./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2113528050 <...> [ 3.475148][ T30] audit: type=1400 audit(1677067356.500:8): avc: denied { create } for pid=80 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 3.478250][ T30] audit: type=1400 audit(1677067356.500:9): avc: denied { append open } for pid=80 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 3.481571][ T30] audit: type=1400 audit(1677067356.500:10): avc: denied { getattr } for pid=80 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 3.769958][ T97] udevd[97]: starting version 3.2.10 [ 3.793865][ T98] udevd[98]: starting eudev-3.2.10 [ 10.618152][ T30] kauditd_printk_skb: 49 callbacks suppressed [ 10.618163][ T30] audit: type=1400 audit(1677067363.660:60): avc: denied { transition } for pid=230 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 10.626631][ T30] audit: type=1400 audit(1677067363.670:61): avc: denied { write } for pid=230 comm="sh" path="pipe:[13116]" dev="pipefs" ino=13116 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 [ 12.244261][ T233] scp (233) used greatest stack depth: 22832 bytes left [ 12.249867][ T231] sshd (231) used greatest stack depth: 22480 bytes left Warning: Permanently added '10.128.0.205' (ECDSA) to the list of known hosts. execve("./syz-executor2113528050", ["./syz-executor2113528050"], 0x7ffe2ddd60d0 /* 10 vars */) = 0 brk(NULL) = 0x555556d3c000 brk(0x555556d3cc40) = 0x555556d3cc40 arch_prctl(ARCH_SET_FS, 0x555556d3c300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555556d3c5d0) = 322 set_robust_list(0x555556d3c5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f3264db75b0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f3264db7c80}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f3264db7650, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3264db7c80}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2113528050", 4096) = 28 brk(0x555556d5dc40) = 0x555556d5dc40 brk(0x555556d5e000) = 0x555556d5e000 mprotect(0x7f3264e7a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d3c5d0) = 323 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d3c5d0) = 324 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d3c5d0) = 325 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d3c5d0) = 326 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d3c5d0) = 327 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d3c5d0) = 328 ./strace-static-x86_64: Process 323 attached [pid 323] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 323] getpid(./strace-static-x86_64: Process 327 attached ) = 323 [pid 327] set_robust_list(0x555556d3c5e0, 24 [pid 323] mkdir("./syzkaller.kKVGMB", 0700) = 0 [pid 327] <... set_robust_list resumed>) = 0 [pid 327] getpid() = 327 [pid 327] mkdir("./syzkaller.TXw6mW", 0700) = 0 [pid 327] chmod("./syzkaller.TXw6mW", 0777) = 0 [pid 327] chdir("./syzkaller.TXw6mW") = 0 [pid 327] mkdir("./0", 0777 [pid 323] chmod("./syzkaller.kKVGMB", 0777) = 0 [pid 327] <... mkdir resumed>) = 0 [pid 323] chdir("./syzkaller.kKVGMB") = 0 [pid 323] mkdir("./0", 0777./strace-static-x86_64: Process 328 attached ) = 0 [pid 327] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 326 attached ./strace-static-x86_64: Process 325 attached ./strace-static-x86_64: Process 324 attached [pid 328] set_robust_list(0x555556d3c5e0, 24 [pid 327] <... openat resumed>) = 3 [pid 323] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 328] <... set_robust_list resumed>) = 0 [pid 328] getpid() = 328 [pid 328] mkdir("./syzkaller.NSfErY", 0700) = 0 [pid 328] chmod("./syzkaller.NSfErY", 0777) = 0 [pid 328] chdir("./syzkaller.NSfErY") = 0 [pid 328] mkdir("./0", 0777) = 0 [pid 326] set_robust_list(0x555556d3c5e0, 24 [pid 325] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 324] set_robust_list(0x555556d3c5e0, 24 [pid 326] <... set_robust_list resumed>) = 0 [pid 323] <... openat resumed>) = 3 [pid 325] getpid( [pid 326] getpid( [pid 323] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 324] <... set_robust_list resumed>) = 0 [pid 324] getpid( [pid 326] <... getpid resumed>) = 326 [pid 326] mkdir("./syzkaller.WypNQS", 0700 [pid 325] <... getpid resumed>) = 325 [pid 325] mkdir("./syzkaller.wSippK", 0700 [pid 323] close(3 [pid 328] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 326] <... mkdir resumed>) = 0 [pid 328] <... openat resumed>) = 3 [pid 324] <... getpid resumed>) = 324 [pid 323] <... close resumed>) = 0 [pid 325] <... mkdir resumed>) = 0 [pid 324] mkdir("./syzkaller.mqGGgF", 0700 [pid 327] ioctl(3, LOOP_CLR_FD [pid 323] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 328] ioctl(3, LOOP_CLR_FD [pid 327] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 328] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 324] <... mkdir resumed>) = 0 [pid 327] close(3 [pid 328] close(3 [pid 327] <... close resumed>) = 0 ./strace-static-x86_64: Process 330 attached [pid 330] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 330] chdir("./0") = 0 [pid 330] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 330] setpgid(0, 0) = 0 [pid 330] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 328] <... close resumed>) = 0 [pid 330] <... openat resumed>) = 3 [pid 330] write(3, "1000", 4 [pid 328] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 330] <... write resumed>) = 4 [pid 330] close(3 [pid 327] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 330] <... close resumed>) = 0 [pid 330] symlink("/dev/binderfs", "./binderfs") = 0 [pid 330] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 330] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 330] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 330] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[333], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 333 [pid 330] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 330] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 325] chmod("./syzkaller.wSippK", 0777) = 0 [pid 326] chmod("./syzkaller.WypNQS", 0777) = 0 [pid 325] chdir("./syzkaller.wSippK") = 0 [pid 325] mkdir("./0", 0777 [pid 326] chdir("./syzkaller.WypNQS") = 0 [pid 327] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 332 [pid 328] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 334 [pid 326] mkdir("./0", 0777 [pid 324] chmod("./syzkaller.mqGGgF", 0777) = 0 [pid 325] <... mkdir resumed>) = 0 [pid 323] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 330 [pid 324] chdir("./syzkaller.mqGGgF" [pid 326] <... mkdir resumed>) = 0 [pid 324] <... chdir resumed>) = 0 [pid 324] mkdir("./0", 0777) = 0 ./strace-static-x86_64: Process 332 attached ./strace-static-x86_64: Process 334 attached [pid 332] set_robust_list(0x555556d3c5e0, 24./strace-static-x86_64: Process 333 attached [pid 334] set_robust_list(0x555556d3c5e0, 24 [pid 332] <... set_robust_list resumed>) = 0 [pid 325] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 326] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 325] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 326] <... openat resumed>) = 3 [pid 325] close(3) = 0 [pid 324] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 326] ioctl(3, LOOP_CLR_FD [pid 325] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 326] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 324] <... openat resumed>) = 3 [pid 326] close(3) = 0 [pid 324] ioctl(3, LOOP_CLR_FD [pid 326] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 324] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 324] close(3) = 0 [pid 324] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 325] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 335 [pid 326] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 336 [pid 324] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 337 ./strace-static-x86_64: Process 335 attached [pid 335] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 335] chdir("./0") = 0 [pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 19.362489][ T30] audit: type=1400 audit(1677067372.410:62): avc: denied { execmem } for pid=322 comm="syz-executor211" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 19.370114][ T30] audit: type=1400 audit(1677067372.420:63): avc: denied { read write } for pid=327 comm="syz-executor211" name="loop4" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 19.378009][ T30] audit: type=1400 audit(1677067372.420:64): avc: denied { open } for pid=327 comm="syz-executor211" path="/dev/loop4" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 335] setpgid(0, 0) = 0 [pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 335] write(3, "1000", 4) = 4 [pid 335] close(3 [pid 334] <... set_robust_list resumed>) = 0 [pid 335] <... close resumed>) = 0 [pid 335] symlink("/dev/binderfs", "./binderfs") = 0 [pid 335] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 334] chdir("./0" [pid 333] set_robust_list(0x7f3264da69e0, 24 [pid 332] chdir("./0" [pid 335] <... mmap resumed>) = 0x7f3264d86000 [pid 334] <... chdir resumed>) = 0 [pid 333] <... set_robust_list resumed>) = 0 [pid 332] <... chdir resumed>) = 0 [pid 335] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE [pid 334] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 333] memfd_create("syzkaller", 0 [pid 332] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 335] <... mprotect resumed>) = 0 [pid 334] <... prctl resumed>) = 0 [pid 333] <... memfd_create resumed>) = 3 [pid 332] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 336 attached ./strace-static-x86_64: Process 337 attached [pid 335] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 334] setpgid(0, 0 [pid 333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 332] setpgid(0, 0 [pid 336] set_robust_list(0x555556d3c5e0, 24 [pid 334] <... setpgid resumed>) = 0 [pid 333] <... mmap resumed>) = 0x7f325c986000 [pid 332] <... setpgid resumed>) = 0 [pid 337] set_robust_list(0x555556d3c5e0, 24 [pid 336] <... set_robust_list resumed>) = 0 [pid 335] <... clone resumed>, parent_tid=[338], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 338 [pid 334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 335] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 335] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 338 attached [pid 338] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 338] memfd_create("syzkaller", 0 [pid 337] <... set_robust_list resumed>) = 0 [pid 336] chdir("./0" [pid 332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 337] chdir("./0" [pid 336] <... chdir resumed>) = 0 [pid 334] <... openat resumed>) = 3 [pid 332] <... openat resumed>) = 3 [pid 337] <... chdir resumed>) = 0 [pid 336] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 334] write(3, "1000", 4 [pid 332] write(3, "1000", 4 [pid 337] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 336] <... prctl resumed>) = 0 [pid 334] <... write resumed>) = 4 [pid 332] <... write resumed>) = 4 [pid 337] <... prctl resumed>) = 0 [pid 336] setpgid(0, 0 [pid 334] close(3 [pid 332] close(3 [pid 337] setpgid(0, 0 [pid 336] <... setpgid resumed>) = 0 [pid 334] <... close resumed>) = 0 [pid 332] <... close resumed>) = 0 [pid 337] <... setpgid resumed>) = 0 [pid 336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 334] symlink("/dev/binderfs", "./binderfs" [pid 332] symlink("/dev/binderfs", "./binderfs" [pid 337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 336] <... openat resumed>) = 3 [pid 334] <... symlink resumed>) = 0 [pid 337] <... openat resumed>) = 3 [pid 336] write(3, "1000", 4 [pid 334] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... symlink resumed>) = 0 [pid 337] write(3, "1000", 4 [pid 336] <... write resumed>) = 4 [pid 334] <... futex resumed>) = 0 [pid 332] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 337] <... write resumed>) = 4 [pid 336] close(3 [pid 334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 332] <... futex resumed>) = 0 [pid 338] <... memfd_create resumed>) = 3 [pid 337] close(3 [pid 336] <... close resumed>) = 0 [pid 334] <... mmap resumed>) = 0x7f3264d86000 [pid 332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 337] <... close resumed>) = 0 [pid 336] symlink("/dev/binderfs", "./binderfs" [pid 334] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE [pid 332] <... mmap resumed>) = 0x7f3264d86000 [pid 338] <... mmap resumed>) = 0x7f325c986000 [pid 337] symlink("/dev/binderfs", "./binderfs" [pid 336] <... symlink resumed>) = 0 [pid 334] <... mprotect resumed>) = 0 [pid 332] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE [pid 337] <... symlink resumed>) = 0 [pid 336] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 332] <... mprotect resumed>) = 0 [pid 337] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 336] <... futex resumed>) = 0 [pid 332] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 337] <... futex resumed>) = 0 [pid 336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 334] <... clone resumed>, parent_tid=[340], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 340 [pid 337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 336] <... mmap resumed>) = 0x7f3264d86000 [pid 334] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... clone resumed>, parent_tid=[341], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 341 [pid 337] <... mmap resumed>) = 0x7f3264d86000 [pid 336] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE [pid 334] <... futex resumed>) = 0 [pid 332] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 337] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE [pid 336] <... mprotect resumed>) = 0 [pid 334] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 332] <... futex resumed>) = 0 [pid 337] <... mprotect resumed>) = 0 [pid 336] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 332] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 337] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 340 attached ./strace-static-x86_64: Process 343 attached ./strace-static-x86_64: Process 342 attached [pid 336] <... clone resumed>, parent_tid=[342], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 342 [pid 333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 343] set_robust_list(0x7f3264da69e0, 24 [pid 342] set_robust_list(0x7f3264da69e0, 24 [pid 340] set_robust_list(0x7f3264da69e0, 24 [pid 337] <... clone resumed>, parent_tid=[343], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 343 [pid 336] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... set_robust_list resumed>) = 0 [pid 337] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 336] <... futex resumed>) = 0 [pid 340] memfd_create("syzkaller", 0 [pid 337] <... futex resumed>) = 0 [pid 336] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 343] <... set_robust_list resumed>) = 0 [pid 340] <... memfd_create resumed>) = 3 [pid 337] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 343] memfd_create("syzkaller", 0 [pid 342] <... set_robust_list resumed>) = 0 [pid 340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 341 attached [pid 343] <... memfd_create resumed>) = 3 [pid 342] memfd_create("syzkaller", 0 [pid 340] <... mmap resumed>) = 0x7f325c986000 [pid 343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 341] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 341] memfd_create("syzkaller", 0) = 3 [pid 341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [pid 343] <... mmap resumed>) = 0x7f325c986000 [pid 342] <... memfd_create resumed>) = 3 [ 19.403598][ T30] audit: type=1400 audit(1677067372.420:65): avc: denied { ioctl } for pid=323 comm="syz-executor211" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 333] <... write resumed>) = 2097152 [pid 342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [pid 333] munmap(0x7f325c986000, 2097152) = 0 [pid 338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 333] ioctl(4, LOOP_SET_FD, 3 [pid 342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 340] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 341] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 343] munmap(0x7f325c986000, 2097152 [pid 342] <... write resumed>) = 2097152 [pid 340] <... write resumed>) = 2097152 [pid 343] <... munmap resumed>) = 0 [pid 342] munmap(0x7f325c986000, 2097152 [pid 340] munmap(0x7f325c986000, 2097152 [pid 333] <... ioctl resumed>) = 0 [pid 343] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 342] <... munmap resumed>) = 0 [pid 340] <... munmap resumed>) = 0 [pid 333] close(3 [pid 343] <... openat resumed>) = 4 [pid 342] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 340] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 333] <... close resumed>) = 0 [pid 343] ioctl(4, LOOP_SET_FD, 3 [pid 341] <... write resumed>) = 2097152 [pid 341] munmap(0x7f325c986000, 2097152) = 0 [pid 341] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 19.484691][ T333] loop0: detected capacity change from 0 to 4096 [pid 341] ioctl(4, LOOP_SET_FD, 3 [pid 340] <... openat resumed>) = 4 [pid 341] <... ioctl resumed>) = 0 [pid 341] close(3) = 0 [pid 341] mkdir("./file0", 0777) = 0 [pid 341] mount("/dev/loop4", "./file0", "ext4", 0, ",errors=continue" [pid 343] <... ioctl resumed>) = 0 [pid 342] <... openat resumed>) = 4 [pid 340] ioctl(4, LOOP_SET_FD, 3 [pid 338] <... write resumed>) = 2097152 [pid 333] mkdir("./file0", 0777 [pid 343] close(3 [pid 342] ioctl(4, LOOP_SET_FD, 3 [pid 338] munmap(0x7f325c986000, 2097152 [pid 333] <... mkdir resumed>) = 0 [pid 338] <... munmap resumed>) = 0 [pid 333] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue" [pid 338] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 