299): pid=6378 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor242" name="bus" dev="loop1" ino=19 res=0 errno=0 [ 131.095692][ T11] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 131.103717][ T6386] loop5: detected capacity change from 0 to 2048 [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [ 131.115457][ T1062] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 131.135922][ T11] EXT4-fs (loop0): This should not happen!! Data will be lost [ 131.135922][ T11] [pid 6386] ioctl(4, LOOP_SET_FD, 3 [pid 5083] <... openat resumed>) = 3 [pid 6387] <... mmap resumed>) = 0x7f56517c2000 [pid 6378] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6375] <... futex resumed>) = 0 [pid 5083] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5083] close(3) = 0 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6378] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 6375] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6388 ./strace-static-x86_64: Process 6388 attached [pid 6388] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 6388] chdir("./50") = 0 [pid 6388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6388] setpgid(0, 0) = 0 [pid 6388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6388] write(3, "1000", 4) = 4 [pid 6388] close(3) = 0 [pid 6388] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6378] <... mount resumed>) = 0 [pid 6388] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6388] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6388] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6386] <... ioctl resumed>) = 0 [pid 6388] <... clone resumed>, parent_tid=[6389], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6389 [pid 6386] close(3 [pid 6388] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] <... close resumed>) = 0 [pid 6388] <... futex resumed>) = 0 [pid 6386] mkdir("./bus", 0777 [pid 6388] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6386] <... mkdir resumed>) = 0 [pid 6378] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue"./strace-static-x86_64: Process 6389 attached [pid 6389] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6389] memfd_create("syzkaller", 0 [pid 6378] <... futex resumed>) = 1 [pid 6375] <... futex resumed>) = 0 [pid 6378] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6375] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6378] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6375] <... futex resumed>) = 0 [pid 6378] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6375] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6389] <... memfd_create resumed>) = 3 [pid 6378] <... open resumed>) = 6 [pid 6378] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6389] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6378] <... futex resumed>) = 1 [pid 6375] <... futex resumed>) = 0 [pid 6378] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6375] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6378] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6375] <... futex resumed>) = 0 [pid 6378] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6375] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6389] <... mmap resumed>) = 0x7f56517c2000 [pid 6389] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [ 131.168073][ T1062] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 131.174846][ T11] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 6387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6378] <... write resumed>) = 262144 [pid 6378] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6375] <... futex resumed>) = 0 [pid 6378] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6375] exit_group(0 [pid 6378] <... futex resumed>) = ? [pid 6375] <... exit_group resumed>) = ? [pid 6389] <... write resumed>) = 1048576 [pid 6387] <... write resumed>) = 1048576 [pid 6387] munmap(0x7f56517c2000, 1048576) = 0 [pid 6378] +++ exited with 0 +++ [pid 6375] +++ exited with 0 +++ [pid 6387] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6375, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 6387] <... openat resumed>) = 4 [ 131.207564][ T11] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 131.220263][ T1062] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:6: mark_inode_dirty error [ 131.244155][ T1062] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 6387] ioctl(4, LOOP_SET_FD, 3 [pid 5082] umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6389] munmap(0x7f56517c2000, 1048576 [pid 5082] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6389] <... munmap resumed>) = 0 [pid 5082] <... openat resumed>) = 3 [pid 6389] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5082] fstat(3, [pid 6389] <... openat resumed>) = 4 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 131.264580][ T6387] loop3: detected capacity change from 0 to 2048 [ 131.282200][ T6386] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 131.290707][ T5081] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.295941][ T1062] EXT4-fs (loop4): This should not happen!! Data will be lost [ 131.295941][ T1062] [pid 6389] ioctl(4, LOOP_SET_FD, 3 [pid 5082] getdents64(3, [pid 6389] <... ioctl resumed>) = 0 [pid 6387] <... ioctl resumed>) = 0 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] <... umount2 resumed>) = 0 [pid 5082] umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] lstat("./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6389] close(3 [pid 6387] close(3 [pid 5082] unlink("./49/binderfs" [pid 5081] umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6389] <... close resumed>) = 0 [pid 6387] <... close resumed>) = 0 [pid 5082] <... unlink resumed>) = 0 [ 131.305497][ T6389] loop2: detected capacity change from 0 to 2048 [ 131.320458][ T6386] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/50/bus supports timestamps until 2038 (0x7fffffff) [ 131.332070][ T1062] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [ 131.346805][ T1062] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:6: Invalid inode table block 0 in block_group 0 [pid 5082] umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6389] mkdir("./bus", 0777 [pid 6387] mkdir("./bus", 0777 [pid 6386] <... mount resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6389] <... mkdir resumed>) = 0 [pid 6387] <... mkdir resumed>) = 0 [pid 6386] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5081] lstat("./49/bus", [pid 6389] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6387] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6386] <... openat resumed>) = 3 [pid 5081] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6386] chdir("./bus" [pid 5081] umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6386] <... chdir resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6386] ioctl(4, LOOP_CLR_FD [pid 5081] openat(AT_FDCWD, "./49/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6386] <... ioctl resumed>) = 0 [pid 5081] <... openat resumed>) = 4 [pid 6386] close(4 [pid 5081] fstat(4, [pid 6386] <... close resumed>) = 0 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6386] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] getdents64(4, [pid 6386] <... futex resumed>) = 1 [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6386] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5081] close(4) = 0 [pid 5081] rmdir("./49/bus") = 0 [pid 5081] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5081] close(3) = 0 [pid 5081] rmdir("./49" [pid 6384] <... futex resumed>) = 0 [pid 5081] <... rmdir resumed>) = 0 [pid 5081] mkdir("./50", 0777) = 0 [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5081] ioctl(3, LOOP_CLR_FD [pid 6384] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6386] <... futex resumed>) = 0 [pid 6384] <... futex resumed>) = 1 [pid 5081] close(3) = 0 [pid 6386] chdir("./file0" [pid 6384] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6386] <... chdir resumed>) = 0 [pid 6386] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6392 [pid 6386] <... futex resumed>) = 1 [pid 6384] <... futex resumed>) = 0 [pid 6386] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6384] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6384] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6392 attached [pid 6386] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6384] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6386] <... openat resumed>) = 4 [pid 6392] set_robust_list(0x555556f1a5e0, 24 [pid 6386] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6392] <... set_robust_list resumed>) = 0 [pid 6386] <... futex resumed>) = 1 [pid 6384] <... futex resumed>) = 0 [ 131.360778][ T41] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 131.377170][ T41] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 131.380732][ T5085] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5085] <... umount2 resumed>) = 0 [pid 5085] umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./49/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] openat(AT_FDCWD, "./49/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6392] chdir("./50" [pid 6386] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6384] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... openat resumed>) = 4 [pid 6392] <... chdir resumed>) = 0 [pid 6386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5085] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5085] close(4) = 0 [pid 5085] rmdir("./49/bus") = 0 [pid 5085] getdents64(3, [pid 6392] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6386] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6384] <... futex resumed>) = 0 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6392] <... prctl resumed>) = 0 [pid 5085] close(3 [pid 6384] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... close resumed>) = 0 [pid 5085] rmdir("./49") = 0 [pid 5085] mkdir("./50", 0777) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5085] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5085] close(3) = 0 [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 6397 [pid 6392] setpgid(0, 0./strace-static-x86_64: Process 6397 attached ) = 0 [pid 6397] set_robust_list(0x555556f1a5e0, 24 [ 131.427561][ T41] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 131.443866][ T6387] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 131.461571][ T6389] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 6392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6397] <... set_robust_list resumed>) = 0 [pid 6386] <... write resumed>) = 262144 [pid 6397] chdir("./50") = 0 [pid 6397] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6397] setpgid(0, 0) = 0 [pid 6397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6397] write(3, "1000", 4 [pid 6392] <... openat resumed>) = 3 [pid 6386] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6397] <... write resumed>) = 4 [pid 6397] close(3) = 0 [pid 6392] write(3, "1000", 4 [pid 6389] <... mount resumed>) = 0 [pid 6387] <... mount resumed>) = 0 [pid 6386] <... futex resumed>) = 1 [pid 6384] <... futex resumed>) = 0 [pid 6389] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6387] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6389] <... openat resumed>) = 3 [pid 6387] <... openat resumed>) = 3 [pid 6389] chdir("./bus" [pid 6387] chdir("./bus" [pid 6389] <... chdir resumed>) = 0 [pid 6387] <... chdir resumed>) = 0 [pid 6389] ioctl(4, LOOP_CLR_FD [pid 6387] ioctl(4, LOOP_CLR_FD [pid 6389] <... ioctl resumed>) = 0 [pid 6387] <... ioctl resumed>) = 0 [pid 6392] <... write resumed>) = 4 [pid 6389] close(4 [pid 6387] close(4 [pid 6384] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6397] symlink("/dev/binderfs", "./binderfs" [pid 6392] close(3 [pid 6389] <... close resumed>) = 0 [pid 6387] <... close resumed>) = 0 [pid 6386] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6384] <... futex resumed>) = 0 [pid 6392] <... close resumed>) = 0 [pid 6389] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6387] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6389] <... futex resumed>) = 1 [pid 6388] <... futex resumed>) = 0 [pid 6387] <... futex resumed>) = 1 [pid 6389] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6388] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6387] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6386] <... mmap resumed>) = 0x20000000 [pid 6385] <... futex resumed>) = 0 [pid 6392] symlink("/dev/binderfs", "./binderfs" [pid 6389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6388] <... futex resumed>) = 0 [pid 6385] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6397] <... symlink resumed>) = 0 [pid 6389] chdir("./file0" [pid 6388] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6397] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6392] <... symlink resumed>) = 0 [pid 6387] <... futex resumed>) = 0 [pid 6386] <... futex resumed>) = 1 [pid 6385] <... futex resumed>) = 1 [pid 6384] <... futex resumed>) = 0 [pid 6389] <... chdir resumed>) = 0 [pid 6397] <... futex resumed>) = 0 [pid 6392] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6389] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6387] chdir("./file0" [pid 6386] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6384] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6392] <... futex resumed>) = 0 [pid 6389] <... futex resumed>) = 1 [pid 6388] <... futex resumed>) = 0 [pid 6388] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] <... futex resumed>) = 0 [pid 6389] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6388] <... futex resumed>) = 0 [pid 6387] <... chdir resumed>) = 0 [pid 6384] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6397] <... mmap resumed>) = 0x7f5659bc2000 [pid 6392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6389] <... openat resumed>) = 4 [pid 6388] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6387] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 131.491892][ T6387] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/51/bus supports timestamps until 2038 (0x7fffffff) [ 131.504368][ T6389] ext4 filesystem being mounted at /root/syzkaller.22hR0w/50/bus supports timestamps until 2038 (0x7fffffff) [ 131.510907][ T41] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 6397] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6392] <... mmap resumed>) = 0x7f5659bc2000 [pid 6389] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6388] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6387] <... futex resumed>) = 1 [pid 6386] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6385] <... futex resumed>) = 0 [pid 6389] <... futex resumed>) = 0 [pid 6388] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6387] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6397] <... mprotect resumed>) = 0 [pid 6389] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6385] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6388] <... futex resumed>) = 0 [pid 6387] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6386] <... open resumed>) = 5 [pid 6385] <... futex resumed>) = 0 [pid 6388] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6387] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6385] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6397] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6392] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 6398 attached ) = 0 [pid 6389] <... write resumed>) = 262144 [pid 6387] <... openat resumed>) = 4 [pid 6386] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6398] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6398] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6397] <... clone resumed>, parent_tid=[6398], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6398 [pid 6397] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6398] <... futex resumed>) = 0 [pid 6397] <... futex resumed>) = 1 [pid 6398] memfd_create("syzkaller", 0 [pid 6397] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6398] <... memfd_create resumed>) = 3 [pid 6398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6392] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6389] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6387] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] <... futex resumed>) = 1 [pid 6384] <... futex resumed>) = 0 [pid 6398] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6387] <... futex resumed>) = 1 [pid 6385] <... futex resumed>) = 0 [pid 6389] <... futex resumed>) = 1 [pid 6388] <... futex resumed>) = 0 [pid 6385] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 6384] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6387] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6388] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6385] <... futex resumed>) = 0 [pid 6384] <... futex resumed>) = 0 [pid 6389] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6386] <... mount resumed>) = 0 [pid 6388] <... futex resumed>) = 0 [pid 6385] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6388] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6384] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6389] <... mmap resumed>) = 0x20000000 [pid 6398] <... write resumed>) = 1048576 [pid 6398] munmap(0x7f56517c2000, 1048576 [pid 6387] <... write resumed>) = 262144 [pid 6386] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6392] <... clone resumed>, parent_tid=[6399], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6399 [pid 6386] <... futex resumed>) = 1 [pid 6384] <... futex resumed>) = 0 [pid 6398] <... munmap resumed>) = 0 [pid 6398] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6398] ioctl(4, LOOP_SET_FD, 3 [pid 6392] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6389] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6384] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6398] <... ioctl resumed>) = 0 [pid 6398] close(3) = 0 [pid 6398] mkdir("./bus", 0777) = 0 [pid 6392] <... futex resumed>) = 0 [pid 6398] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6386] <... open resumed>) = 6 [pid 6384] <... futex resumed>) = 0 [pid 6392] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6384] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6389] <... futex resumed>) = 1 [pid 6388] <... futex resumed>) = 0 [pid 6386] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6389] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6388] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] <... futex resumed>) = 0 [pid 6384] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6388] <... futex resumed>) = 0 [pid 6389] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6388] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6386] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6384] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6399 attached [pid 6389] <... open resumed>) = 5 [ 131.579889][ T41] EXT4-fs (loop1): This should not happen!! Data will be lost [ 131.579889][ T41] [ 131.612474][ T6398] loop4: detected capacity change from 0 to 2048 [pid 6399] set_robust_list(0x7f5659be29e0, 24 [pid 6389] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6387] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] <... futex resumed>) = 0 [pid 6389] <... futex resumed>) = 1 [pid 6384] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6388] <... futex resumed>) = 0 [pid 6389] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6388] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6388] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6389] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 6399] <... set_robust_list resumed>) = 0 [pid 6389] <... mount resumed>) = 0 [pid 6387] <... futex resumed>) = 1 [pid 6386] <... write resumed>) = 262144 [pid 6385] <... futex resumed>) = 0 [pid 6399] memfd_create("syzkaller", 0 [pid 6389] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6387] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6385] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6399] <... memfd_create resumed>) = 3 [pid 6389] <... futex resumed>) = 1 [pid 6388] <... futex resumed>) = 0 [pid 6387] <... mmap resumed>) = 0x20000000 [pid 6386] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6385] <... futex resumed>) = 0 [pid 6399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6389] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6388] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6387] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] <... futex resumed>) = 1 [pid 6385] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6384] <... futex resumed>) = 0 [pid 6399] <... mmap resumed>) = 0x7f56517c2000 [pid 6389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6388] <... futex resumed>) = 0 [pid 6387] <... futex resumed>) = 0 [pid 6386] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6384] exit_group(0 [pid 6389] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6388] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 131.628128][ T41] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 131.644743][ T41] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 131.662266][ T5082] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 6387] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6386] <... futex resumed>) = ? [pid 6385] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] <... exit_group resumed>) = ? [pid 6389] <... open resumed>) = 6 [pid 6387] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6386] +++ exited with 0 +++ [pid 6385] <... futex resumed>) = 0 [pid 6384] +++ exited with 0 +++ [pid 6389] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6387] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6385] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6389] <... futex resumed>) = 1 [pid 6388] <... futex resumed>) = 0 [pid 6387] <... open resumed>) = 5 [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6384, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 6399] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6389] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6388] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6387] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6399] <... write resumed>) = 1048576 [pid 6398] <... mount resumed>) = 0 [pid 6389] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6388] <... futex resumed>) = 0 [pid 6387] <... futex resumed>) = 1 [pid 6385] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... umount2 resumed>) = 0 [pid 5086] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6399] munmap(0x7f56517c2000, 1048576 [pid 6398] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6388] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6387] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6398] <... openat resumed>) = 3 [pid 6399] <... munmap resumed>) = 0 [pid 6398] chdir("./bus" [pid 6387] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6385] <... futex resumed>) = 0 [pid 5086] <... openat resumed>) = 3 [pid 5082] umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6399] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6398] <... chdir resumed>) = 0 [pid 6389] <... write resumed>) = 262144 [pid 6387] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [ 131.674069][ T6398] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 131.692010][ T6398] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/50/bus supports timestamps until 2038 (0x7fffffff) [pid 6385] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] fstat(3, [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6399] <... openat resumed>) = 4 [pid 6398] ioctl(4, LOOP_CLR_FD [pid 6389] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6387] <... mount resumed>) = 0 [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] lstat("./49/bus", [pid 6399] ioctl(4, LOOP_SET_FD, 3 [pid 6398] <... ioctl resumed>) = 0 [pid 6389] <... futex resumed>) = 1 [pid 6388] <... futex resumed>) = 0 [pid 6387] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] getdents64(3, [pid 6389] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6398] close(4 [pid 6399] <... ioctl resumed>) = 0 [pid 6398] <... close resumed>) = 0 [pid 6388] exit_group(0 [pid 6387] <... futex resumed>) = 1 [pid 6385] <... futex resumed>) = 0 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] umount2("./49/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6399] close(3 [pid 6398] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6389] <... futex resumed>) = ? [pid 6388] <... exit_group resumed>) = ? [pid 6387] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6399] <... close resumed>) = 0 [pid 6398] <... futex resumed>) = 1 [pid 6397] <... futex resumed>) = 0 [pid 6389] +++ exited with 0 +++ [pid 6388] +++ exited with 0 +++ [pid 6387] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6385] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] openat(AT_FDCWD, "./49/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6399] mkdir("./bus", 0777 [pid 6398] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6397] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6387] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6385] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] lstat("./50/binderfs", [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6388, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5082] <... openat resumed>) = 4 [pid 6399] <... mkdir resumed>) = 0 [pid 6398] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6387] <... open resumed>) = 6 [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5083] restart_syscall(<... resuming interrupted clone ...