19.528464][ T341] loop4: detected capacity change from 0 to 4096 [ 19.529632][ T343] loop1: detected capacity change from 0 to 4096 [ 19.538006][ T30] audit: type=1400 audit(1677067372.580:66): avc: denied { mounton } for pid=332 comm="syz-executor211" path="/root/syzkaller.TXw6mW/0/file0" dev="sda1" ino=1156 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 19.565951][ T340] loop5: detected capacity change from 0 to 4096 [ 19.570358][ T338] loop2: detected capacity change from 0 to 4096 [pid 338] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 338] close(3) = 0 [pid 338] mkdir("./file0", 0777) = 0 [pid 338] mount("/dev/loop2", "./file0", "ext4", 0, ",errors=continue" [pid 343] <... close resumed>) = 0 [pid 343] mkdir("./file0", 0777) = 0 [pid 343] mount("/dev/loop1", "./file0", "ext4", 0, ",errors=continue" [pid 340] <... ioctl resumed>) = 0 [pid 340] close(3) = 0 [pid 340] mkdir("./file0", 0777) = 0 [pid 340] mount("/dev/loop5", "./file0", "ext4", 0, ",errors=continue" [pid 342] <... ioctl resumed>) = 0 [pid 342] close(3) = 0 [pid 342] mkdir("./file0", 0777 [pid 341] <... mount resumed>) = 0 [pid 341] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 342] <... mkdir resumed>) = 0 [pid 341] chdir("./file0") = 0 [pid 341] ioctl(4, LOOP_CLR_FD) = 0 [pid 341] close(4) = 0 [ 19.574537][ T342] loop3: detected capacity change from 0 to 4096 [ 19.591797][ T341] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 19.603149][ T30] audit: type=1400 audit(1677067372.650:67): avc: denied { mount } for pid=332 comm="syz-executor211" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [pid 342] mount("/dev/loop3", "./file0", "ext4", 0, ",errors=continue" [pid 341] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 341] <... futex resumed>) = 1 [pid 341] creat("./bus", 000) = 4 [pid 341] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 332] <... futex resumed>) = 0 [pid 341] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 332] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 341] <... mount resumed>) = 0 [pid 332] <... futex resumed>) = 0 [pid 341] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 341] <... futex resumed>) = 0 [pid 332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 341] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 332] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 341] <... open resumed>) = 5 [pid 332] <... futex resumed>) = 0 [pid 341] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 341] <... futex resumed>) = 0 [pid 332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 341] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 332] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 341] <... openat resumed>) = 6 [pid 332] <... futex resumed>) = 0 [pid 341] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 341] <... futex resumed>) = 0 [pid 332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 341] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 332] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 338] <... mount resumed>) = 0 [pid 332] <... futex resumed>) = 0 [pid 338] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 332] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 338] <... openat resumed>) = 3 [pid 338] chdir("./file0") = 0 [pid 338] ioctl(4, LOOP_CLR_FD) = 0 [pid 338] close(4) = 0 [pid 338] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 338] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 335] <... futex resumed>) = 0 [pid 335] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 338] <... futex resumed>) = 0 [pid 335] <... futex resumed>) = 1 [pid 338] creat("./bus", 000 [ 19.631918][ T30] audit: type=1400 audit(1677067372.680:68): avc: denied { write } for pid=332 comm="syz-executor211" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 19.654948][ T333] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 19.665894][ T343] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 335] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 343] <... mount resumed>) = 0 [pid 338] <... creat resumed>) = 4 [pid 333] <... mount resumed>) = 0 [pid 338] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 338] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 341] <... write resumed>) = 1507328 [pid 341] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 332] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 332] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 341] <... futex resumed>) = 1 [pid 341] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 335] <... futex resumed>) = 0 [pid 343] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 335] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 343] <... openat resumed>) = 3 [pid 338] <... futex resumed>) = 0 [pid 335] <... futex resumed>) = 1 [pid 333] <... openat resumed>) = 3 [pid 343] chdir("./file0" [pid 342] <... mount resumed>) = 0 [pid 338] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 335] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] chdir("./file0" [pid 338] <... mount resumed>) = 0 [pid 338] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 343] <... chdir resumed>) = 0 [pid 342] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 333] <... chdir resumed>) = 0 [pid 343] ioctl(4, LOOP_CLR_FD [pid 342] <... openat resumed>) = 3 [pid 335] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] ioctl(4, LOOP_CLR_FD [pid 343] <... ioctl resumed>) = 0 [pid 342] chdir("./file0" [pid 338] <... futex resumed>) = 0 [pid 335] <... futex resumed>) = 1 [ 19.680001][ T340] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 19.680682][ T342] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 19.701588][ T30] audit: type=1400 audit(1677067372.680:69): avc: denied { add_name } for pid=332 comm="syz-executor211" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [pid 333] <... ioctl resumed>) = 0 [pid 343] close(4 [pid 342] <... chdir resumed>) = 0 [pid 338] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 335] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] close(4 [pid 343] <... close resumed>) = 0 [pid 342] ioctl(4, LOOP_CLR_FD [pid 338] <... open resumed>) = 5 [pid 333] <... close resumed>) = 0 [pid 343] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... ioctl resumed>) = 0 [pid 338] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 343] <... futex resumed>) = 1 [pid 342] close(4 [pid 338] <... futex resumed>) = 1 [pid 337] <... futex resumed>) = 0 [pid 335] <... futex resumed>) = 0 [pid 333] <... futex resumed>) = 1 [pid 330] <... futex resumed>) = 0 [pid 343] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 342] <... close resumed>) = 0 [pid 338] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 337] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 330] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 342] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... mount resumed>) = 0 [pid 338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 337] <... futex resumed>) = 0 [pid 335] <... futex resumed>) = 0 [pid 333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 330] <... futex resumed>) = 0 [pid 343] creat("./bus", 000 [pid 342] <... futex resumed>) = 1 [pid 340] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 338] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 337] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 336] <... futex resumed>) = 0 [pid 335] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] creat("./bus", 000 [pid 330] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 343] <... creat resumed>) = 4 [pid 342] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 340] <... openat resumed>) = 3 [pid 338] <... openat resumed>) = 6 [pid 336] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... creat resumed>) = 4 [pid 343] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 340] chdir("./file0" [pid 338] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 336] <... futex resumed>) = 0 [pid 333] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 343] <... futex resumed>) = 1 [pid 342] creat("./bus", 000 [pid 340] <... chdir resumed>) = 0 [pid 338] <... futex resumed>) = 1 [pid 337] <... futex resumed>) = 0 [pid 336] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 335] <... futex resumed>) = 0 [pid 333] <... futex resumed>) = 1 [pid 330] <... futex resumed>) = 0 [pid 343] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 342] <... creat resumed>) = 4 [pid 340] ioctl(4, LOOP_CLR_FD [pid 338] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 337] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 330] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 342] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... ioctl resumed>) = 0 [pid 338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 337] <... futex resumed>) = 0 [pid 335] <... futex resumed>) = 0 [pid 333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 330] <... futex resumed>) = 0 [pid 343] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 342] <... futex resumed>) = 1 [pid 340] close(4 [pid 338] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 337] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 336] <... futex resumed>) = 0 [pid 335] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 330] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 343] <... mount resumed>) = 0 [pid 342] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 340] <... close resumed>) = 0 [pid 336] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... mount resumed>) = 0 [pid 343] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 340] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 336] <... futex resumed>) = 0 [pid 333] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 343] <... futex resumed>) = 1 [pid 342] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 340] <... futex resumed>) = 1 [pid 337] <... futex resumed>) = 0 [pid 336] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 0 [pid 333] <... futex resumed>) = 1 [pid 330] <... futex resumed>) = 0 [pid 343] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 342] <... mount resumed>) = 0 [pid 340] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 337] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 330] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 342] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 337] <... futex resumed>) = 0 [pid 334] <... futex resumed>) = 0 [pid 333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 330] <... futex resumed>) = 0 [pid 343] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 342] <... futex resumed>) = 1 [pid 340] creat("./bus", 000 [pid 337] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 336] <... futex resumed>) = 0 [pid 334] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 330] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 343] <... open resumed>) = 5 [pid 342] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 340] <... creat resumed>) = 4 [pid 336] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... open resumed>) = 5 [pid 343] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 340] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 336] <... futex resumed>) = 0 [pid 333] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 343] <... futex resumed>) = 1 [pid 342] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 340] <... futex resumed>) = 1 [pid 337] <... futex resumed>) = 0 [pid 336] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 0 [pid 333] <... futex resumed>) = 1 [pid 330] <... futex resumed>) = 0 [pid 343] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 342] <... open resumed>) = 5 [pid 340] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 337] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 330] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 342] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 338] <... write resumed>) = 1507328 [pid 337] <... futex resumed>) = 0 [pid 334] <... futex resumed>) = 0 [pid 333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 330] <... futex resumed>) = 0 [pid 343] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 342] <... futex resumed>) = 1 [pid 340] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 338] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 337] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 336] <... futex resumed>) = 0 [pid 334] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 330] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 343] <... openat resumed>) = 6 [pid 342] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 341] <... write resumed>) = 2097152 [pid 340] <... mount resumed>) = 0 [pid 338] <... futex resumed>) = 1 [pid 336] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] <... futex resumed>) = 0 [pid 333] <... openat resumed>) = 6 [pid 343] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 341] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 338] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 336] <... futex resumed>) = 0 [pid 335] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] exit_group(0 [pid 343] <... futex resumed>) = 1 [pid 342] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 340] <... futex resumed>) = 1 [pid 338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 337] <... futex resumed>) = 0 [pid 336] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 335] <... futex resumed>) = 0 [pid 334] <... futex resumed>) = 0 [pid 333] <... futex resumed>) = 1 [pid 332] <... exit_group resumed>) = ? [pid 341] <... futex resumed>) = ? [pid 330] <... futex resumed>) = 0 [ 19.723170][ T30] audit: type=1400 audit(1677067372.680:70): avc: denied { create } for pid=332 comm="syz-executor211" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 19.744220][ T30] audit: type=1400 audit(1677067372.700:71): avc: denied { write open } for pid=332 comm="syz-executor211" path="/root/syzkaller.TXw6mW/0/file0/bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [pid 343] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 342] <... openat resumed>) = 6 [pid 340] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 338] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 337] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 330] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 342] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 337] <... futex resumed>) = 0 [pid 334] <... futex resumed>) = 0 [pid 333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 330] <... futex resumed>) = 0 [pid 343] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 342] <... futex resumed>) = 1 [pid 340] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 337] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 336] <... futex resumed>) = 0 [pid 334] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 330] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 343] <... write resumed>) = 1507328 [pid 342] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 341] +++ exited with 0 +++ [pid 340] <... open resumed>) = 5 [pid 336] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] +++ exited with 0 +++ [pid 343] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 340] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 336] <... futex resumed>) = 0 [pid 327] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=332, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 343] <... futex resumed>) = 1 [pid 342] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 340] <... futex resumed>) = 1 [pid 337] <... futex resumed>) = 0 [pid 336] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 0 [pid 333] <... write resumed>) = 1507328 [pid 343] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 338] <... write resumed>) = 2097152 [pid 333] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 330] <... futex resumed>) = 0 [pid 340] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 337] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 335] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 338] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 330] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 343] <... futex resumed>) = 0 [pid 340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 338] <... futex resumed>) = 0 [pid 337] <... futex resumed>) = 1 [pid 335] exit_group(0 [pid 334] <... futex resumed>) = 0 [pid 333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 330] <... futex resumed>) = 0 [pid 343] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 340] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 337] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 335] <... exit_group resumed>) = ? [pid 334] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 330] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] <... openat resumed>) = 6 [pid 338] +++ exited with 0 +++ [pid 335] +++ exited with 0 +++ [pid 325] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=335, si_uid=0, si_status=0, si_utime=1, si_stime=5} --- [pid 340] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 340] <... futex resumed>) = 1 [pid 334] <... futex resumed>) = 0 [pid 327] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 340] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 334] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [ 19.819426][ T341] syz-executor211 (341) used greatest stack depth: 21408 bytes left [pid 327] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 