> [pid 5082] fstat(4, [pid 6399] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6398] chdir("./file0" [pid 6397] <... futex resumed>) = 0 [pid 6387] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] unlink("./50/binderfs" [pid 5083] <... restart_syscall resumed>) = 0 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6398] <... chdir resumed>) = 0 [pid 6397] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6387] <... futex resumed>) = 1 [pid 6385] <... futex resumed>) = 0 [pid 5086] <... unlink resumed>) = 0 [ 131.745062][ T6399] loop0: detected capacity change from 0 to 2048 [pid 5082] getdents64(4, [pid 6398] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6387] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6387] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6385] <... futex resumed>) = 0 [pid 5083] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] getdents64(4, [pid 6387] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6385] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6398] <... futex resumed>) = 1 [pid 5083] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] close(4 [pid 5083] <... openat resumed>) = 3 [pid 5082] <... close resumed>) = 0 [pid 5083] fstat(3, [pid 5082] rmdir("./49/bus" [pid 5083] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... rmdir resumed>) = 0 [pid 5083] getdents64(3, [pid 5082] getdents64(3, [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5083] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] close(3 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... close resumed>) = 0 [pid 5083] lstat("./50/binderfs", [pid 5082] rmdir("./49" [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] <... rmdir resumed>) = 0 [pid 5083] unlink("./50/binderfs" [pid 5082] mkdir("./50", 0777 [pid 5083] <... unlink resumed>) = 0 [pid 5082] <... mkdir resumed>) = 0 [pid 6398] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6397] <... futex resumed>) = 0 [pid 5083] umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5082] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5082] close(3) = 0 [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 6402 ./strace-static-x86_64: Process 6402 attached [pid 6402] set_robust_list(0x555556f1a5e0, 24) = 0 [pid 6398] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6397] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6387] <... write resumed>) = 262144 [pid 6398] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6397] <... futex resumed>) = 0 [pid 6387] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6397] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6387] <... futex resumed>) = 1 [pid 6385] <... futex resumed>) = 0 [pid 6387] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] exit_group(0 [pid 6398] <... openat resumed>) = 4 [pid 6387] <... futex resumed>) = ? [pid 6385] <... exit_group resumed>) = ? [pid 6398] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6387] +++ exited with 0 +++ [pid 6385] +++ exited with 0 +++ [pid 6402] chdir("./50" [pid 6398] <... futex resumed>) = 1 [pid 6397] <... futex resumed>) = 0 [ 131.789974][ T41] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 131.804982][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 6398] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6397] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6398] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6397] <... futex resumed>) = 0 [pid 6398] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6397] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6402] <... chdir resumed>) = 0 [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6385, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6402] setpgid(0, 0 [pid 5084] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6402] <... setpgid resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5084] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6402] <... openat resumed>) = 3 [pid 5084] <... openat resumed>) = 3 [pid 6402] write(3, "1000", 4 [pid 5084] fstat(3, [pid 6402] <... write resumed>) = 4 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6402] close(3 [pid 5084] getdents64(3, [pid 6402] <... close resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6402] symlink("/dev/binderfs", "./binderfs" [pid 5084] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6402] <... symlink resumed>) = 0 [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6402] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] lstat("./51/binderfs", [pid 6402] <... futex resumed>) = 0 [pid 5084] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5084] unlink("./51/binderfs" [pid 6402] <... mmap resumed>) = 0x7f5659bc2000 [pid 5084] <... unlink resumed>) = 0 [pid 6402] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5084] umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6402] <... mprotect resumed>) = 0 [pid 6402] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6405], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6405 [pid 6402] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6402] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6398] <... write resumed>) = 262144 [pid 6398] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 131.838263][ T41] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 131.849743][ T11] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 131.865413][ T41] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 131.877987][ T948] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 6398] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6397] <... futex resumed>) = 0 [pid 6397] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6398] <... futex resumed>) = 0 [pid 6397] <... futex resumed>) = 1 ./strace-static-x86_64: Process 6405 attached [pid 6397] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6398] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6405] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6405] memfd_create("syzkaller", 0) = 3 [pid 6405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6398] <... mmap resumed>) = 0x20000000 [ 131.891720][ T11] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:1: mark_inode_dirty error [ 131.904828][ T6399] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 131.917379][ T41] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 6398] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6397] <... futex resumed>) = 0 [pid 6398] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6397] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6398] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6397] <... futex resumed>) = 0 [pid 6398] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6397] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6398] <... open resumed>) = 5 [pid 6398] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6397] <... futex resumed>) = 0 [pid 6398] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6397] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6398] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6397] <... futex resumed>) = 0 [pid 6398] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 6397] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6398] <... mount resumed>) = 0 [pid 6398] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6397] <... futex resumed>) = 0 [pid 6398] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6397] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6398] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6397] <... futex resumed>) = 0 [pid 6398] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6397] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6398] <... open resumed>) = 6 [pid 6398] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6397] <... futex resumed>) = 0 [pid 6398] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6397] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6398] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6397] <... futex resumed>) = 0 [ 131.932252][ T11] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 131.945030][ T41] EXT4-fs (loop5): This should not happen!! Data will be lost [ 131.945030][ T41] [ 131.957578][ T6399] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/50/bus supports timestamps until 2038 (0x7fffffff) [ 131.974503][ T948] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6398] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6397] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6398] <... write resumed>) = 262144 [pid 6398] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6397] <... futex resumed>) = 0 [pid 6397] exit_group(0) = ? [pid 6398] <... futex resumed>) = ? [pid 6398] +++ exited with 0 +++ [pid 6397] +++ exited with 0 +++ [ 131.984471][ T11] EXT4-fs (loop2): This should not happen!! Data will be lost [ 131.984471][ T11] [ 131.995062][ T948] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [ 132.009636][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [ 132.018789][ T41] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [pid 6405] <... write resumed>) = 1048576 [pid 6405] munmap(0x7f56517c2000, 1048576 [pid 6399] <... mount resumed>) = 0 [pid 6399] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6405] <... munmap resumed>) = 0 [pid 6399] chdir("./bus") = 0 [pid 6405] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6399] ioctl(4, LOOP_CLR_FD) = 0 [pid 6405] ioctl(4, LOOP_SET_FD, 3 [ 132.022518][ T948] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 132.022553][ T948] EXT4-fs (loop3): This should not happen!! Data will be lost [ 132.022553][ T948] [ 132.043033][ T6405] loop1: detected capacity change from 0 to 2048 [ 132.051155][ T948] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 132.058396][ T11] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:1: Invalid inode table block 0 in block_group 0 [pid 6399] close(4 [pid 5085] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6397, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6399] <... close resumed>) = 0 [pid 6399] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6399] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6405] <... ioctl resumed>) = 0 [pid 6405] close(3) = 0 [pid 6405] mkdir("./bus", 0777 [pid 6392] <... futex resumed>) = 0 [pid 5085] restart_syscall(<... resuming interrupted clone ...> [pid 6405] <... mkdir resumed>) = 0 [pid 6405] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6392] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... restart_syscall resumed>) = 0 [pid 6399] <... futex resumed>) = 0 [pid 6399] chdir("./file0") = 0 [pid 6392] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6399] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6392] <... futex resumed>) = 0 [pid 6399] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6392] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6399] <... openat resumed>) = 4 [pid 6392] <... futex resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6392] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6399] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6392] <... futex resumed>) = 0 [pid 6392] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6399] <... futex resumed>) = 1 [pid 6392] <... futex resumed>) = 0 [pid 6399] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6392] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5085] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5085] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5085] lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5085] unlink("./50/binderfs" [pid 6399] <... write resumed>) = 262144 [pid 6399] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... unlink resumed>) = 0 [pid 6392] <... futex resumed>) = 0 [pid 5085] umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6392] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6392] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6399] <... futex resumed>) = 1 [ 132.079192][ T948] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 132.095133][ T41] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [pid 6399] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6399] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6399] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6392] <... futex resumed>) = 0 [pid 6392] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6392] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6399] <... futex resumed>) = 0 [pid 6399] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000) = 5 [pid 6399] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6392] <... futex resumed>) = 0 [pid 6392] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6392] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6399] <... futex resumed>) = 1 [pid 6399] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 6399] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6392] <... futex resumed>) = 0 [pid 6392] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6392] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6399] <... futex resumed>) = 1 [pid 6399] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 6399] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6392] <... futex resumed>) = 0 [ 132.145728][ T5118] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 132.164214][ T5118] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 132.165931][ T5083] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.185335][ T5086] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 6392] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6392] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6399] <... futex resumed>) = 1 [pid 6399] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 262144 [pid 6399] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6392] <... futex resumed>) = 0 [pid 6399] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 132.196959][ T5084] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.210247][ T5118] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [ 132.216321][ T6405] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 6392] exit_group(0 [pid 6399] <... futex resumed>) = ? [pid 6392] <... exit_group resumed>) = ? [pid 6399] +++ exited with 0 +++ [pid 6405] <... mount resumed>) = 0 [pid 6405] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6392] +++ exited with 0 +++ [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6392, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5081] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5081] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] lstat("./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6405] <... openat resumed>) = 3 [pid 5081] unlink("./50/binderfs" [pid 6405] chdir("./bus" [pid 5081] <... unlink resumed>) = 0 [pid 6405] <... chdir resumed>) = 0 [pid 5081] umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6405] ioctl(4, LOOP_CLR_FD) = 0 [ 132.236583][ T5118] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 132.250768][ T6405] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/50/bus supports timestamps until 2038 (0x7fffffff) [ 132.280812][ T5118] EXT4-fs (loop4): This should not happen!! Data will be lost [ 132.280812][ T5118] [pid 6405] close(4 [pid 5083] <... umount2 resumed>) = 0 [pid 5084] <... umount2 resumed>) = 0 [pid 5084] umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] lstat("./51/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] openat(AT_FDCWD, "./51/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6405] <... close resumed>) = 0 [pid 5084] fstat(4, [pid 6405] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6405] <... futex resumed>) = 1 [pid 5084] getdents64(4, [pid 6402] <... futex resumed>) = 0 [pid 6405] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6402] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6405] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6402] <... futex resumed>) = 0 [pid 6405] chdir("./file0" [pid 6402] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6405] <... chdir resumed>) = 0 [pid 5084] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5083] umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6405] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6405] <... futex resumed>) = 1 [pid 6402] <... futex resumed>) = 0 [pid 5083] lstat("./50/bus", [pid 6405] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 132.291482][ T948] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 132.293479][ T5118] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 132.317784][ T5118] EXT4-fs error (device loop4): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [pid 6402] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] <... umount2 resumed>) = 0 [pid 6405] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6402] <... futex resumed>) = 0 [pid 5086] umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] getdents64(4, [pid 5083] umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6405] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6402] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5083] openat(AT_FDCWD, "./50/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5083] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5083] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5083] close(4) = 0 [pid 5083] rmdir("./50/bus" [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5083] <... rmdir resumed>) = 0 [pid 5084] close(4 [pid 5083] getdents64(3, [pid 6405] <... openat resumed>) = 4 [pid 5086] lstat("./50/bus", [pid 5084] <... close resumed>) = 0 [pid 5083] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6405] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] rmdir("./51/bus" [pid 5083] close(3 [pid 6405] <... futex resumed>) = 1 [pid 6402] <... futex resumed>) = 0 [pid 5086] umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... close resumed>) = 0 [pid 6405] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6402] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... rmdir resumed>) = 0 [pid 5083] rmdir("./50" [pid 6405] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6402] <... futex resumed>) = 0 [pid 5083] <... rmdir resumed>) = 0 [pid 6405] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6402] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] mkdir("./51", 0777 [pid 6405] <... write resumed>) = 262144 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] getdents64(3, [pid 5083] <... mkdir resumed>) = 0 [pid 5086] openat(AT_FDCWD, "./50/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5086] <... openat resumed>) = 4 [pid 5084] close(3 [pid 5083] <... openat resumed>) = 3 [pid 5086] fstat(4, [pid 5084] <... close resumed>) = 0 [pid 5083] ioctl(3, LOOP_CLR_FD [pid 5086] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] rmdir("./51" [pid 5083] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5086] getdents64(4, [pid 5083] close(3 [pid 5086] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5084] <... rmdir resumed>) = 0 [pid 5083] <... close resumed>) = 0 [pid 5086] getdents64(4, [pid 5084] mkdir("./52", 0777 [pid 5083] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5086] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5084] <... mkdir resumed>) = 0 [pid 5083] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6408 [pid 6405] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6402] <... futex resumed>) = 0 [pid 6405] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6402] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] close(4 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6402] <... futex resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 6405] <... mmap resumed>) = 0x20000000 [pid 6402] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] rmdir("./50/bus" [pid 5084] <... openat resumed>) = 3 ./strace-static-x86_64: Process 6408 attached [pid 6405] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... rmdir resumed>) = 0 [pid 5084] ioctl(3, LOOP_CLR_FD [pid 6408] set_robust_list(0x555556f1a5e0, 24 [pid 6405] <... futex resumed>) = 1 [pid 6402] <... futex resumed>) = 0 [pid 5086] getdents64(3, [pid 5084] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6408] <... set_robust_list resumed>) = 0 [pid 6405] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6402] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5084] close(3 [pid 6408] chdir("./51" [pid 6405] <... open resumed>) = 5 [pid 6402] <... futex resumed>) = 0 [pid 5086] close(3 [pid 5084] <... close resumed>) = 0 [pid 6408] <... chdir resumed>) = 0 [pid 6405] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6402] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... close resumed>) = 0 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6408] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6405] <... futex resumed>) = 0 [pid 6402] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] rmdir("./50" [pid 6408] <... prctl resumed>) = 0 [pid 6405] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [ 132.347516][ T948] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 132.363122][ T5085] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.381508][ T948] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [pid 6402] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6408] setpgid(0, 0 [pid 6405] <... mount resumed>) = 0 [pid 6402] <... futex resumed>) = 0 [pid 5086] <... rmdir resumed>) = 0 [pid 6408] <... setpgid resumed>) = 0 [pid 6405] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6402] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] mkdir("./51", 0777 [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6409 [pid 6408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6405] <... futex resumed>) = 0 [pid 6402] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) ./strace-static-x86_64: Process 6409 attached [pid 6408] <... openat resumed>) = 3 [pid 6405] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6402] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... mkdir resumed>) = 0 [pid 6409] set_robust_list(0x555556f1a5e0, 24 [pid 6408] write(3, "1000", 4 [pid 6405] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6402] <... futex resumed>) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 6409] <... set_robust_list resumed>) = 0 [pid 6408] <... write resumed>) = 4 [pid 6405] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6402] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... openat resumed>) = 3 [pid 6409] chdir("./52" [pid 6408] close(3 [pid 6405] <... open resumed>) = 6 [pid 6409] <... chdir resumed>) = 0 [pid 6408] <... close resumed>) = 0 [pid 6405] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6409] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6408] symlink("/dev/binderfs", "./binderfs" [pid 6405] <... futex resumed>) = 1 [pid 6402] <... futex resumed>) = 0 [pid 6409] <... prctl resumed>) = 0 [pid 6408] <... symlink resumed>) = 0 [pid 6405] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6402] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6409] setpgid(0, 0 [pid 6408] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6405] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6402] <... futex resumed>) = 0 [pid 6409] <... setpgid resumed>) = 0 [pid 6408] <... futex resumed>) = 0 [pid 6405] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6402] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5086] ioctl(3, LOOP_CLR_FD [pid 6409] <... openat resumed>) = 3 [pid 6408] <... mmap resumed>) = 0x7f5659bc2000 [pid 6405] <... write resumed>) = 262144 [pid 5086] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6409] write(3, "1000", 4 [pid 6408] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6405] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] close(3 [pid 5085] <... umount2 resumed>) = 0 [pid 6409] <... write resumed>) = 4 [pid 6408] <... mprotect resumed>) = 0 [pid 6405] <... futex resumed>) = 1 [pid 6402] <... futex resumed>) = 0 [pid 5086] <... close resumed>) = 0 [pid 5085] umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6409] close(3 [pid 6408] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6405] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6402] exit_group(0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6409] <... close resumed>) = 0 [pid 6405] <... futex resumed>) = ? [pid 6402] <... exit_group resumed>) = ? [pid 6409] symlink("/dev/binderfs", "./binderfs" [pid 6408] <... clone resumed>, parent_tid=[6410], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6410 [pid 6405] +++ exited with 0 +++ [pid 6402] +++ exited with 0 +++ [pid 5085] lstat("./50/bus", [pid 6409] <... symlink resumed>) = 0 [pid 6408] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6402, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 6409] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6408] <... futex resumed>) = 0 [pid 6409] <... futex resumed>) = 0 [pid 6408] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6409] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 6410 attached ) = 0 [pid 5086] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6411 [pid 5085] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 ./strace-static-x86_64: Process 6411 attached [pid 6410] set_robust_list(0x7f5659be29e0, 24 [pid 6409] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5085] umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW [ 132.440193][ T948] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 5082] umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6411] set_robust_list(0x555556f1a5e0, 24 [pid 6410] <... set_robust_list resumed>) = 0 [pid 5085] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6410] memfd_create("syzkaller", 0 [pid 6409] <... clone resumed>, parent_tid=[6412], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6412 [pid 5082] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6410] <... memfd_create resumed>) = 3 [pid 6409] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... openat resumed>) = 3 [pid 6410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6409] <... futex resumed>) = 0 [pid 5082] fstat(3, [pid 6410] <... mmap resumed>) = 0x7f56517c2000 [pid 6409] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 ./strace-static-x86_64: Process 6412 attached [pid 6411] <... set_robust_list resumed>) = 0 [pid 5085] openat(AT_FDCWD, "./50/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5082] getdents64(3, [pid 6412] set_robust_list(0x7f5659be29e0, 24 [pid 6411] chdir("./51" [pid 5085] <... openat resumed>) = 4 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6412] <... set_robust_list resumed>) = 0 [pid 6411] <... chdir resumed>) = 0 [pid 5085] fstat(4, [pid 5082] umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6412] memfd_create("syzkaller", 0 [pid 