334] <... futex resumed>) = 0 [pid 325] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 327] <... openat resumed>) = 3 [pid 340] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 334] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 325] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 327] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 325] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 327] getdents64(3, 0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 325] <... openat resumed>) = 3 [pid 327] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 325] fstat(3, [pid 327] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 325] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 327] lstat("./0/binderfs", [pid 325] getdents64(3, [pid 327] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 327] unlink("./0/binderfs" [pid 325] <... getdents64 resumed>0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 327] <... unlink resumed>) = 0 [pid 327] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 325] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 342] <... write resumed>) = 1507328 [pid 342] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 336] <... futex resumed>) = 0 [pid 336] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 336] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 342] <... futex resumed>) = 1 [pid 342] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 325] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 325] unlink("./0/binderfs") = 0 [pid 325] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 337] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 330] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 334] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 334] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f325cb65000 [pid 334] mprotect(0x7f325cb66000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 334] clone(child_stack=0x7f325cb853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 336] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 334] <... clone resumed>, parent_tid=[361], tls=0x7f325cb85700, child_tidptr=0x7f325cb859d0) = 361 [pid 334] futex(0x7f3264e807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 19.891339][ T357] EXT4-fs error (device loop4): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:4: bad extent address lblock: 0, depth: 1 pblock 0 [ 19.907353][ T10] EXT4-fs error (device loop2): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:1: bad extent address lblock: 0, depth: 1 pblock 0 [pid 334] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 361 attached [pid 361] set_robust_list(0x7f325cb859e0, 24) = 0 [pid 361] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 342] <... write resumed>) = 2097152 [pid 342] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 342] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 336] exit_group(0) = ? [pid 342] <... futex resumed>) = ? [pid 342] +++ exited with 0 +++ [pid 336] +++ exited with 0 +++ [pid 326] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=336, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [ 19.946544][ T357] EXT4-fs (loop4): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 19.959622][ T10] EXT4-fs (loop2): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 19.976493][ T340] EXT4-fs error (device loop5): ext4_ext_map_blocks:4121: inode #19: comm syz-executor211: bad extent address lblock: 326, depth: 1 pblock 0 [pid 326] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 334] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 343] <... write resumed>) = 2097152 [pid 326] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 343] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 343] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 337] exit_group(0 [pid 343] <... futex resumed>) = ? [pid 337] <... exit_group resumed>) = ? [pid 343] +++ exited with 0 +++ [pid 337] +++ exited with 0 +++ [pid 326] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 324] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=337, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 326] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 326] getdents64(3, 0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 324] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 326] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 324] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 326] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 326] lstat("./0/binderfs", [pid 324] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 326] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 324] <... openat resumed>) = 3 [pid 326] unlink("./0/binderfs" [pid 324] fstat(3, [pid 326] <... unlink resumed>) = 0 [pid 326] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 324] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 333] <... write resumed>) = 2097152 [pid 324] getdents64(3, [pid 333] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 330] exit_group(0 [pid 324] <... getdents64 resumed>0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 333] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 324] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 333] <... futex resumed>) = ? [pid 330] <... exit_group resumed>) = ? [pid 324] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 333] +++ exited with 0 +++ [pid 330] +++ exited with 0 +++ [pid 324] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 324] unlink("./0/binderfs" [pid 323] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=330, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 324] <... unlink resumed>) = 0 [pid 324] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 323] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 323] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 323] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 323] getdents64(3, 0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 323] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 323] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 323] unlink("./0/binderfs") = 0 [ 19.992443][ T357] EXT4-fs (loop4): This should not happen!! Data will be lost [ 19.992443][ T357] [ 20.002931][ T10] EXT4-fs (loop2): This should not happen!! Data will be lost [ 20.002931][ T10] [ 20.014143][ T340] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:437: comm syz-executor211: Invalid block bitmap block 0 in block_group 0 [ 20.031573][ T45] EXT4-fs error (device loop3): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:2: bad extent address lblock: 0, depth: 1 pblock 0 [pid 323] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 361] <... write resumed>) = 2097152 [ 20.060738][ T10] EXT4-fs error (device loop1): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:1: bad extent address lblock: 0, depth: 1 pblock 0 [ 20.075569][ T352] EXT4-fs error (device loop0): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:3: bad extent address lblock: 0, depth: 1 pblock 0 [ 20.090565][ T340] EXT4-fs error (device loop5): ext4_discard_preallocations:5045: comm syz-executor211: Error -117 reading block bitmap for 0 [pid 361] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f3264e807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 325] <... umount2 resumed>) = 0 [ 20.098992][ T10] EXT4-fs (loop1): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 20.104167][ T352] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 20.117600][ T10] EXT4-fs (loop1): This should not happen!! Data will be lost [ 20.117600][ T10] [ 20.135808][ T352] EXT4-fs (loop0): This should not happen!! Data will be lost [ 20.135808][ T352] [ 20.147584][ T45] EXT4-fs (loop3): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [pid 325] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 325] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 325] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 325] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 325] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 325] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 325] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 325] close(4) = 0 [pid 325] rmdir("./0/file0") = 0 [pid 325] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 325] close(3) = 0 [pid 325] rmdir("./0") = 0 [pid 325] mkdir("./1", 0777) = 0 [pid 325] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 325] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 325] close(3) = 0 [pid 325] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d3c5d0) = 365 ./strace-static-x86_64: Process 365 attached [pid 365] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 365] chdir("./1") = 0 [pid 365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 365] setpgid(0, 0) = 0 [pid 365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 365] write(3, "1000", 4) = 4 [pid 365] close(3) = 0 [pid 365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 365] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 365] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 365] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[366], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 366 [pid 365] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 20.157989][ T340] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5805: Corrupt filesystem [ 20.169346][ T340] EXT4-fs error (device loop5): ext4_ext_truncate:4402: inode #19: comm syz-executor211: mark_inode_dirty error [ 20.180423][ T45] EXT4-fs (loop3): This should not happen!! Data will be lost [ 20.180423][ T45] [ 20.188392][ T340] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5805: Corrupt filesystem [pid 365] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 366 attached [pid 366] set_robust_list(0x7f3264da69e0, 24 [pid 340] <... write resumed>) = 1335296 [pid 324] <... umount2 resumed>) = 0 [pid 366] <... set_robust_list resumed>) = 0 [pid 340] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 366] memfd_create("syzkaller", 0 [pid 340] <... futex resumed>) = 0 [pid 327] <... umount2 resumed>) = 0 [pid 334] exit_group(0 [pid 366] <... memfd_create resumed>) = 3 [pid 361] <... futex resumed>) = ? [pid 334] <... exit_group resumed>) = ? [pid 327] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 324] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 361] +++ exited with 0 +++ [pid 327] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 324] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 327] lstat("./0/file0", [pid 324] lstat("./0/file0", [pid 366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [pid 327] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 324] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 327] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 324] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 327] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 324] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 327] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 324] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 327] <... openat resumed>) = 4 [pid 327] fstat(4, [pid 324] fstat(4, [pid 327] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 324] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 327] getdents64(4, [pid 324] getdents64(4, [pid 327] <... getdents64 resumed>0x555556d45660 /* 2 entries */, 32768) = 48 [pid 324] <... getdents64 resumed>0x555556d45660 /* 2 entries */, 32768) = 48 [pid 327] getdents64(4, [pid 324] getdents64(4, [pid 327] <... getdents64 resumed>0x555556d45660 /* 0 entries */, 32768) = 0 [pid 324] <... getdents64 resumed>0x555556d45660 /* 0 entries */, 32768) = 0 [pid 327] close(4 [pid 324] close(4 [pid 327] <... close resumed>) = 0 [pid 340] +++ exited with 0 +++ [pid 334] +++ exited with 0 +++ [pid 327] rmdir("./0/file0" [pid 324] <... close resumed>) = 0 [pid 323] <... umount2 resumed>) = 0 [pid 366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 328] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=334, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- [pid 327] <... rmdir resumed>) = 0 [ 20.201098][ T340] EXT4-fs error (device loop5): ext4_truncate:4299: inode #19: comm syz-executor211: mark_inode_dirty error [pid 324] rmdir("./0/file0" [pid 327] getdents64(3, [pid 324] <... rmdir resumed>) = 0 [pid 327] <... getdents64 resumed>0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 328] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 327] close(3 [pid 324] getdents64(3, [pid 323] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 328] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 327] <... close resumed>) = 0 [pid 323] lstat("./0/file0", [pid 324] <... getdents64 resumed>0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 323] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 323] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 328] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 327] rmdir("./0" [pid 324] close(3 [pid 323] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 323] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 323] fstat(4, [pid 327] <... rmdir resumed>) = 0 [pid 328] <... openat resumed>) = 3 [pid 324] <... close resumed>) = 0 [pid 327] mkdir("./1", 0777 [pid 328] fstat(3, [pid 323] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 323] getdents64(4, [pid 328] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 324] rmdir("./0" [pid 323] <... getdents64 resumed>0x555556d45660 /* 2 entries */, 32768) = 48 [pid 323] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 327] <... mkdir resumed>) = 0 [pid 323] close(4 [pid 328] getdents64(3, [pid 323] <... close resumed>) = 0 [pid 323] rmdir("./0/file0" [pid 324] <... rmdir resumed>) = 0 [pid 328] <... getdents64 resumed>0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 327] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 324] mkdir("./1", 0777 [pid 328] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 323] <... rmdir resumed>) = 0 [pid 323] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 328] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 324] <... mkdir resumed>) = 0 [pid 328] lstat("./0/binderfs", [pid 327] <... openat resumed>) = 3 [pid 323] close(3 [pid 328] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 327] ioctl(3, LOOP_CLR_FD [pid 324] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 323] <... close resumed>) = 0 [pid 328] unlink("./0/binderfs" [pid 327] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 323] rmdir("./0" [pid 328] <... unlink resumed>) = 0 [pid 327] close(3 [pid 324] <... openat resumed>) = 3 [pid 323] <... rmdir resumed>) = 0 [pid 328] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 327] <... close resumed>) = 0 [pid 324] ioctl(3, LOOP_CLR_FD [pid 323] mkdir("./1", 0777) = 0 [pid 323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 323] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 323] close(3) = 0 [pid 323] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d3c5d0) = 367 ./strace-static-x86_64: Process 367 attached [pid 367] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 327] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 324] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 367] chdir("./1") = 0 [pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 327] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 368 [pid 324] close(3 [pid 367] setpgid(0, 0 [pid 324] <... close resumed>) = 0 [pid 324] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d3c5d0) = 369 ./strace-static-x86_64: Process 369 attached [pid 369] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 369] chdir("./1") = 0 [pid 369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 369] setpgid(0, 0) = 0 [pid 369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 369] write(3, "1000", 4) = 4 [pid 369] close(3) = 0 [pid 367] <... setpgid resumed>) = 0 [pid 369] symlink("/dev/binderfs", "./binderfs" [pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 369] <... symlink resumed>) = 0 [pid 369] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 369] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE [pid 367] <... openat resumed>) = 3 [pid 367] write(3, "1000", 4) = 4 [pid 367] close(3) = 0 [pid 369] <... mprotect resumed>) = 0 [pid 367] symlink("/dev/binderfs", "./binderfs" [pid 369] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[370], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 370 [pid 369] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 369] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 367] <... symlink resumed>) = 0 [pid 367] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 367] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 367] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[371], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 371 [pid 367] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 370 attached [pid 366] <... write resumed>) = 2097152 ./strace-static-x86_64: Process 368 attached [pid 368] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 368] chdir("./1") = 0 [pid 368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 368] setpgid(0, 0) = 0 [pid 368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 368] write(3, "1000", 4) = 4 [pid 368] close(3) = 0 [pid 368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 368] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 368] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 368] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[372], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 372 [pid 368] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 371 attached [pid 371] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 371] memfd_create("syzkaller", 0) = 3 [pid 371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 ./strace-static-x86_64: Process 372 attached [pid 372] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 372] memfd_create("syzkaller", 0) = 3 [pid 372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [ 20.246797][ T8] EXT4-fs error (device loop5): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:0: bad extent address lblock: 0, depth: 1 pblock 0 [ 20.278241][ T8] EXT4-fs (loop5): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [pid 366] munmap(0x7f325c986000, 2097152 [pid 326] <... umount2 resumed>) = 0 [pid 370] set_robust_list(0x7f3264da69e0, 24 [pid 366] <... munmap resumed>) = 0 [pid 326] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 370] <... set_robust_list resumed>) = 0 [pid 370] memfd_create("syzkaller", 0 [pid 326] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 326] lstat("./0/file0", [pid 370] <... memfd_create resumed>) = 3 [pid 326] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 326] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 366] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 370] <... mmap resumed>) = 0x7f325c986000 [pid 366] <... openat resumed>) = 4 [pid 326] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 371] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 366] ioctl(4, LOOP_SET_FD, 3 [pid 326] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 366] <... ioctl resumed>) = 0 [pid 326] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 326] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 326] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 326] close(4) = 0 [pid 326] rmdir("./0/file0") = 0 [pid 326] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 326] close(3) = 0 [pid 326] rmdir("./0") = 0 [pid 326] mkdir("./1", 0777) = 0 [pid 326] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 326] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 326] close(3) = 0 [pid 326] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 366] close(3) = 0 [pid 326] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 373 [pid 370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 366] mkdir("./file0", 0777) = 0 [pid 366] mount("/dev/loop2", "./file0", "ext4", 0, ",errors=continue"./strace-static-x86_64: Process 373 attached [pid 370] <... write resumed>) = 2097152 [pid 373] set_robust_list(0x555556d3c5e0, 24 [pid 370] munmap(0x7f325c986000, 2097152) = 0 [pid 373] <... set_robust_list resumed>) = 0 [pid 370] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 370] ioctl(4, LOOP_SET_FD, 3 [ 20.296187][ T8] EXT4-fs (loop5): This should not happen!! Data will be lost [ 20.296187][ T8] [ 20.312030][ T366] loop2: detected capacity change from 0 to 4096 [pid 373] chdir("./1") = 0 [pid 373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 373] setpgid(0, 0) = 0 [pid 373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 371] <... write resumed>) = 2097152 [pid 371] munmap(0x7f325c986000, 2097152 [pid 373] <... openat resumed>) = 3 [pid 370] <... ioctl resumed>) = 0 [pid 373] write(3, "1000", 4) = 4 [pid 370] close(3 [pid 373] close(3 [pid 370] <... close resumed>) = 0 [pid 373] <... close resumed>) = 0 [pid 370] mkdir("./file0", 0777 [pid 373] symlink("/dev/binderfs", "./binderfs") = 0 [pid 371] <... munmap resumed>) = 0 [pid 373] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 372] <... write resumed>) = 2097152 [pid 370] <... mkdir resumed>) = 0 [pid 373] <... futex resumed>) = 0 [pid 373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 373] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 373] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 372] munmap(0x7f325c986000, 2097152 [pid 371] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 370] mount("/dev/loop1", "./file0", "ext4", 0, ",errors=continue" [pid 366] <... mount resumed>) = 0 [pid 371] <... openat resumed>) = 4 [pid 371] ioctl(4, LOOP_SET_FD, 3 [pid 373] <... clone resumed>, parent_tid=[376], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 376 [pid 373] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 376 attached ) = 0 [pid 372] <... munmap resumed>) = 0 [pid 366] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 373] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 372] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 366] <... openat resumed>) = 3 [pid 372] ioctl(4, LOOP_SET_FD, 3 [pid 366] chdir("./file0") = 0 [pid 376] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 376] memfd_create("syzkaller", 0 [pid 371] <... ioctl resumed>) = 0 [pid 371] close(3) = 0 [pid 376] <... memfd_create resumed>) = 3 [pid 371] mkdir("./file0", 0777 [pid 376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [pid 371] <... mkdir resumed>) = 0 [pid 371] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue" [pid 328] <... umount2 resumed>) = 0 [pid 372] <... ioctl resumed>) = 0 [pid 366] ioctl(4, LOOP_CLR_FD [pid 328] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 372] close(3 [pid 366] <... ioctl resumed>) = 0 [pid 328] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 372] <... close resumed>) = 0 [pid 366] close(4 [pid 328] lstat("./0/file0", [pid 366] <... close resumed>) = 0 [pid 376] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 372] mkdir("./file0", 0777 [pid 366] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 366] <... futex resumed>) = 1 [pid 365] <... futex resumed>) = 0 [pid 328] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 366] creat("./bus", 000 [pid 365] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 365] <... futex resumed>) = 0 [pid 328] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 366] <... creat resumed>) = 4 [pid 372] <... mkdir resumed>) = 0 [pid 366] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 365] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] <... openat resumed>) = 4 [pid 372] mount("/dev/loop4", "./file0", "ext4", 0, ",errors=continue" [pid 366] <... futex resumed>) = 0 [pid 365] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 328] fstat(4, [pid 366] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 365] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 365] <... futex resumed>) = 0 [pid 365] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 366] <... mount resumed>) = 0 [pid 328] getdents64(4, [pid 366] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 365] <... futex resumed>) = 0 [pid 328] <... getdents64 resumed>0x555556d45660 /* 2 entries */, 32768) = 48 [pid 365] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] <... write resumed>) = 2097152 [ 20.349947][ T370] loop1: detected capacity change from 0 to 4096 [ 20.363652][ T366] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 20.375673][ T371] loop0: detected capacity change from 0 to 4096 [ 20.380345][ T372] loop4: detected capacity change from 0 to 4096 [pid 366] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 328] getdents64(4, [pid 366] <... open resumed>) = 5 [pid 328] <... getdents64 resumed>0x555556d45660 /* 0 entries */, 32768) = 0 [pid 366] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] close(4 [pid 366] <... futex resumed>) = 1 [pid 328] <... close resumed>) = 0 [pid 366] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 328] rmdir("./0/file0") = 0 [pid 328] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 328] close(3) = 0 [pid 328] rmdir("./0") = 0 [pid 328] mkdir("./1", 0777) = 0 [pid 328] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 376] munmap(0x7f325c986000, 2097152 [pid 328] <... openat resumed>) = 3 [pid 376] <... munmap resumed>) = 0 [pid 328] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 376] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 328] close(3 [pid 376] <... openat resumed>) = 4 [pid 328] <... close resumed>) = 0 [pid 376] ioctl(4, LOOP_SET_FD, 3 [pid 328] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 365] <... futex resumed>) = 0 [pid 365] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 380 [pid 366] <... futex resumed>) = 0 [pid 365] <... futex resumed>) = 1 [pid 366] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 365] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 366] <... openat resumed>) = 6 [pid 366] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 365] <... futex resumed>) = 0 [pid 366] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 365] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 365] <... futex resumed>) = 0 [pid 366] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 365] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 380 attached [pid 380] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 380] chdir("./1") = 0 [pid 380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 380] setpgid(0, 0) = 0 [pid 380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 380] write(3, "1000", 4) = 4 [pid 380] close(3) = 0 [pid 380] symlink("/dev/binderfs", "./binderfs") = 0 [pid 380] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 380] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 380] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[384], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 384 [pid 380] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 384 attached [pid 384] set_robust_list(0x7f3264da69e0, 24) = 0 [ 20.416874][ T371] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 20.426926][ T376] loop3: detected capacity change from 0 to 4096 [ 20.447975][ T370] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 384] memfd_create("syzkaller", 0) = 3 [pid 376] <... ioctl resumed>) = 0 [pid 371] <... mount resumed>) = 0 [pid 370] <... mount resumed>) = 0 [pid 366] <... write resumed>) = 1507328 [pid 370] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 370] chdir("./file0") = 0 [pid 370] ioctl(4, LOOP_CLR_FD [pid 366] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] <... ioctl resumed>) = 0 [pid 370] close(4 [pid 366] <... futex resumed>) = 1 [pid 370] <... close resumed>) = 0 [pid 371] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 370] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 366] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 371] <... openat resumed>) = 3 [pid 370] <... futex resumed>) = 1 [pid 384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 371] chdir("./file0" [pid 370] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 384] <... mmap resumed>) = 0x7f325c986000 [pid 376] close(3 [pid 371] <... chdir resumed>) = 0 [pid 384] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 376] <... close resumed>) = 0 [pid 372] <... mount resumed>) = 0 [pid 371] ioctl(4, LOOP_CLR_FD [pid 369] <... futex resumed>) = 0 [pid 365] <... futex resumed>) = 0 [pid 384] <... write resumed>) = 2097152 [pid 376] mkdir("./file0", 0777 [pid 372] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 371] <... ioctl resumed>) = 0 [pid 369] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 365] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 384] munmap(0x7f325c986000, 2097152 [pid 376] <... mkdir resumed>) = 0 [pid 372] <... openat resumed>) = 3 [pid 371] close(4 [pid 370] <... futex resumed>) = 0 [pid 369] <... futex resumed>) = 1 [pid 366] <... futex resumed>) = 0 [pid 365] <... futex resumed>) = 1 [pid 384] <... munmap resumed>) = 0 [pid 376] mount("/dev/loop3", "./file0", "ext4", 0, ",errors=continue" [pid 372] chdir("./file0" [pid 371] <... close resumed>) = 0 [pid 370] creat("./bus", 000 [pid 369] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 20.462015][ T372] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 366] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 365] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 372] <... chdir resumed>) = 0 [pid 371] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] <... creat resumed>) = 4 [pid 384] <... openat resumed>) = 4 [pid 372] ioctl(4, LOOP_CLR_FD [pid 371] <... futex resumed>) = 1 [pid 367] <... futex resumed>) = 0 [pid 384] ioctl(4, LOOP_SET_FD, 3 [pid 372] <... ioctl resumed>) = 0 [pid 371] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 384] <... ioctl resumed>) = 0 [pid 372] close(4 [pid 371] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 370] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] <... futex resumed>) = 0 [pid 372] <... close resumed>) = 0 [pid 371] creat("./bus", 000 [pid 370] <... futex resumed>) = 1 [pid 369] <... futex resumed>) = 0 [pid 367] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] close(3 [pid 372] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 384] <... close resumed>) = 0 [pid 372] <... futex resumed>) = 1 [pid 368] <... futex resumed>) = 0 [pid 384] mkdir("./file0", 0777 [pid 372] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 370] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 369] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 384] <... mkdir resumed>) = 0 [pid 372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 371] <... creat resumed>) = 4 [pid 370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 369] <... futex resumed>) = 0 [pid 368] <... futex resumed>) = 0 [pid 384] mount("/dev/loop5", "./file0", "ext4", 0, ",errors=continue" [pid 372] creat("./bus", 000 [pid 371] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 369] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] <... creat resumed>) = 4 [pid 371] <... futex resumed>) = 1 [pid 370] <... mount resumed>) = 0 [pid 367] <... futex resumed>) = 0 [pid 366] <... write resumed>) = 2097152 [pid 372] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 370] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 372] <... futex resumed>) = 1 [pid 371] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 370] <... futex resumed>) = 1 [pid 369] <... futex resumed>) = 0 [pid 368] <... futex resumed>) = 0 [pid 367] <... futex resumed>) = 0 [pid 372] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 371] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 370] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 369] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 366] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 371] <... mount resumed>) = 0 [pid 370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 369] <... futex resumed>) = 0 [pid 368] <... futex resumed>) = 0 [pid 372] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 371] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 369] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 366] <... futex resumed>) = 1 [pid 365] <... futex resumed>) = 0 [pid 372] <... mount resumed>) = 0 [pid 371] <... futex resumed>) = 1 [pid 370] <... open resumed>) = 5 [pid 367] <... futex resumed>) = 0 [pid 365] exit_group(0 [pid 372] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 370] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 365] <... exit_group resumed>) = ? [pid 372] <... futex resumed>) = 1 [pid 371] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 370] <... futex resumed>) = 1 [pid 369] <... futex resumed>) = 0 [pid 368] <... futex resumed>) = 0 [pid 367] <... futex resumed>) = 0 [pid 372] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 371] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 370] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 369] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 371] <... open resumed>) = 5 [pid 370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 369] <... futex resumed>) = 0 [pid 368] <... futex resumed>) = 0 [pid 372] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 371] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 369] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] <... open resumed>) = 5 [pid 371] <... futex resumed>) = 1 [pid 367] <... futex resumed>) = 0 [pid 372] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 370] <... openat resumed>) = 6 [pid 367] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 372] <... futex resumed>) = 1 [pid 371] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 370] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] <... futex resumed>) = 0 [pid 367] <... futex resumed>) = 0 [pid 372] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 371] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 370] <... futex resumed>) = 1 [pid 369] <... futex resumed>) = 0 [pid 368] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 371] <... openat resumed>) = 6 [pid 370] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 369] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] <... futex resumed>) = 0 [pid 372] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 371] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 366] +++ exited with 0 +++ [pid 365] +++ exited with 0 +++ [pid 372] <... openat resumed>) = 6 [pid 372] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 372] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 368] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 371] <... futex resumed>) = 1 [pid 370] <... write resumed>) = 1507328 [pid 369] <... futex resumed>) = 0 [pid 368] <... futex resumed>) = 0 [pid 367] <... futex resumed>) = 0 [pid 325] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=365, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [ 20.511117][ T384] loop5: detected capacity change from 0 to 4096 [ 20.538954][ T376] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 372] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 368] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] <... mount resumed>) = 0 [pid 372] <... write resumed>) = 1507328 [pid 371] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 369] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 367] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 376] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 372] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 376] <... openat resumed>) = 3 [pid 372] <... futex resumed>) = 1 [pid 368] <... futex resumed>) = 0 [pid 376] chdir("./file0" [pid 372] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 368] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 376] <... chdir resumed>) = 0 [pid 372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 368] <... futex resumed>) = 0 [pid 376] ioctl(4, LOOP_CLR_FD [pid 372] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 368] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] <... ioctl resumed>) = 0 [pid 367] <... futex resumed>) = 0 [pid 376] close(4 [pid 367] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] <... close resumed>) = 0 [pid 325] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 376] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 376] <... futex resumed>) = 1 [pid 373] <... futex resumed>) = 0 [pid 325] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 376] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] <... openat resumed>) = 3 [pid 376] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 373] <... futex resumed>) = 0 [pid 325] fstat(3, [pid 376] creat("./bus", 000 [pid 373] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 325] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 376] <... creat resumed>) = 4 [pid 325] getdents64(3, [pid 376] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] <... getdents64 resumed>0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 376] <... futex resumed>) = 1 [pid 373] <... futex resumed>) = 0 [pid 325] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 376] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 376] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 373] <... futex resumed>) = 0 [pid 325] lstat("./1/binderfs", [pid 384] <... mount resumed>) = 0 [pid 376] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 373] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 325] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 384] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 376] <... mount resumed>) = 0 [pid 370] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] unlink("./1/binderfs" [pid 384] <... openat resumed>) = 3 [pid 376] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] <... futex resumed>) = 1 [pid 369] <... futex resumed>) = 0 [pid 325] <... unlink resumed>) = 0 [pid 384] chdir("./file0" [pid 376] <... futex resumed>) = 1 [pid 373] <... futex resumed>) = 0 [pid 370] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 369] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 384] <... chdir resumed>) = 0 [pid 376] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 369] <... futex resumed>) = 0 [pid 376] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 373] <... futex resumed>) = 0 [pid 376] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [ 20.559375][ T384] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 373] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] <... open resumed>) = 5 [pid 376] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 376] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 376] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 373] <... futex resumed>) = 0 [pid 376] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 373] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 376] <... openat resumed>) = 6 [pid 376] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] <... futex resumed>) = 0 [pid 376] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 376] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 373] <... futex resumed>) = 0 [pid 376] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 373] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] ioctl(4, LOOP_CLR_FD [pid 369] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] <... ioctl resumed>) = 0 [pid 384] close(4) = 0 [pid 384] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 384] creat("./bus", 000 [pid 380] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] <... creat resumed>) = 4 [pid 384] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 380] <... futex resumed>) = 0 [pid 380] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] <... futex resumed>) = 1 [pid 368] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 384] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL) = 0 [pid 384] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 380] <... futex resumed>) = 0 [pid 380] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 367] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 384] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 380] <... futex resumed>) = 0 [pid 367] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 380] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 367] <... futex resumed>) = 0 [pid 367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f325cb65000 [pid 367] mprotect(0x7f325cb66000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 384] <... open resumed>) = 5 [pid 367] clone(child_stack=0x7f325cb853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 384] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] <... write resumed>) = 1507328 [pid 384] <... futex resumed>) = 1 [ 20.603398][ T45] EXT4-fs error (device loop2): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:2: bad extent address lblock: 0, depth: 1 pblock 0 [pid 380] <... futex resumed>) = 0 [pid 371] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 380] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 384] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 380] <... futex resumed>) = 0 [pid 384] <... openat resumed>) = 6 [pid 380] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 384] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 380] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 384] <... futex resumed>) = 0 [pid 380] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 384] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 380] <... futex resumed>) = 0 [pid 380] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 373] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 371] <... futex resumed>) = 0 [pid 369] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 367] <... clone resumed>, parent_tid=[389], tls=0x7f325cb85700, child_tidptr=0x7f325cb859d0) = 389 [pid 373] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] futex(0x7f3264e807b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 389 attached [pid 376] <... write resumed>) = 1507328 [pid 373] <... futex resumed>) = 0 [pid 372] <... write resumed>) = 2097152 [pid 389] set_robust_list(0x7f325cb859e0, 24 [pid 373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 372] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 389] <... set_robust_list resumed>) = 0 [pid 373] <... mmap resumed>) = 0x7f325cb65000 [pid 372] <... futex resumed>) = 0 [pid 368] exit_group(0 [pid 389] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 373] mprotect(0x7f325cb66000, 131072, PROT_READ|PROT_WRITE [pid 368] <... exit_group resumed>) = ? [pid 376] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 373] <... mprotect resumed>) = 0 [pid 372] +++ exited with 0 +++ [pid 368] +++ exited with 0 +++ [pid 367] <... futex resumed>) = 0 [pid 376] <... futex resumed>) = 0 [pid 373] clone(child_stack=0x7f325cb853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 367] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=368, si_uid=0, si_status=0, si_utime=1, si_stime=5} --- [pid 376] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] <... clone resumed>, parent_tid=[390], tls=0x7f325cb85700, child_tidptr=0x7f325cb859d0) = 390 [pid 370] <... write resumed>) = 2097152 [pid 373] futex(0x7f3264e807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 373] <... futex resumed>) = 0 [pid 370] <... futex resumed>) = 0 [pid 327] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 373] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 370] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 327] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 369] exit_group(0 [pid 327] <... openat resumed>) = 3 [pid 370] <... futex resumed>) = ? [pid 369] <... exit_group resumed>) = ? [pid 327] fstat(3, [pid 370] +++ exited with 0 +++ [pid 369] +++ exited with 0 +++ [pid 327] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 327] getdents64(3, 0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 324] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=369, si_uid=0, si_status=0, si_utime=1, si_stime=5} --- [pid 327] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 20.658965][ T45] EXT4-fs (loop2): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 20.674267][ T45] EXT4-fs (loop2): This should not happen!! Data will be lost [ 20.674267][ T45] [pid 324] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 390 attached [pid 327] lstat("./1/binderfs", [pid 324] <... restart_syscall resumed>) = 0 [pid 390] set_robust_list(0x7f325cb859e0, 24 [pid 327] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 390] <... set_robust_list resumed>) = 0 [pid 380] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 327] unlink("./1/binderfs" [pid 390] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 380] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... unlink resumed>) = 0 [pid 324] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 380] <... futex resumed>) = 0 [pid 327] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 380] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 324] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 380] <... mmap resumed>) = 0x7f325cb65000 [pid 380] mprotect(0x7f325cb66000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 380] clone(child_stack=0x7f325cb853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[391], tls=0x7f325cb85700, child_tidptr=0x7f325cb859d0) = 391 [pid 380] futex(0x7f3264e807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 391 attached [pid 391] set_robust_list(0x7f325cb859e0, 24) = 0 [pid 391] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 389] <... write resumed>) = 2097152 [pid 324] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 367] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 373] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 389] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 324] <... openat resumed>) = 3 [pid 324] fstat(3, [pid 389] <... futex resumed>) = 0 [pid 367] exit_group(0 [pid 325] <... umount2 resumed>) = 0 [pid 324] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 371] <... futex resumed>) = ? [pid 367] <... exit_group resumed>) = ? [pid 371] +++ exited with 0 +++ [ 20.725684][ T8] EXT4-fs error (device loop4): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:0: bad extent address lblock: 0, depth: 1 pblock 0 [ 20.736343][ T384] EXT4-fs error (device loop5): ext4_map_blocks:726: inode #19: block 348: comm syz-executor211: lblock 220 mapped to illegal pblock 348 (length 1) [ 20.752730][ T8] EXT4-fs (loop4): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [pid 380] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 325] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 324] getdents64(3, [pid 389] +++ exited with 0 +++ [pid 367] +++ exited with 0 +++ [pid 325] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 324] <... getdents64 resumed>0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 323] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=367, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 323] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 323] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 325] lstat("./1/file0", [pid 324] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 323] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 323] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 323] getdents64(3, 0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 323] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 323] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 323] unlink("./1/binderfs") = 0 [pid 323] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 325] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 324] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 325] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 324] lstat("./1/binderfs", [pid 325] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 324] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 325] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 324] unlink("./1/binderfs" [pid 325] <... openat resumed>) = 4 [pid 324] <... unlink resumed>) = 0 [pid 325] fstat(4, [pid 324] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 325] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 20.772074][ T8] EXT4-fs (loop4): This should not happen!! Data will be lost [ 20.772074][ T8] [ 20.785690][ T384] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:437: comm syz-executor211: Invalid block bitmap block 0 in block_group 0 [ 20.800223][ T10] EXT4-fs error (device loop0): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:1: bad extent address lblock: 0, depth: 1 pblock 0 [pid 325] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 325] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 325] close(4) = 0 [pid 325] rmdir("./1/file0") = 0 [pid 325] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 325] close(3) = 0 [pid 325] rmdir("./1") = 0 [pid 325] mkdir("./2", 0777 [pid 391] <... write resumed>) = 2097152 [pid 325] <... mkdir resumed>) = 0 [ 20.816999][ T352] EXT4-fs error (device loop1): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:3: bad extent address lblock: 0, depth: 1 pblock 0 [ 20.838641][ T10] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 20.853035][ T384] EXT4-fs error (device loop5): ext4_discard_preallocations:5045: comm syz-executor211: Error -117 reading block bitmap for 0 [pid 390] <... write resumed>) = 2097152 [pid 390] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] futex(0x7f3264e807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 373] exit_group(0 [pid 390] <... futex resumed>) = ? [pid 373] <... exit_group resumed>) = ? [pid 390] +++ exited with 0 +++ [pid 391] <... futex resumed>) = 0 [pid 325] <... openat resumed>) = 3 [pid 391] futex(0x7f3264e807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 327] <... umount2 resumed>) = 0 [pid 376] <... futex resumed>) = ? [pid 327] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 325] ioctl(3, LOOP_CLR_FD [pid 376] +++ exited with 0 +++ [pid 373] +++ exited with 0 +++ [pid 327] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 325] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 326] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=373, si_uid=0, si_status=0, si_utime=1, si_stime=11} --- [pid 326] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 326] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 326] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 326] getdents64(3, 0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 326] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 326] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 326] unlink("./1/binderfs") = 0 [pid 326] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 327] lstat("./1/file0", [ 20.860342][ T352] EXT4-fs (loop1): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 20.879152][ T10] EXT4-fs (loop0): This should not happen!! Data will be lost [ 20.879152][ T10] [ 20.879763][ T352] EXT4-fs (loop1): This should not happen!! Data will be lost [ 20.879763][ T352] [ 20.908224][ T384] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5805: Corrupt filesystem [pid 325] close(3 [pid 327] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 325] <... close resumed>) = 0 [pid 327] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 325] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 327] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 325] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 392 [pid 327] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 392 attached ) = 4 [pid 392] set_robust_list(0x555556d3c5e0, 24 [ 20.920044][ T8] EXT4-fs error (device loop3): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:0: bad extent address lblock: 0, depth: 1 pblock 0 [ 20.928965][ T384] EXT4-fs error (device loop5): ext4_ext_truncate:4402: inode #19: comm syz-executor211: mark_inode_dirty error [ 20.946845][ T384] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5805: Corrupt filesystem [ 20.951073][ T8] EXT4-fs (loop3): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [pid 327] fstat(4, [pid 392] <... set_robust_list resumed>) = 0 [pid 327] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 392] chdir("./2" [pid 327] getdents64(4, [pid 392] <... chdir resumed>) = 0 [pid 327] <... getdents64 resumed>0x555556d45660 /* 2 