6411] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6410] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5085] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6412] <... memfd_create resumed>) = 3 [pid 6411] <... prctl resumed>) = 0 [pid 5085] getdents64(4, [pid 5082] lstat("./50/binderfs", [pid 6412] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6411] setpgid(0, 0 [pid 5085] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5082] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6412] <... mmap resumed>) = 0x7f56517c2000 [pid 6411] <... setpgid resumed>) = 0 [pid 5085] getdents64(4, [pid 5082] unlink("./50/binderfs" [pid 6412] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5085] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5082] <... unlink resumed>) = 0 [pid 5082] umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6411] <... openat resumed>) = 3 [ 132.483574][ T948] EXT4-fs (loop0): This should not happen!! Data will be lost [ 132.483574][ T948] [ 132.510580][ T948] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 5085] close(4 [pid 6410] <... write resumed>) = 1048576 [pid 6410] munmap(0x7f56517c2000, 1048576 [pid 6411] write(3, "1000", 4 [pid 5085] <... close resumed>) = 0 [pid 6411] <... write resumed>) = 4 [pid 6411] close(3 [pid 5085] rmdir("./50/bus" [pid 6411] <... close resumed>) = 0 [pid 5085] <... rmdir resumed>) = 0 [pid 6411] symlink("/dev/binderfs", "./binderfs" [pid 5085] getdents64(3, [pid 6411] <... symlink resumed>) = 0 [pid 6411] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6411] <... futex resumed>) = 0 [pid 5085] close(3 [pid 6411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5085] <... close resumed>) = 0 [pid 6411] <... mmap resumed>) = 0x7f5659bc2000 [pid 5085] rmdir("./50" [pid 6411] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 5085] <... rmdir resumed>) = 0 [pid 6411] <... mprotect resumed>) = 0 [pid 5085] mkdir("./51", 0777 [pid 6411] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5085] <... mkdir resumed>) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6411] <... clone resumed>, parent_tid=[6413], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6413 [pid 5085] <... openat resumed>) = 3 [pid 6411] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] ioctl(3, LOOP_CLR_FD [pid 6410] <... munmap resumed>) = 0 [pid 6411] <... futex resumed>) = 0 [pid 6411] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5085] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5085] close(3) = 0 [pid 6412] <... write resumed>) = 1048576 [pid 6410] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5085] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6410] <... openat resumed>) = 4 [pid 6410] ioctl(4, LOOP_SET_FD, 3 [pid 5085] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6414 ./strace-static-x86_64: Process 6414 attached ./strace-static-x86_64: Process 6413 attached [pid 6414] set_robust_list(0x555556f1a5e0, 24 [pid 6413] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6413] memfd_create("syzkaller", 0) = 3 [pid 6413] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [ 132.533013][ T5118] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 132.568095][ T6410] loop2: detected capacity change from 0 to 2048 [pid 6412] munmap(0x7f56517c2000, 1048576) = 0 [pid 6412] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6414] <... set_robust_list resumed>) = 0 [pid 6414] chdir("./51" [pid 6412] ioctl(4, LOOP_SET_FD, 3 [pid 6414] <... chdir resumed>) = 0 [pid 6410] <... ioctl resumed>) = 0 [pid 6410] close(3) = 0 [pid 6410] mkdir("./bus", 0777) = 0 [pid 6410] mount("/dev/loop2", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6414] setpgid(0, 0) = 0 [pid 6414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6414] write(3, "1000", 4) = 4 [pid 6414] close(3 [pid 6413] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6414] <... close resumed>) = 0 [pid 6414] symlink("/dev/binderfs", "./binderfs" [pid 6412] <... ioctl resumed>) = 0 [pid 6412] close(3 [pid 6414] <... symlink resumed>) = 0 [pid 6412] <... close resumed>) = 0 [pid 6414] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6412] mkdir("./bus", 0777 [pid 6414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5659bc2000 [pid 6412] <... mkdir resumed>) = 0 [pid 6414] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6412] mount("/dev/loop3", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6414] <... mprotect resumed>) = 0 [ 132.575547][ T948] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 132.594108][ T6412] loop3: detected capacity change from 0 to 2048 [ 132.601466][ T5118] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6414] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6417 attached , parent_tid=[6417], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6417 [pid 6417] set_robust_list(0x7f5659be29e0, 24 [pid 6414] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6417] <... set_robust_list resumed>) = 0 [pid 6414] <... futex resumed>) = 0 [pid 6417] memfd_create("syzkaller", 0 [pid 6414] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6417] <... memfd_create resumed>) = 3 [pid 6413] <... write resumed>) = 1048576 [pid 6417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [pid 6413] munmap(0x7f56517c2000, 1048576) = 0 [pid 6413] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 132.644232][ T5118] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [ 132.659935][ T6410] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 132.697961][ T6413] loop5: detected capacity change from 0 to 2048 [ 132.698212][ T5081] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.714829][ T5118] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 132.728633][ T6412] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [pid 6413] ioctl(4, LOOP_SET_FD, 3 [pid 6417] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6412] <... mount resumed>) = 0 [pid 6412] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6412] chdir("./bus") = 0 [pid 6412] ioctl(4, LOOP_CLR_FD [pid 6413] <... ioctl resumed>) = 0 [pid 6412] <... ioctl resumed>) = 0 [pid 6410] <... mount resumed>) = 0 [pid 6413] close(3 [pid 6412] close(4 [ 132.744046][ T5115] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 132.744567][ T6412] ext4 filesystem being mounted at /root/syzkaller.fMxgvE/52/bus supports timestamps until 2038 (0x7fffffff) [ 132.771285][ T6410] ext4 filesystem being mounted at /root/syzkaller.22hR0w/51/bus supports timestamps until 2038 (0x7fffffff) [ 132.785833][ T5118] EXT4-fs (loop1): This should not happen!! Data will be lost [ 132.785833][ T5118] [pid 6410] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5081] <... umount2 resumed>) = 0 [pid 6413] <... close resumed>) = 0 [pid 6412] <... close resumed>) = 0 [pid 6410] <... openat resumed>) = 3 [pid 5081] umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] lstat("./50/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6413] mkdir("./bus", 0777 [pid 6412] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] chdir("./bus" [pid 5081] umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6412] <... futex resumed>) = 1 [pid 6410] <... chdir resumed>) = 0 [pid 6409] <... futex resumed>) = 0 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6417] <... write resumed>) = 1048576 [pid 6413] <... mkdir resumed>) = 0 [pid 6412] chdir("./file0" [pid 6410] ioctl(4, LOOP_CLR_FD [pid 6409] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6417] munmap(0x7f56517c2000, 1048576 [pid 6409] <... futex resumed>) = 0 [pid 5081] openat(AT_FDCWD, "./50/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6417] <... munmap resumed>) = 0 [pid 6413] mount("/dev/loop5", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6412] <... chdir resumed>) = 0 [pid 6410] <... ioctl resumed>) = 0 [pid 6409] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... openat resumed>) = 4 [pid 6417] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5081] fstat(4, [pid 6417] <... openat resumed>) = 4 [pid 5081] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6417] ioctl(4, LOOP_SET_FD, 3 [pid 5081] getdents64(4, [pid 6412] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] close(4 [pid 6409] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5081] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5081] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6412] <... futex resumed>) = 0 [pid 6410] <... close resumed>) = 0 [pid 5081] close(4 [pid 6412] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6410] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6409] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... close resumed>) = 0 [pid 5081] rmdir("./50/bus" [pid 6409] <... futex resumed>) = 0 [pid 5081] <... rmdir resumed>) = 0 [pid 6412] <... openat resumed>) = 4 [ 132.813870][ T5118] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 132.834299][ T5118] EXT4-fs error (device loop1): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 132.846972][ T6417] loop4: detected capacity change from 0 to 2048 [pid 6410] <... futex resumed>) = 1 [pid 6409] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6408] <... futex resumed>) = 0 [pid 5081] getdents64(3, [pid 6412] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6412] <... futex resumed>) = 0 [pid 5081] close(3 [pid 6412] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... close resumed>) = 0 [pid 5081] rmdir("./50" [pid 6410] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6409] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6408] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... rmdir resumed>) = 0 [pid 5081] mkdir("./51", 0777 [pid 6410] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6409] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6408] <... futex resumed>) = 0 [pid 5081] <... mkdir resumed>) = 0 [pid 6417] <... ioctl resumed>) = 0 [pid 6412] <... futex resumed>) = 0 [pid 6410] chdir("./file0" [pid 6409] <... futex resumed>) = 1 [pid 6408] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6417] close(3 [pid 6412] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6410] <... chdir resumed>) = 0 [pid 6409] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... openat resumed>) = 3 [pid 6417] <... close resumed>) = 0 [pid 5081] ioctl(3, LOOP_CLR_FD [pid 6417] mkdir("./bus", 0777 [pid 5081] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6417] <... mkdir resumed>) = 0 [pid 6412] <... write resumed>) = 262144 [pid 6410] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] close(3 [ 132.865316][ T5082] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 6417] mount("/dev/loop4", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 5081] <... close resumed>) = 0 [pid 6412] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] <... futex resumed>) = 1 [pid 6408] <... futex resumed>) = 0 [pid 6412] <... futex resumed>) = 1 [pid 6410] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6409] <... futex resumed>) = 0 [pid 6408] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6412] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6410] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6409] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6408] <... futex resumed>) = 0 [pid 6412] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6410] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6409] <... futex resumed>) = 0 [pid 6408] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6412] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6409] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6412] <... mmap resumed>) = 0x20000000 [pid 6412] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6409] <... futex resumed>) = 0 [pid 6412] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6409] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6412] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6409] <... futex resumed>) = 0 [pid 6412] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6410] <... openat resumed>) = 4 [pid 6409] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6422 attached [pid 6413] <... mount resumed>) = 0 [pid 6412] <... open resumed>) = 5 [pid 5081] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6422 [pid 6422] set_robust_list(0x555556f1a5e0, 24 [pid 6413] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6412] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... set_robust_list resumed>) = 0 [pid 6413] <... openat resumed>) = 3 [pid 6412] <... futex resumed>) = 1 [pid 6410] <... futex resumed>) = 1 [pid 6409] <... futex resumed>) = 0 [pid 6408] <... futex resumed>) = 0 [pid 6422] chdir("./51" [pid 6413] chdir("./bus" [pid 6422] <... chdir resumed>) = 0 [pid 6413] <... chdir resumed>) = 0 [pid 6412] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 6410] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6409] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6408] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6413] ioctl(4, LOOP_CLR_FD [pid 6422] <... prctl resumed>) = 0 [pid 6413] <... ioctl resumed>) = 0 [pid 6422] setpgid(0, 0 [pid 6413] close(4 [pid 6422] <... setpgid resumed>) = 0 [pid 6413] <... close resumed>) = 0 [pid 6422] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6413] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... openat resumed>) = 3 [pid 6413] <... futex resumed>) = 1 [pid 6411] <... futex resumed>) = 0 [pid 6422] write(3, "1000", 4 [pid 6413] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6411] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... write resumed>) = 4 [pid 6413] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6411] <... futex resumed>) = 0 [pid 6422] close(3 [pid 6413] chdir("./file0" [pid 6411] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6422] <... close resumed>) = 0 [pid 6413] <... chdir resumed>) = 0 [pid 6409] <... futex resumed>) = 0 [pid 6408] <... futex resumed>) = 0 [pid 6422] symlink("/dev/binderfs", "./binderfs" [pid 6413] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... symlink resumed>) = 0 [pid 6413] <... futex resumed>) = 1 [pid 6411] <... futex resumed>) = 0 [pid 6422] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6413] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6411] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... futex resumed>) = 0 [pid 6413] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6411] <... futex resumed>) = 0 [pid 6422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6413] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6411] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6422] <... mmap resumed>) = 0x7f5659bc2000 [pid 6413] <... openat resumed>) = 4 [pid 6422] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6413] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... mprotect resumed>) = 0 [pid 6413] <... futex resumed>) = 1 [pid 6411] <... futex resumed>) = 0 [pid 6422] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6413] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6411] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6409] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6408] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6413] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6411] <... futex resumed>) = 0 [pid 6422] <... clone resumed>, parent_tid=[6425], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6425 [pid 6413] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6411] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6422] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6413] <... write resumed>) = 262144 [pid 6412] <... mount resumed>) = 0 [ 132.911701][ T6413] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 132.928889][ T6413] ext4 filesystem being mounted at /root/syzkaller.k5ilqN/51/bus supports timestamps until 2038 (0x7fffffff) [pid 6412] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6409] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6425 attached [pid 6413] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6412] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6410] <... write resumed>) = 262144 [pid 5082] <... umount2 resumed>) = 0 [pid 6425] set_robust_list(0x7f5659be29e0, 24 [pid 6413] <... futex resumed>) = 1 [pid 6411] <... futex resumed>) = 0 [pid 6410] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6425] <... set_robust_list resumed>) = 0 [pid 6413] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6411] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] <... futex resumed>) = 1 [pid 6425] memfd_create("syzkaller", 0 [pid 6413] <... mmap resumed>) = 0x20000000 [pid 6412] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6411] <... futex resumed>) = 0 [pid 6410] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6409] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6408] <... futex resumed>) = 0 [pid 6425] <... memfd_create resumed>) = 3 [pid 6413] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6411] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6409] <... futex resumed>) = 0 [pid 6408] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6413] <... futex resumed>) = 0 [pid 6411] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6410] <... futex resumed>) = 0 [pid 6409] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6408] <... futex resumed>) = 1 [pid 6425] <... mmap resumed>) = 0x7f56517c2000 [pid 6413] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6412] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6411] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6408] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6425] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6413] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6412] <... open resumed>) = 6 [pid 6411] <... futex resumed>) = 0 [pid 6410] <... mmap resumed>) = 0x20000000 [pid 6413] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6412] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6411] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6410] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6413] <... open resumed>) = 5 [pid 6410] <... futex resumed>) = 1 [pid 5082] umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6413] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6413] <... futex resumed>) = 1 [pid 6411] <... futex resumed>) = 0 [pid 5082] lstat("./50/bus", [pid 6413] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6411] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6413] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6412] <... futex resumed>) = 1 [pid 6411] <... futex resumed>) = 0 [pid 6408] <... futex resumed>) = 0 [pid 5082] umount2("./50/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6413] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 6412] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6411] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6409] <... futex resumed>) = 0 [pid 6408] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6417] <... mount resumed>) = 0 [pid 6413] <... mount resumed>) = 0 [pid 6410] <... futex resumed>) = 0 [pid 6409] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6408] <... futex resumed>) = 1 [pid 5082] openat(AT_FDCWD, "./50/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6417] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6413] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6412] <... futex resumed>) = 0 [pid 6410] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6409] <... futex resumed>) = 1 [pid 6408] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... openat resumed>) = 4 [pid 6425] <... write resumed>) = 1048576 [pid 6417] <... openat resumed>) = 3 [pid 6413] <... futex resumed>) = 1 [pid 6412] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6411] <... futex resumed>) = 0 [pid 6410] <... open resumed>) = 5 [pid 6409] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] fstat(4, [pid 6425] munmap(0x7f56517c2000, 1048576 [pid 6417] chdir("./bus" [pid 6413] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6411] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6417] <... chdir resumed>) = 0 [pid 6413] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6411] <... futex resumed>) = 0 [pid 6410] <... futex resumed>) = 1 [pid 6408] <... futex resumed>) = 0 [pid 5082] getdents64(4, [pid 6425] <... munmap resumed>) = 0 [pid 6417] ioctl(4, LOOP_CLR_FD [pid 6413] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6411] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6410] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6408] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... getdents64 resumed>0x555556f23660 /* 2 entries */, 32768) = 48 [pid 6425] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6417] <... ioctl resumed>) = 0 [pid 6413] <... open resumed>) = 6 [pid 6412] <... write resumed>) = 262144 [pid 6410] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6408] <... futex resumed>) = 0 [pid 5082] getdents64(4, [pid 6425] <... openat resumed>) = 4 [pid 6413] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6412] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 5082] <... getdents64 resumed>0x555556f23660 /* 0 entries */, 32768) = 0 [pid 6425] ioctl(4, LOOP_SET_FD, 3 [pid 6417] close(4 [pid 6413] <... futex resumed>) = 1 [pid 6412] <... futex resumed>) = 1 [pid 6411] <... futex resumed>) = 0 [pid 6410] <... mount resumed>) = 0 [pid 6409] <... futex resumed>) = 0 [pid 6408] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] close(4 [pid 6417] <... close resumed>) = 0 [pid 6413] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6412] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6411] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... close resumed>) = 0 [pid 6413] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6411] <... futex resumed>) = 0 [pid 6410] <... futex resumed>) = 0 [pid 5082] rmdir("./50/bus" [pid 6417] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [ 132.988025][ T6417] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 133.019926][ T6417] ext4 filesystem being mounted at /root/syzkaller.4eTrMI/51/bus supports timestamps until 2038 (0x7fffffff) [pid 6413] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6411] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6410] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6409] exit_group(0 [pid 6408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] <... rmdir resumed>) = 0 [pid 6417] <... futex resumed>) = 1 [pid 6414] <... futex resumed>) = 0 [pid 5082] getdents64(3, [pid 6414] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... getdents64 resumed>0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 6414] <... futex resumed>) = 0 [pid 6413] <... write resumed>) = 262144 [pid 5082] close(3 [pid 6414] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6413] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... close resumed>) = 0 [pid 6413] <... futex resumed>) = 1 [pid 6411] <... futex resumed>) = 0 [pid 5082] rmdir("./50" [pid 6425] <... ioctl resumed>) = 0 [pid 6417] chdir("./file0" [pid 6413] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6412] <... futex resumed>) = ? [pid 6411] exit_group(0 [pid 6409] <... exit_group resumed>) = ? [pid 6408] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... rmdir resumed>) = 0 [pid 6413] <... futex resumed>) = ? [pid 6412] +++ exited with 0 +++ [pid 6411] <... exit_group resumed>) = ? [pid 6410] <... futex resumed>) = 0 [pid 6409] +++ exited with 0 +++ [pid 6408] <... futex resumed>) = 1 [pid 5082] mkdir("./51", 0777 [pid 6425] close(3 [pid 6417] <... chdir resumed>) = 0 [pid 6413] +++ exited with 0 +++ [pid 6411] +++ exited with 0 +++ [pid 6410] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6408] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6409, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5082] <... mkdir resumed>) = 0 [pid 6410] <... open resumed>) = 6 [pid 5082] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6425] <... close resumed>) = 0 [pid 6417] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6411, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5082] <... openat resumed>) = 3 [pid 6410] <... futex resumed>) = 0 [pid 5082] ioctl(3, LOOP_CLR_FD [pid 6410] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6425] mkdir("./bus", 0777 [pid 5082] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 6417] <... futex resumed>) = 1 [pid 6414] <... futex resumed>) = 0 [pid 6410] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6408] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] close(3 [pid 6425] <... mkdir resumed>) = 0 [pid 6414] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6417] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6410] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6408] <... futex resumed>) = 0 [pid 5084] umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... close resumed>) = 0 [ 133.069775][ T6425] loop0: detected capacity change from 0 to 2048 [pid 6425] mount("/dev/loop0", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6417] <... openat resumed>) = 4 [pid 6414] <... futex resumed>) = 0 [pid 6408] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5084] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6417] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6414] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6410] <... write resumed>) = 262144 [pid 5086] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6414] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6410] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... openat resumed>) = 3 [pid 5082] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6426 [pid 6414] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] <... futex resumed>) = 1 [pid 5084] fstat(3, [pid 6414] <... futex resumed>) = 0 [pid 6410] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 6417] <... futex resumed>) = 0 [pid 6414] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6408] <... futex resumed>) = 0 [pid 5086] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] getdents64(3, [pid 6417] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6408] exit_group(0 [pid 5086] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5084] <... getdents64 