entries */, 32768) = 48 [pid 392] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 327] getdents64(4, [pid 392] <... prctl resumed>) = 0 [pid 327] <... getdents64 resumed>0x555556d45660 /* 0 entries */, 32768) = 0 [pid 392] setpgid(0, 0 [pid 327] close(4 [pid 392] <... setpgid resumed>) = 0 [pid 327] <... close resumed>) = 0 [pid 392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 327] rmdir("./1/file0" [pid 392] <... openat resumed>) = 3 [pid 327] <... rmdir resumed>) = 0 [pid 392] write(3, "1000", 4 [pid 327] getdents64(3, [pid 392] <... write resumed>) = 4 [pid 327] <... getdents64 resumed>0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 392] close(3 [pid 327] close(3 [pid 392] <... close resumed>) = 0 [pid 327] <... close resumed>) = 0 [pid 392] symlink("/dev/binderfs", "./binderfs" [pid 327] rmdir("./1" [pid 392] <... symlink resumed>) = 0 [pid 327] <... rmdir resumed>) = 0 [pid 392] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] mkdir("./2", 0777 [pid 392] <... futex resumed>) = 0 [pid 327] <... mkdir resumed>) = 0 [pid 392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 327] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 392] <... mmap resumed>) = 0x7f3264d86000 [pid 327] <... openat resumed>) = 3 [pid 392] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE [pid 327] ioctl(3, LOOP_CLR_FD [pid 392] <... mprotect resumed>) = 0 [pid 327] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 392] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 327] close(3) = 0 [pid 392] <... clone resumed>, parent_tid=[393], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 393 [pid 327] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 392] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 394 [pid 392] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 394 attached [pid 394] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 394] chdir("./2") = 0 [pid 394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 394] setpgid(0, 0) = 0 [pid 394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 394] write(3, "1000", 4) = 4 [pid 394] close(3) = 0 [pid 394] symlink("/dev/binderfs", "./binderfs") = 0 [pid 394] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 394] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 394] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[395], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 395 [pid 394] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 395 attached [pid 395] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 395] memfd_create("syzkaller", 0) = 3 [pid 395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [pid 395] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 323] <... umount2 resumed>) = 0 [pid 384] <... write resumed>) = 901120 [pid 384] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 384] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 380] exit_group(0 [pid 391] <... futex resumed>) = ? [pid 380] <... exit_group resumed>) = ? [pid 391] +++ exited with 0 +++ [pid 384] <... futex resumed>) = ? ./strace-static-x86_64: Process 393 attached [pid 323] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 393] set_robust_list(0x7f3264da69e0, 24 [pid 323] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 395] <... write resumed>) = 2097152 [pid 384] +++ exited with 0 +++ [pid 380] +++ exited with 0 +++ [pid 328] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=380, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- [pid 328] restart_syscall(<... resuming interrupted clone ...> [pid 395] munmap(0x7f325c986000, 2097152 [pid 328] <... restart_syscall resumed>) = 0 [pid 328] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 328] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 328] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 328] getdents64(3, 0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 328] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 328] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 328] unlink("./1/binderfs") = 0 [pid 328] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 395] <... munmap resumed>) = 0 [pid 395] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 395] ioctl(4, LOOP_SET_FD, 3 [pid 393] <... set_robust_list resumed>) = 0 [ 20.981277][ T384] EXT4-fs error (device loop5): ext4_truncate:4299: inode #19: comm syz-executor211: mark_inode_dirty error [ 21.004534][ T8] EXT4-fs (loop3): This should not happen!! Data will be lost [ 21.004534][ T8] [ 21.011574][ T395] loop4: detected capacity change from 0 to 4096 [pid 323] lstat("./1/file0", [pid 393] memfd_create("syzkaller", 0 [pid 323] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 393] <... memfd_create resumed>) = 3 [pid 323] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 323] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 393] <... mmap resumed>) = 0x7f325c986000 [pid 395] <... ioctl resumed>) = 0 [pid 395] close(3) = 0 [pid 395] mkdir("./file0", 0777 [pid 323] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 395] <... mkdir resumed>) = 0 [pid 395] mount("/dev/loop4", "./file0", "ext4", 0, ",errors=continue" [pid 393] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 324] <... umount2 resumed>) = 0 [pid 323] <... openat resumed>) = 4 [ 21.021289][ T363] EXT4-fs error (device loop5): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:6: bad extent address lblock: 0, depth: 1 pblock 0 [pid 393] <... write resumed>) = 2097152 [pid 393] munmap(0x7f325c986000, 2097152) = 0 [pid 393] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 393] ioctl(4, LOOP_SET_FD, 3 [pid 323] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 323] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 323] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 323] close(4) = 0 [pid 323] rmdir("./1/file0") = 0 [pid 323] getdents64(3, [pid 324] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 323] <... getdents64 resumed>0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 324] lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 323] close(3 [pid 324] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 323] <... close resumed>) = 0 [pid 393] <... ioctl resumed>) = 0 [pid 393] close(3 [pid 324] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 323] rmdir("./1" [pid 324] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 323] <... rmdir resumed>) = 0 [pid 324] fstat(4, [pid 323] mkdir("./2", 0777 [pid 393] <... close resumed>) = 0 [pid 393] mkdir("./file0", 0777 [pid 323] <... mkdir resumed>) = 0 [pid 324] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 324] getdents64(4, [pid 323] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 324] <... getdents64 resumed>0x555556d45660 /* 2 entries */, 32768) = 48 [pid 323] <... openat resumed>) = 3 [pid 324] getdents64(4, [pid 323] ioctl(3, LOOP_CLR_FD [pid 324] <... getdents64 resumed>0x555556d45660 /* 0 entries */, 32768) = 0 [pid 323] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 324] close(4 [pid 323] close(3 [pid 324] <... close resumed>) = 0 [pid 323] <... close resumed>) = 0 [pid 324] rmdir("./1/file0" [pid 323] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 397 attached [pid 393] <... mkdir resumed>) = 0 [pid 324] <... rmdir resumed>) = 0 [pid 397] set_robust_list(0x555556d3c5e0, 24 [pid 324] getdents64(3, [pid 323] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 397 [pid 397] <... set_robust_list resumed>) = 0 [pid 324] <... getdents64 resumed>0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 397] chdir("./2" [pid 324] close(3 [pid 397] <... chdir resumed>) = 0 [pid 324] <... close resumed>) = 0 [pid 397] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 324] rmdir("./1" [pid 397] <... prctl resumed>) = 0 [pid 324] <... rmdir resumed>) = 0 [pid 397] setpgid(0, 0 [pid 324] mkdir("./2", 0777 [pid 397] <... setpgid resumed>) = 0 [pid 324] <... mkdir resumed>) = 0 [pid 397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 324] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 397] <... openat resumed>) = 3 [pid 324] <... openat resumed>) = 3 [pid 397] write(3, "1000", 4 [pid 324] ioctl(3, LOOP_CLR_FD [pid 397] <... write resumed>) = 4 [pid 326] <... umount2 resumed>) = 0 [pid 324] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 397] close(3 [pid 324] close(3 [pid 397] <... close resumed>) = 0 [pid 324] <... close resumed>) = 0 [pid 397] symlink("/dev/binderfs", "./binderfs" [pid 324] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 397] <... symlink resumed>) = 0 [pid 397] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 324] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 399 [pid 397] <... futex resumed>) = 0 [pid 397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 397] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 397] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[400], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 400 [pid 397] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 393] mount("/dev/loop2", "./file0", "ext4", 0, ",errors=continue" [pid 326] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 399 attached [pid 399] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 399] chdir("./2") = 0 [pid 399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 399] setpgid(0, 0) = 0 [ 21.054681][ T363] EXT4-fs (loop5): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 21.059203][ T393] loop2: detected capacity change from 0 to 4096 [ 21.081792][ T363] EXT4-fs (loop5): This should not happen!! Data will be lost [ 21.081792][ T363] [pid 399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 400 attached [pid 326] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 326] lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 326] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 326] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 326] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 326] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 326] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 326] close(4) = 0 [pid 326] rmdir("./1/file0") = 0 [pid 326] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 326] close(3) = 0 [pid 326] rmdir("./1") = 0 [pid 326] mkdir("./2", 0777) = 0 [pid 399] write(3, "1000", 4) = 4 [pid 399] close(3) = 0 [pid 399] symlink("/dev/binderfs", "./binderfs") = 0 [pid 326] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 399] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 326] <... openat resumed>) = 3 [pid 399] <... futex resumed>) = 0 [pid 326] ioctl(3, LOOP_CLR_FD [pid 399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 326] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 399] <... mmap resumed>) = 0x7f3264d86000 [pid 326] close(3 [pid 399] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 326] <... close resumed>) = 0 [pid 399] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 326] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 399] <... clone resumed>, parent_tid=[404], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 404 [pid 326] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 405 [pid 399] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 400] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 400] memfd_create("syzkaller", 0) = 3 [pid 400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 ./strace-static-x86_64: Process 404 attached ./strace-static-x86_64: Process 405 attached [pid 395] <... mount resumed>) = 0 [pid 393] <... mount resumed>) = 0 [pid 404] set_robust_list(0x7f3264da69e0, 24 [pid 395] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 393] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 405] set_robust_list(0x555556d3c5e0, 24 [pid 404] <... set_robust_list resumed>) = 0 [pid 395] <... openat resumed>) = 3 [pid 393] <... openat resumed>) = 3 [pid 405] <... set_robust_list resumed>) = 0 [pid 404] memfd_create("syzkaller", 0 [pid 395] chdir("./file0" [pid 393] chdir("./file0" [pid 405] chdir("./2" [pid 404] <... memfd_create resumed>) = 3 [pid 395] <... chdir resumed>) = 0 [pid 393] <... chdir resumed>) = 0 [pid 405] <... chdir resumed>) = 0 [pid 404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 395] ioctl(4, LOOP_CLR_FD [pid 393] ioctl(4, LOOP_CLR_FD [pid 405] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 404] <... mmap resumed>) = 0x7f325c986000 [pid 395] <... ioctl resumed>) = 0 [pid 393] <... ioctl resumed>) = 0 [pid 395] close(4 [pid 393] close(4 [pid 395] <... close resumed>) = 0 [pid 393] <... close resumed>) = 0 [pid 395] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 394] <... futex resumed>) = 0 [pid 393] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 395] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 394] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 395] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 394] <... futex resumed>) = 0 [pid 393] <... futex resumed>) = 1 [pid 392] <... futex resumed>) = 0 [pid 395] creat("./bus", 000 [pid 394] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] creat("./bus", 000 [pid 392] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] <... creat resumed>) = 4 [pid 392] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 395] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 394] <... futex resumed>) = 0 [pid 395] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 394] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] <... creat resumed>) = 4 [pid 395] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 394] <... futex resumed>) = 0 [pid 395] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 394] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 395] <... mount resumed>) = 0 [pid 393] <... futex resumed>) = 1 [pid 392] <... futex resumed>) = 0 [pid 405] <... prctl resumed>) = 0 [pid 395] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 392] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] setpgid(0, 0 [pid 395] <... futex resumed>) = 1 [pid 394] <... futex resumed>) = 0 [pid 393] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 392] <... futex resumed>) = 0 [pid 405] <... setpgid resumed>) = 0 [pid 395] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 394] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 392] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 395] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 394] <... futex resumed>) = 0 [pid 395] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 394] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 393] <... mount resumed>) = 0 [pid 395] <... open resumed>) = 5 [pid 393] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 395] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] <... openat resumed>) = 3 [pid 395] <... futex resumed>) = 1 [pid 394] <... futex resumed>) = 0 [pid 393] <... futex resumed>) = 1 [pid 392] <... futex resumed>) = 0 [pid 405] write(3, "1000", 4 [pid 395] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 394] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 392] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] <... write resumed>) = 4 [pid 395] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 394] <... futex resumed>) = 0 [pid 393] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 392] <... futex resumed>) = 0 [pid 405] close(3 [pid 395] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 394] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 392] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 405] <... close resumed>) = 0 [pid 395] <... openat resumed>) = 6 [pid 393] <... open resumed>) = 5 [pid 405] symlink("/dev/binderfs", "./binderfs" [pid 395] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 395] <... futex resumed>) = 1 [pid 394] <... futex resumed>) = 0 [pid 395] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 394] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] <... futex resumed>) = 1 [pid 392] <... futex resumed>) = 0 [pid 405] <... symlink resumed>) = 0 [pid 395] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 394] <... futex resumed>) = 0 [pid 393] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 392] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 395] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 394] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 393] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] <... futex resumed>) = 0 [pid 392] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] <... futex resumed>) = 1 [pid 393] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 328] <... umount2 resumed>) = 0 [pid 405] <... futex resumed>) = 0 [pid 405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 405] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 405] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[406], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 406 [pid 328] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 328] lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 328] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 405] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 405] <... futex resumed>) = 0 [pid 328] <... openat resumed>) = 4 [pid 328] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 328] getdents64(4, [pid 405] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 395] <... write resumed>) = 1507328 [pid 328] <... getdents64 resumed>0x555556d45660 /* 2 entries */, 32768) = 48 [pid 404] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 395] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] getdents64(4, [pid 395] <... futex resumed>) = 1 [pid 394] <... futex resumed>) = 0 [ 21.108876][ T395] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 21.133859][ T393] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 328] <... getdents64 resumed>0x555556d45660 /* 0 entries */, 32768) = 0 [pid 394] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 395] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 394] <... futex resumed>) = 0 [pid 328] close(4 [pid 394] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] <... close resumed>) = 0 [pid 328] rmdir("./1/file0") = 0 [pid 328] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 328] close(3 [pid 400] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152./strace-static-x86_64: Process 406 attached [pid 404] <... write resumed>) = 2097152 [pid 328] <... close resumed>) = 0 [pid 406] set_robust_list(0x7f3264da69e0, 24 [pid 328] rmdir("./1" [pid 406] <... set_robust_list resumed>) = 0 [pid 406] memfd_create("syzkaller", 0 [pid 404] munmap(0x7f325c986000, 2097152 [pid 328] <... rmdir resumed>) = 0 [pid 406] <... memfd_create resumed>) = 3 [pid 404] <... munmap resumed>) = 0 [pid 328] mkdir("./2", 0777 [pid 406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 404] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 328] <... mkdir resumed>) = 0 [pid 406] <... mmap resumed>) = 0x7f325c986000 [pid 404] <... openat resumed>) = 4 [pid 328] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 404] ioctl(4, LOOP_SET_FD, 3 [pid 400] <... write resumed>) = 2097152 [pid 392] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 328] <... openat resumed>) = 3 [pid 392] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f325cb65000 [pid 392] mprotect(0x7f325cb66000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 392] clone(child_stack=0x7f325cb853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[407], tls=0x7f325cb85700, child_tidptr=0x7f325cb859d0) = 407 [pid 392] futex(0x7f3264e807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 392] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 400] munmap(0x7f325c986000, 2097152 [pid 328] ioctl(3, LOOP_CLR_FD [pid 404] <... ioctl resumed>) = 0 [pid 400] <... munmap resumed>) = 0 [pid 328] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 404] close(3 [pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 328] close(3 [pid 404] <... close resumed>) = 0 [pid 395] <... write resumed>) = 2097152 [pid 404] mkdir("./file0", 0777 [pid 400] <... openat resumed>) = 4 [pid 328] <... close resumed>) = 0 [pid 400] ioctl(4, LOOP_SET_FD, 3 [pid 328] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 394] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) ./strace-static-x86_64: Process 407 attached [pid 407] set_robust_list(0x7f325cb859e0, 24) = 0 [pid 407] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 328] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 408 [pid 404] <... mkdir resumed>) = 0 [pid 395] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] mount("/dev/loop1", "./file0", "ext4", 0, ",errors=continue" [pid 395] <... futex resumed>) = 0 [pid 394] exit_group(0) = ? [pid 400] <... ioctl resumed>) = 0 [ 21.225095][ T404] loop1: detected capacity change from 0 to 4096 [ 21.244922][ T400] loop0: detected capacity change from 0 to 4096 [ 21.252361][ T393] EXT4-fs error (device loop2): ext4_map_blocks:726: inode #19: block 316: comm syz-executor211: lblock 188 mapped to illegal pblock 316 (length 1) [pid 406] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152./strace-static-x86_64: Process 408 attached [pid 400] close(3 [pid 395] +++ exited with 0 +++ [pid 394] +++ exited with 0 +++ [pid 392] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 408] set_robust_list(0x555556d3c5e0, 24 [pid 400] <... close resumed>) = 0 [pid 408] <... set_robust_list resumed>) = 0 [pid 400] mkdir("./file0", 0777 [pid 408] chdir("./2" [pid 400] <... mkdir resumed>) = 0 [pid 408] <... chdir resumed>) = 0 [pid 400] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue" [pid 408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 408] setpgid(0, 0) = 0 [pid 408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 408] write(3, "1000", 4) = 4 [pid 408] close(3) = 0 [pid 408] symlink("/dev/binderfs", "./binderfs") = 0 [pid 408] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 408] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 408] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[411], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 411 [pid 408] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 406] <... write resumed>) = 2097152 [pid 406] munmap(0x7f325c986000, 2097152) = 0 [pid 406] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 406] ioctl(4, LOOP_SET_FD, 3 [pid 327] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=394, si_uid=0, si_status=0, si_utime=1, si_stime=8} --- [pid 327] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 327] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 406] <... ioctl resumed>) = 0 [pid 327] <... openat resumed>) = 3 [pid 406] close(3) = 0 [pid 406] mkdir("./file0", 0777 [pid 327] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 327] getdents64(3, 0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 327] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 406] <... mkdir resumed>) = 0 [pid 327] lstat("./2/binderfs", [pid 406] mount("/dev/loop3", "./file0", "ext4", 0, ",errors=continue" [pid 404] <... mount resumed>) = 0 [pid 404] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 404] chdir("./file0") = 0 [pid 404] ioctl(4, LOOP_CLR_FD) = 0 [pid 404] close(4) = 0 [pid 404] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 404] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 411 attached [pid 411] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 411] memfd_create("syzkaller", 0) = 3 [pid 411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [pid 399] <... futex resumed>) = 0 [pid 399] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 327] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 399] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... futex resumed>) = 0 [pid 404] creat("./bus", 000 [pid 327] unlink("./2/binderfs" [pid 404] <... creat resumed>) = 4 [pid 404] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... unlink resumed>) = 0 [pid 404] <... futex resumed>) = 1 [pid 404] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 399] <... futex resumed>) = 0 [pid 399] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 399] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 21.273170][ T393] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:437: comm syz-executor211: Invalid block bitmap block 0 in block_group 0 [ 21.281248][ T404] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 21.297787][ T393] EXT4-fs error (device loop2): ext4_discard_preallocations:5045: comm syz-executor211: Error -117 reading block bitmap for 0 [ 21.306387][ T406] loop3: detected capacity change from 0 to 4096 [pid 327] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 411] munmap(0x7f325c986000, 2097152) = 0 [pid 411] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 411] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 411] close(3) = 0 [pid 411] mkdir("./file0", 0777) = 0 [pid 411] mount("/dev/loop5", "./file0", "ext4", 0, ",errors=continue" [pid 404] <... futex resumed>) = 0 [pid 404] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL) = 0 [pid 404] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 399] <... futex resumed>) = 0 [pid 404] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 399] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 399] <... futex resumed>) = 0 [pid 404] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 399] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... open resumed>) = 5 [pid 404] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 399] <... futex resumed>) = 0 [pid 404] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 399] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 404] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 404] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 399] <... futex resumed>) = 0 [pid 404] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 399] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 21.333840][ T363] EXT4-fs error (device loop4): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:6: bad extent address lblock: 0, depth: 1 pblock 0 [ 21.349471][ T411] loop5: detected capacity change from 0 to 4096 [ 21.357860][ T393] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5805: Corrupt filesystem [pid 399] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... write resumed>) = 1507328 [pid 404] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 404] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 399] <... futex resumed>) = 0 [ 21.380475][ T393] EXT4-fs error (device loop2): ext4_ext_truncate:4402: inode #19: comm syz-executor211: mark_inode_dirty error [ 21.392904][ T400] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 21.403215][ T393] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5805: Corrupt filesystem [ 21.408876][ T393] EXT4-fs error (device loop2): ext4_truncate:4299: inode #19: comm syz-executor211: mark_inode_dirty error [ 21.413345][ T406] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 406] <... mount resumed>) = 0 [pid 400] <... mount resumed>) = 0 [pid 399] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 400] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 399] <... futex resumed>) = 1 [pid 406] <... openat resumed>) = 3 [pid 400] <... openat resumed>) = 3 [pid 399] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] chdir("./file0" [pid 400] chdir("./file0" [pid 406] <... chdir resumed>) = 0 [pid 400] <... chdir resumed>) = 0 [pid 406] ioctl(4, LOOP_CLR_FD [pid 400] ioctl(4, LOOP_CLR_FD [pid 406] <... ioctl resumed>) = 0 [pid 400] <... ioctl resumed>) = 0 [pid 406] close(4 [pid 400] close(4 [pid 406] <... close resumed>) = 0 [pid 404] <... futex resumed>) = 0 [pid 400] <... close resumed>) = 0 [pid 404] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 400] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 400] creat("./bus", 000 [pid 397] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 393] <... write resumed>) = 770048 [pid 411] <... mount resumed>) = 0 [pid 406] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 400] <... creat resumed>) = 4 [pid 393] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 393] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 400] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 407] <... write resumed>) = 2097152 [pid 400] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 407] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 400] <... mount resumed>) = 0 [pid 392] exit_group(0 [pid 400] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] <... futex resumed>) = ? [pid 392] <... exit_group resumed>) = ? [pid 407] <... futex resumed>) = ? [pid 400] <... futex resumed>) = 1 [pid 397] <... futex resumed>) = 0 [pid 393] +++ exited with 0 +++ [pid 407] +++ exited with 0 +++ [pid 400] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 397] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 392] +++ exited with 0 +++ [pid 400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 397] <... futex resumed>) = 0 [pid 400] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 397] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 400] <... open resumed>) = 5 [pid 400] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 400] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 397] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 397] <... futex resumed>) = 0 [pid 400] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 397] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 400] <... openat resumed>) = 6 [pid 400] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 400] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 397] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 397] <... futex resumed>) = 0 [pid 400] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 397] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 406] <... futex resumed>) = 1 [pid 405] <... futex resumed>) = 0 [pid 325] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=392, si_uid=0, si_status=0, si_utime=0, si_stime=14} --- [pid 411] <... openat resumed>) = 3 [pid 406] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 405] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] chdir("./file0" [pid 406] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 405] <... futex resumed>) = 0 [pid 411] <... chdir resumed>) = 0 [pid 406] creat("./bus", 000 [pid 405] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] ioctl(4, LOOP_CLR_FD) = 0 [pid 325] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 411] close(4 [pid 406] <... creat resumed>) = 4 [pid 325] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 411] <... close resumed>) = 0 [pid 406] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 411] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] <... futex resumed>) = 1 [pid 405] <... futex resumed>) = 0 [pid 325] <... openat resumed>) = 3 [pid 411] <... futex resumed>) = 1 [pid 408] <... futex resumed>) = 0 [pid 406] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 405] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] creat("./bus", 000 [pid 408] <... futex resumed>) = 0 [pid 406] <... mount resumed>) = 0 [pid 405] <... futex resumed>) = 0 [pid 325] fstat(3, [pid 411] <... creat resumed>) = 4 [pid 408] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 406] <... futex resumed>) = 0 [pid 399] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 325] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 411] <... futex resumed>) = 0 [pid 408] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 405] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 404] <... write resumed>) = 2097152 [pid 400] <... write resumed>) = 1507328 [pid 325] getdents64(3, [pid 411] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 408] <... futex resumed>) = 0 [pid 405] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 404] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 400] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] <... getdents64 resumed>0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 411] <... mount resumed>) = 0 [pid 408] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... futex resumed>) = 0 [pid 405] <... futex resumed>) = 1 [pid 404] <... futex resumed>) = 0 [pid 400] <... futex resumed>) = 1 [pid 397] <... futex resumed>) = 0 [pid 325] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 411] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 406] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 405] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 400] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 397] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 411] <... futex resumed>) = 0 [pid 408] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] <... open resumed>) = 5 [pid 400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 397] <... futex resumed>) = 0 [pid 325] lstat("./2/binderfs", [pid 411] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 408] <... futex resumed>) = 0 [pid 406] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [ 21.424182][ T363] EXT4-fs (loop4): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 21.454240][ T411] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 21.466467][ T363] EXT4-fs (loop4): This should not happen!! Data will be lost [ 21.466467][ T363] [pid 400] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 399] exit_group(0 [pid 397] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 325] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 411] <... open resumed>) = 5 [pid 408] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... futex resumed>) = 1 [pid 405] <... futex resumed>) = 0 [pid 404] <... futex resumed>) = ? [pid 399] <... exit_group resumed>) = ? [pid 411] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 406] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 405] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] unlink("./2/binderfs" [pid 411] <... futex resumed>) = 0 [pid 408] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 405] <... futex resumed>) = 0 [pid 411] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 408] <... futex resumed>) = 0 [pid 406] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 405] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] +++ exited with 0 +++ [pid 399] +++ exited with 0 +++ [pid 325] <... unlink resumed>) = 0 [pid 411] <... openat resumed>) = 6 [pid 406] <... openat resumed>) = 6 [pid 325] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 324] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=399, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 411] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... futex resumed>) = 0 [pid 406] <... futex resumed>) = 1 [pid 405] <... futex resumed>) = 0 [pid 411] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 408] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 405] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 406] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 405] <... futex resumed>) = 