resumed>0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5084] umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] lstat("./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5084] unlink("./52/binderfs") = 0 [pid 5084] umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6410] <... futex resumed>) = ? [pid 6408] <... exit_group resumed>) = ? [pid 5086] <... openat resumed>) = 3 [pid 6410] +++ exited with 0 +++ [pid 6408] +++ exited with 0 +++ [pid 5083] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6408, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5086] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 ./strace-static-x86_64: Process 6426 attached [pid 5086] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./51/binderfs", [pid 5083] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5086] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5083] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5086] unlink("./51/binderfs" [pid 5083] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5086] <... unlink resumed>) = 0 [pid 5086] umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... openat resumed>) = 3 [pid 5083] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 6414] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6414] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f56518a1000 [pid 6414] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6414] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6429], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 6429 [pid 6414] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6414] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6429 attached [pid 6429] set_robust_list(0x7f56518c19e0, 24) = 0 [pid 6429] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 6429] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6414] <... futex resumed>) = 0 [pid 6414] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6414] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6429] <... futex resumed>) = 1 [pid 6429] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 5083] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6426] set_robust_list(0x555556f1a5e0, 24 [pid 6417] <... write resumed>) = 147456 [pid 5083] lstat("./51/binderfs", [pid 6429] <... open resumed>) = 5 [pid 5083] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 6429] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6426] <... set_robust_list resumed>) = 0 [pid 6417] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [ 133.164952][ T5118] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 133.164954][ T41] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 133.165501][ T5118] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5909: Corrupt filesystem [ 133.204992][ T41] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 5083] unlink("./51/binderfs" [pid 6429] <... futex resumed>) = 1 [pid 6426] chdir("./51" [pid 6417] <... futex resumed>) = 0 [pid 6414] <... futex resumed>) = 0 [pid 5083] <... unlink resumed>) = 0 [pid 6429] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6425] <... mount resumed>) = 0 [ 133.221115][ T5118] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #18: comm kworker/u4:9: mark_inode_dirty error [ 133.222534][ T6425] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 133.246148][ T6425] ext4 filesystem being mounted at /root/syzkaller.Fc3fbq/51/bus supports timestamps until 2038 (0x7fffffff) [ 133.246289][ T5118] EXT4-fs (loop5): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [pid 6414] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6426] <... chdir resumed>) = 0 [pid 6425] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 6417] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 6414] <... futex resumed>) = 0 [pid 5083] umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6426] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6425] <... openat resumed>) = 3 [pid 6417] <... mount resumed>) = 0 [pid 6414] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6426] <... prctl resumed>) = 0 [pid 6425] chdir("./bus" [pid 6417] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6414] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6426] setpgid(0, 0 [pid 6425] <... chdir resumed>) = 0 [pid 6417] <... futex resumed>) = 0 [pid 6414] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6426] <... setpgid resumed>) = 0 [pid 6425] ioctl(4, LOOP_CLR_FD [pid 6417] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6414] <... futex resumed>) = 0 [pid 6426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6425] <... ioctl resumed>) = 0 [ 133.260402][ T41] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 133.270860][ T5118] EXT4-fs (loop5): This should not happen!! Data will be lost [ 133.270860][ T5118] [ 133.293109][ T5118] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 133.306898][ T948] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 6417] <... open resumed>) = 6 [pid 6414] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6426] <... openat resumed>) = 3 [pid 6425] close(4 [pid 6417] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6414] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6426] write(3, "1000", 4 [pid 6425] <... close resumed>) = 0 [pid 6417] <... futex resumed>) = 0 [pid 6414] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6426] <... write resumed>) = 4 [pid 6425] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6417] write(6, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6414] <... futex resumed>) = 0 [pid 6426] close(3 [pid 6425] <... futex resumed>) = 1 [pid 6422] <... futex resumed>) = 0 [pid 6414] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6426] <... close resumed>) = 0 [pid 6425] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6422] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6426] symlink("/dev/binderfs", "./binderfs" [pid 6425] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6422] <... futex resumed>) = 0 [pid 6417] <... write resumed>) = 147456 [pid 6426] <... symlink resumed>) = 0 [pid 6425] chdir("./file0" [pid 6422] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6417] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6426] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6425] <... chdir resumed>) = 0 [pid 6417] <... futex resumed>) = 1 [ 133.320194][ T5118] EXT4-fs error (device loop5): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 133.333320][ T41] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 133.347035][ T41] EXT4-fs (loop3): This should not happen!! Data will be lost [ 133.347035][ T41] [ 133.360782][ T5086] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 6414] <... futex resumed>) = 0 [pid 6426] <... futex resumed>) = 0 [pid 6425] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6417] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6414] exit_group(0 [pid 6429] <... futex resumed>) = ? [pid 6426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6425] <... futex resumed>) = 1 [pid 6422] <... futex resumed>) = 0 [pid 6417] <... futex resumed>) = ? [pid 6414] <... exit_group resumed>) = ? [pid 6429] +++ exited with 0 +++ [pid 6426] <... mmap resumed>) = 0x7f5659bc2000 [pid 6425] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 133.371552][ T41] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 133.381304][ T6414] ------------[ cut here ]------------ [ 133.390096][ T6414] kernel BUG at fs/ext4/ext4.h:3332! [ 133.399987][ T41] EXT4-fs error (device loop3): __ext4_get_inode_loc:4560: comm kworker/u4:2: Invalid inode table block 0 in block_group 0 [ 133.400501][ T948] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5909: Corrupt filesystem [pid 6422] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6417] +++ exited with 0 +++ [pid 6426] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6425] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6422] <... futex resumed>) = 0 [pid 6426] <... mprotect resumed>) = 0 [pid 6425] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6422] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... umount2 resumed>) = 0 [pid 5084] <... umount2 resumed>) = 0 [pid 6426] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6430], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6430 [pid 6426] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6426] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6430 attached [pid 6430] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6430] memfd_create("syzkaller", 0) = 3 [pid 6430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f56517c2000 [ 133.422345][ T5084] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.438011][ T6414] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 133.444172][ T6414] CPU: 1 PID: 6414 Comm: syz-executor242 Not tainted 6.3.0-rc2-syzkaller-00016-g4979bf866825 #0 [ 133.454623][ T6414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 133.464715][ T6414] RIP: 0010:ext4_get_group_info+0x399/0x3a0 [pid 6430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6430] munmap(0x7f56517c2000, 1048576 [pid 6422] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6422] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f56518a1000 [pid 6422] mprotect(0x7f56518a2000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6422] clone(child_stack=0x7f56518c13f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6431], tls=0x7f56518c1700, child_tidptr=0x7f56518c19d0) = 6431 [pid 6422] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6430] <... munmap resumed>) = 0 [pid 6430] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6430] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6431 attached [ 133.470679][ T6414] Code: 4e ff 8b 74 24 04 48 c7 c7 e0 c0 0b 8d 4c 89 f2 e8 9c 02 34 02 43 80 3c 2c 00 0f 85 23 fd ff ff e9 26 fd ff ff e8 77 65 4e ff <0f> 0b 0f 1f 44 00 00 55 41 57 41 56 41 54 53 48 89 fb 49 bf 00 00 [ 133.490416][ T6414] RSP: 0018:ffffc9000ab5f970 EFLAGS: 00010293 [ 133.496528][ T6414] RAX: ffffffff823ce209 RBX: 00000000ffffe428 RCX: ffff88801f40ba80 [ 133.504548][ T6414] RDX: 0000000000000000 RSI: 00000000ffffe428 RDI: 0000000000000001 [ 133.504719][ T6430] loop1: detected capacity change from 0 to 2048 [pid 6431] set_robust_list(0x7f56518c19e0, 24) = 0 [pid 6431] write(-1, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = -1 EBADF (Bad file descriptor) [pid 6431] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... futex resumed>) = 0 [pid 6422] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6431] <... futex resumed>) = 1 [pid 6431] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, -1, 0) = -1 EBADF (Bad file descriptor) [pid 6431] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... futex resumed>) = 0 [pid 6422] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6431] <... futex resumed>) = 1 [pid 6431] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6430] <... ioctl resumed>) = 0 [ 133.512534][ T6414] RBP: 0000000000000001 R08: ffffffff823cded9 R09: ffffed100e81e73c [ 133.512553][ T6414] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1100e28cccf [ 133.512567][ T6414] R13: dffffc0000000000 R14: ffff888071464000 R15: ffff888071466678 [ 133.512582][ T6414] FS: 0000000000000000(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 133.512599][ T6414] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 133.512612][ T6414] CR2: 00007f5659cbf948 CR3: 0000000024f2d000 CR4: 00000000003506e0 [ 133.512631][ T6414] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 133.550339][ T948] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #18: comm kworker/u4:5: mark_inode_dirty error [ 133.553225][ T6414] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 133.553245][ T6414] Call Trace: [ 133.553253][ T6414] [ 133.553264][ T6414] ext4_mb_load_buddy_gfp+0xc3/0x820 [ 133.578395][ T948] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 64 with error 117 [ 133.587876][ T6414] ? ext4_get_group_number+0x166/0x240 [ 133.587912][ T6414] ext4_discard_preallocations+0x8e6/0x11e0 [ 133.587940][ T6414] ? mb_clear_bits+0x110/0x110 [ 133.587959][ T6414] ? __down_write_common+0x161/0x200 [ 133.640372][ T948] EXT4-fs (loop2): This should not happen!! Data will be lost [ 133.640372][ T948] [ 133.641433][ T6414] ? do_raw_read_unlock+0x3c/0x80 [ 133.653028][ T948] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [ 133.656130][ T6414] ext4_release_file+0x16e/0x300 [ 133.656157][ T6414] ? ext4_file_open+0x750/0x750 [ 133.678890][ T6414] __fput+0x3b7/0x890 [ 133.682930][ T6414] task_work_run+0x24a/0x300 [ 133.687573][ T6414] ? task_work_cancel+0x2b0/0x2b0 [ 133.692645][ T6414] ? exit_task_namespaces+0xe1/0xf0 [ 133.697886][ T6414] do_exit+0x68f/0x2290 [ 133.702079][ T6414] ? put_task_struct+0x80/0x80 [ 133.706861][ T6414] ? lockdep_hardirqs_on_prepare+0x43c/0x7a0 [ 133.713052][ T6414] ? print_irqtrace_events+0x220/0x220 [ 133.718527][ T6414] ? _raw_spin_unlock_irq+0x23/0x50 [ 133.723759][ T6414] ? lockdep_hardirqs_on+0x98/0x140 [ 133.728973][ T6414] do_group_exit+0x206/0x2c0 [ 133.733580][ T6414] __x64_sys_exit_group+0x3f/0x40 [ 133.738624][ T6414] do_syscall_64+0x41/0xc0 [ 133.743054][ T6414] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 133.748964][ T6414] RIP: 0033:0x7f5659c351f9 [ 133.753403][ T6414] Code: Unable to access opcode bytes at 0x7f5659c351cf. [ 133.760419][ T6414] RSP: 002b:00007fffd7657d18 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [pid 6430] close(3) = 0 [pid 6430] mkdir("./bus", 0777) = 0 [pid 6430] mount("/dev/loop1", "./bus", "ext4", MS_NODIRATIME|MS_REC|MS_I_VERSION, ",errors=continue" [pid 6431] <... open resumed>) = 5 [pid 6425] <... openat resumed>) = 4 [pid 6431] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6422] <... futex resumed>) = 0 [pid 6431] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 6422] futex(0x7f5659cbb7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6431] <... mount resumed>) = 0 [pid 6425] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... futex resumed>) = 0 [pid 6431] futex(0x7f5659cbb7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6425] <... futex resumed>) = 0 [pid 6422] futex(0x7f5659cbb7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6431] <... futex resumed>) = 0 [pid 6425] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6422] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6431] futex(0x7f5659cbb7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6425] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6422] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6425] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6422] <... futex resumed>) = 0 [pid 6425] <... open resumed>) = 6 [pid 6422] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6425] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6422] <... futex resumed>) = 0 [pid 6425] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65"..., 34136651 [pid 6422] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6422] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6425] <... write resumed>) = 1048576 [pid 6425] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] exit_group(0 [pid 6431] <... futex resumed>) = ? [pid 6422] <... exit_group resumed>) = ? [pid 6431] +++ exited with 0 +++ [pid 6425] <... futex resumed>) = ? [pid 6425] +++ exited with 0 +++ [pid 6422] +++ exited with 0 +++ [pid 5081] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6422, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5081] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5081] umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5081] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] getdents64(3, 0x555556f1b620 /* 4 entries */, 32768) = 104 [pid 5081] umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5081] lstat("./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5081] unlink("./51/binderfs") = 0 [pid 5081] umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] lstat("./52/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] umount2("./52/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5084] openat(AT_FDCWD, "./52/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5084] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5084] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5084] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5084] close(4) = 0 [pid 5084] rmdir("./52/bus") = 0 [pid 5084] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5084] close(3) = 0 [pid 5084] rmdir("./52") = 0 [pid 5084] mkdir("./53", 0777) = 0 [pid 5084] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5084] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5084] close(3) = 0 [pid 5084] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5086] umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] lstat("./51/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, "./51/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5086] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] getdents64(4, 0x555556f23660 /* 2 entries */, 32768) = 48 [pid 5086] getdents64(4, 0x555556f23660 /* 0 entries */, 32768) = 0 [pid 5086] close(4) = 0 [pid 5086] rmdir("./51/bus") = 0 [pid 5086] getdents64(3, 0x555556f1b620 /* 0 entries */, 32768) = 0 [pid 5086] close(3) = 0 [pid 5086] rmdir("./51") = 0 [pid 5086] mkdir("./52", 0777) = 0 [ 133.768842][ T6414] RAX: ffffffffffffffda RBX: 00007f5659cbb470 RCX: 00007f5659c351f9 [ 133.776853][ T6414] RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000 [ 133.784830][ T6414] RBP: 0000000000000000 R08: ffffffffffffffb8 R09: 0000000000000000 [ 133.792808][ T6414] R10: 00007fffd7657da0 R11: 0000000000000246 R12: 00007f5659cbb470 [ 133.800794][ T6414] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 133.808778][ T6414] [ 133.811799][ T6414] Modules linked in: [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5086] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5086] close(3) = 0 [pid 5086] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556f1a5d0) = 6433 ./strace-static-x86_64: Process 6433 attached [pid 6433] set_robust_list(0x555556f1a5e0, 24) = 0 [ 133.816613][ T5118] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 133.831487][ T5118] EXT4-fs error (device loop0): __ext4_get_inode_loc:4560: comm kworker/u4:9: Invalid inode table block 0 in block_group 0 [ 133.839408][ T6414] ---[ end trace 0000000000000000 ]--- [ 133.850370][ T948] EXT4-fs error (device loop2): __ext4_get_inode_loc:4560: comm kworker/u4:5: Invalid inode table block 0 in block_group 0 [pid 6433] chdir("./52") = 0 [pid 6433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6430] <... mount resumed>) = 0 ./strace-static-x86_64: Process 6435 attached [pid 6433] setpgid(0, 0 [pid 6430] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY [pid 5084] <... clone resumed>, child_tidptr=0x555556f1a5d0) = 6435 [pid 6435] set_robust_list(0x555556f1a5e0, 24 [pid 6433] <... setpgid resumed>) = 0 [pid 6430] <... openat resumed>) = 3 [pid 6430] chdir("./bus") = 0 [pid 6430] ioctl(4, LOOP_CLR_FD) = 0 [pid 6430] close(4 [pid 6435] <... set_robust_list resumed>) = 0 [pid 6433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6430] <... close resumed>) = 0 [pid 6435] chdir("./53" [pid 6433] <... openat resumed>) = 3 [pid 6430] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6435] <... chdir resumed>) = 0 [pid 6433] write(3, "1000", 4 [pid 6430] <... futex resumed>) = 1 [pid 6435] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6433] <... write resumed>) = 4 [pid 6430] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6435] <... prctl resumed>) = 0 [pid 6433] close(3 [pid 6435] setpgid(0, 0 [pid 6433] <... close resumed>) = 0 [pid 6435] <... setpgid resumed>) = 0 [pid 6433] symlink("/dev/binderfs", "./binderfs" [pid 6435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6433] <... symlink resumed>) = 0 [ 133.851301][ T6430] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. [ 133.864812][ T6414] RIP: 0010:ext4_get_group_info+0x399/0x3a0 [ 133.877088][ T5081] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.884321][ T5083] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.892510][ T6430] ext4 filesystem being mounted at /root/syzkaller.4t4b1u/51/bus supports timestamps until 2038 (0x7fffffff) [pid 6435] <... openat resumed>) = 3 [pid 6433] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6435] write(3, "1000", 4 [pid 6433] <... futex resumed>) = 0 [pid 6435] <... write resumed>) = 4 [pid 6433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6435] close(3 [pid 6433] <... mmap resumed>) = 0x7f5659bc2000 [pid 6435] <... close resumed>) = 0 [pid 6433] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6435] symlink("/dev/binderfs", "./binderfs" [pid 6433] <... mprotect resumed>) = 0 [pid 6435] <... symlink resumed>) = 0 [pid 6433] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6435] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6433] <... clone resumed>, parent_tid=[6436], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6436 [pid 6435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6433] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6435] <... mmap resumed>) = 0x7f5659bc2000 [pid 6433] <... futex resumed>) = 0 [pid 6435] mprotect(0x7f5659bc3000, 131072, PROT_READ|PROT_WRITE [pid 6433] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6426] <... futex resumed>) = 0 [pid 6435] <... mprotect resumed>) = 0 [pid 6435] clone(child_stack=0x7f5659be23f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 6426] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6435] <... clone resumed>, parent_tid=[6437], tls=0x7f5659be2700, child_tidptr=0x7f5659be29d0) = 6437 [pid 6435] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6435] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6430] <... futex resumed>) = 0 [pid 6426] <... futex resumed>) = 1 [pid 6430] chdir("./file0" [pid 6426] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6430] <... chdir resumed>) = 0 [pid 6430] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6426] <... futex resumed>) = 0 [pid 6430] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6426] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6426] <... futex resumed>) = 0 [pid 6430] openat(AT_FDCWD, "blkio.bfq.io_service_bytes_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 6426] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6430] <... openat resumed>) = 4 [pid 6430] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6426] <... futex resumed>) = 0 [pid 6430] futex(0x7f5659cbb7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6426] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6426] <... futex resumed>) = 0 [ 133.911774][ T6414] Code: 4e ff 8b 74 24 04 48 c7 c7 e0 c0 0b 8d 4c 89 f2 e8 9c 02 34 02 43 80 3c 2c 00 0f 85 23 fd ff ff e9 26 fd ff ff e8 77 65 4e ff <0f> 0b 0f 1f 44 00 00 55 41 57 41 56 41 54 53 48 89 fb 49 bf 00 00 [ 133.931721][ T6414] RSP: 0018:ffffc9000ab5f970 EFLAGS: 00010293 [ 133.937851][ T6414] RAX: ffffffff823ce209 RBX: 00000000ffffe428 RCX: ffff88801f40ba80 [ 133.946020][ T6414] RDX: 0000000000000000 RSI: 00000000ffffe428 RDI: 0000000000000001 [ 133.954104][ T6414] RBP: 0000000000000001 R08: ffffffff823cded9 R09: ffffed100e81e73c [ 133.962197][ T6414] R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff1100e28cccf [pid 6430] write(4, "\x62\x6c\x6b\x69\x6f\x2e\x62\x66\x71\x2e\x69\x6f\x5f\x73\x65\x72\x76\x69\x63\x65\x5f\x62\x79\x74\x65\x73\x5f\x72\x65\x63\x75\x72\x73\x69\x76\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6426] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] <... umount2 resumed>) = 0 [pid 6430] <... write resumed>) = 262144 ./strace-static-x86_64: Process 6437 attached [pid 6437] set_robust_list(0x7f5659be29e0, 24) = 0 [pid 6437] memfd_create("syzkaller", 0) = 3 [pid 6430] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6436 attached [pid 6437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6430] <... futex resumed>) = 1 [pid 6426] <... futex resumed>) = 0 [pid 6426] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6426] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6437] <... mmap resumed>) = 0x7f56517c2000 [pid 6436] set_robust_list(0x7f5659be29e0, 24 [pid 6430] mmap(0x20000000, 11755520, PROT_READ|PROT_WRITE|PROT_SEM|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 6437] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 6436] <... set_robust_list resumed>) = 0 [pid 6430] <... mmap resumed>) = 0x20000000 [pid 6436] memfd_create("syzkaller", 0 [pid 6430] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] umount2("./51/bus", MNT_DETACH|UMOUNT_NOFOLLOW [pid 6436] <... memfd_create resumed>) = 3 [pid 6436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6430] <... futex resumed>) = 1 [pid 6426] <... futex resumed>) = 0 [ 133.970306][ T6414] R13: dffffc0000000000 R14: ffff888071464000 R15: ffff888071466678 [ 133.978316][ T6414] FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 133.987334][ T6414] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 133.994281][ T6414] CR2: 00007f5659bf38a0 CR3: 0000000027fe5000 CR4: 00000000003506f0 [ 134.006684][ T6414] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 134.014843][ T6414] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [pid 5081] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6436] <... mmap resumed>) = 0x7f56517c2000 [pid 6430] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_NONBLOCK|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME, 000 [pid 6426] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6430] <... open resumed>) = 5 [pid 6426] <... futex resumed>) = 0 [pid 5083] <... umount2 resumed>) = 0 [pid 5081] lstat("./51/bus", [pid 6430] futex(0x7f5659cbb7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6426] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6426] futex(0x7f5659cbb7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6426] futex(0x7f5659cbb7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6430] <... futex resumed>) = 1 [pid 6426] <... futex resumed>) = 0 [ 134.028672][ T6414] Kernel panic - not syncing: Fatal exception [ 134.035074][ T6414] Kernel Offset: disabled [ 134.039420][ T6414] Rebooting in 86400 seconds..