0 [pid 408] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 405] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 411] <... futex resumed>) = 0 [pid 408] <... futex resumed>) = 1 [pid 324] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 324] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 324] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 324] getdents64(3, 0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 324] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 324] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 324] unlink("./2/binderfs") = 0 [pid 324] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 411] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 408] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... umount2 resumed>) = 0 [pid 327] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 327] lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 327] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 327] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 327] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 327] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 327] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 327] close(4) = 0 [pid 327] rmdir("./2/file0") = 0 [pid 327] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 327] close(3) = 0 [pid 327] rmdir("./2") = 0 [pid 327] mkdir("./3", 0777) = 0 [pid 406] <... write resumed>) = 1507328 [pid 406] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] <... futex resumed>) = 0 [pid 405] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... futex resumed>) = 1 [pid 406] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 327] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 327] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 327] close(3) = 0 [pid 327] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d3c5d0) = 418 [pid 397] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 21.536690][ T363] EXT4-fs error (device loop2): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:6: bad extent address lblock: 0, depth: 1 pblock 0 [ 21.553811][ T10] EXT4-fs error (device loop1): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:1: bad extent address lblock: 0, depth: 1 pblock 0 ./strace-static-x86_64: Process 418 attached [pid 411] <... write resumed>) = 1507328 [pid 406] <... write resumed>) = 2097152 [pid 405] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 400] <... write resumed>) = 2097152 [pid 418] set_robust_list(0x555556d3c5e0, 24 [pid 411] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 406] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 400] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] exit_group(0) = ? [pid 418] <... set_robust_list resumed>) = 0 [pid 418] chdir("./3") = 0 [pid 418] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 418] setpgid(0, 0) = 0 [pid 418] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 418] write(3, "1000", 4) = 4 [pid 418] close(3 [pid 411] <... futex resumed>) = 0 [pid 408] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 400] <... futex resumed>) = 0 [pid 418] <... close resumed>) = 0 [pid 411] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 408] <... futex resumed>) = 0 [pid 406] <... futex resumed>) = ? [pid 400] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 418] symlink("/dev/binderfs", "./binderfs") = 0 [pid 418] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 418] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 418] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[419], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 419 [pid 418] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 408] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] +++ exited with 0 +++ [pid 405] +++ exited with 0 +++ [pid 326] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=405, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 326] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 326] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 326] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 326] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 326] getdents64(3, 0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 326] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 326] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 326] unlink("./2/binderfs" [pid 397] exit_group(0 [pid 326] <... unlink resumed>) = 0 [ 21.610776][ T363] EXT4-fs (loop2): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 21.615391][ T10] EXT4-fs (loop1): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 21.623629][ T363] EXT4-fs (loop2): This should not happen!! Data will be lost [ 21.623629][ T363] [ 21.636033][ T10] EXT4-fs (loop1): This should not happen!! Data will be lost [ 21.636033][ T10] [pid 400] <... futex resumed>) = ? [pid 397] <... exit_group resumed>) = ? [pid 326] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 400] +++ exited with 0 +++ [pid 397] +++ exited with 0 +++ [pid 323] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=397, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 323] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 323] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 323] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 323] getdents64(3, 0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 323] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 323] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 323] unlink("./2/binderfs") = 0 [ 21.666666][ T45] EXT4-fs error (device loop3): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:2: bad extent address lblock: 0, depth: 1 pblock 0 [ 21.693313][ T45] EXT4-fs (loop3): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [pid 323] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 408] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 411] <... write resumed>) = 2097152 [pid 411] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 408] exit_group(0 [pid 411] <... futex resumed>) = ? [pid 408] <... exit_group resumed>) = ? [pid 411] +++ exited with 0 +++ [pid 408] +++ exited with 0 +++ [pid 328] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=408, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 328] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 328] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 328] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 328] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 328] getdents64(3, 0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 328] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 328] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 328] unlink("./2/binderfs") = 0 [ 21.693722][ T363] EXT4-fs error (device loop0): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:6: bad extent address lblock: 0, depth: 1 pblock 0 [ 21.707608][ T45] EXT4-fs (loop3): This should not happen!! Data will be lost [ 21.707608][ T45] [ 21.740846][ T352] EXT4-fs error (device loop5): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:3: bad extent address lblock: 0, depth: 1 pblock 0 [pid 328] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 419 attached [pid 325] <... umount2 resumed>) = 0 [pid 325] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 325] lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 325] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 325] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 325] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 325] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 325] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 325] close(4) = 0 [pid 325] rmdir("./2/file0") = 0 [pid 325] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 325] close(3) = 0 [pid 325] rmdir("./2") = 0 [pid 419] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 325] mkdir("./3", 0777) = 0 [pid 419] memfd_create("syzkaller", 0) = 3 [pid 419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [pid 325] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 325] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 325] close(3) = 0 [pid 325] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d3c5d0) = 420 ./strace-static-x86_64: Process 420 attached [pid 420] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 420] chdir("./3") = 0 [pid 420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 420] setpgid(0, 0) = 0 [pid 420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 420] write(3, "1000", 4) = 4 [pid 420] close(3) = 0 [pid 420] symlink("/dev/binderfs", "./binderfs") = 0 [pid 420] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 420] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 420] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[421], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 421 [pid 420] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 421 attached [pid 421] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 421] memfd_create("syzkaller", 0) = 3 [pid 421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [ 21.745258][ T363] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 21.754784][ T352] EXT4-fs (loop5): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 21.783468][ T352] EXT4-fs (loop5): This should not happen!! Data will be lost [ 21.783468][ T352] [ 21.798776][ T363] EXT4-fs (loop0): This should not happen!! Data will be lost [ 21.798776][ T363] [pid 324] <... umount2 resumed>) = 0 [pid 326] <... umount2 resumed>) = 0 [pid 324] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 324] lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 324] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 324] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 324] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 324] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 324] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 324] close(4) = 0 [pid 324] rmdir("./2/file0") = 0 [pid 324] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 324] close(3) = 0 [pid 324] rmdir("./2") = 0 [pid 324] mkdir("./3", 0777) = 0 [pid 324] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 324] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 324] close(3) = 0 [pid 324] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d3c5d0) = 422 [pid 419] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 326] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 326] lstat("./2/file0", ./strace-static-x86_64: Process 422 attached [pid 422] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 422] chdir("./3") = 0 [pid 422] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 421] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 326] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 326] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 326] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 326] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 326] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 326] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 326] close(4) = 0 [pid 326] rmdir("./2/file0") = 0 [pid 326] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 422] <... prctl resumed>) = 0 [pid 422] setpgid(0, 0) = 0 [pid 422] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 422] write(3, "1000", 4) = 4 [pid 422] close(3) = 0 [pid 422] symlink("/dev/binderfs", "./binderfs") = 0 [pid 422] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 422] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE [pid 328] <... umount2 resumed>) = 0 [pid 422] <... mprotect resumed>) = 0 [pid 326] close(3 [pid 422] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[423], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 423 [pid 422] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 423 attached [pid 423] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 326] <... close resumed>) = 0 [pid 326] rmdir("./2" [pid 423] memfd_create("syzkaller", 0) = 3 [pid 326] <... rmdir resumed>) = 0 [pid 326] mkdir("./3", 0777 [pid 423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 326] <... mkdir resumed>) = 0 [pid 326] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 326] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 326] close(3) = 0 [pid 423] <... mmap resumed>) = 0x7f325c986000 [pid 326] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d3c5d0) = 424 [pid 419] <... write resumed>) = 2097152 [pid 328] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 419] munmap(0x7f325c986000, 2097152 [pid 328] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 419] <... munmap resumed>) = 0 [pid 328] lstat("./2/file0", [pid 419] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 328] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 419] <... openat resumed>) = 4 [pid 328] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 419] ioctl(4, LOOP_SET_FD, 3 [pid 328] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 328] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 ./strace-static-x86_64: Process 424 attached [pid 424] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 424] chdir("./3") = 0 [pid 424] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 424] setpgid(0, 0) = 0 [pid 424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 424] write(3, "1000", 4) = 4 [pid 328] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 328] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 328] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 328] close(4) = 0 [pid 328] rmdir("./2/file0" [pid 424] close(3) = 0 [pid 328] <... rmdir resumed>) = 0 [pid 328] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 328] close(3) = 0 [pid 328] rmdir("./2") = 0 [pid 328] mkdir("./3", 0777 [pid 424] symlink("/dev/binderfs", "./binderfs" [pid 328] <... mkdir resumed>) = 0 [pid 328] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 328] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 328] close(3 [pid 424] <... symlink resumed>) = 0 [pid 424] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 424] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 424] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 328] <... close resumed>) = 0 [pid 328] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 424] <... clone resumed>, parent_tid=[425], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 425 [pid 328] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 426 [pid 424] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 419] <... ioctl resumed>) = 0 [pid 419] close(3) = 0 [pid 419] mkdir("./file0", 0777 [pid 423] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152./strace-static-x86_64: Process 425 attached [pid 425] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 425] memfd_create("syzkaller", 0 [pid 323] <... umount2 resumed>) = 0 [pid 425] <... memfd_create resumed>) = 3 [pid 425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [pid 323] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 426 attached [pid 423] <... write resumed>) = 2097152 [pid 421] <... write resumed>) = 2097152 [pid 419] <... mkdir resumed>) = 0 [pid 419] mount("/dev/loop4", "./file0", "ext4", 0, ",errors=continue" [pid 426] set_robust_list(0x555556d3c5e0, 24 [pid 421] munmap(0x7f325c986000, 2097152 [pid 323] lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 323] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 426] <... set_robust_list resumed>) = 0 [pid 426] chdir("./3" [pid 323] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 426] <... chdir resumed>) = 0 [pid 421] <... munmap resumed>) = 0 [pid 426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 421] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 426] setpgid(0, 0) = 0 [pid 421] <... openat resumed>) = 4 [pid 323] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 421] ioctl(4, LOOP_SET_FD, 3 [pid 323] <... openat resumed>) = 4 [pid 426] <... openat resumed>) = 3 [pid 323] fstat(4, [pid 426] write(3, "1000", 4 [pid 323] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 426] <... write resumed>) = 4 [pid 426] close(3 [pid 323] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [ 21.896797][ T419] loop4: detected capacity change from 0 to 4096 [pid 323] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 323] close(4) = 0 [pid 323] rmdir("./2/file0") = 0 [pid 323] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 323] close(3) = 0 [pid 323] rmdir("./2") = 0 [pid 323] mkdir("./3", 0777) = 0 [pid 323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 323] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 426] <... close resumed>) = 0 [pid 323] close(3 [pid 426] symlink("/dev/binderfs", "./binderfs" [pid 323] <... close resumed>) = 0 [pid 323] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d3c5d0) = 428 [pid 423] munmap(0x7f325c986000, 2097152) = 0 [pid 423] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 423] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 428 attached [pid 426] <... symlink resumed>) = 0 [pid 425] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 421] <... ioctl resumed>) = 0 [pid 423] <... ioctl resumed>) = 0 [pid 428] set_robust_list(0x555556d3c5e0, 24 [pid 426] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 425] <... write resumed>) = 2097152 [pid 421] close(3 [pid 428] <... set_robust_list resumed>) = 0 [pid 426] <... futex resumed>) = 0 [pid 421] <... close resumed>) = 0 [pid 428] chdir("./3" [pid 426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 421] mkdir("./file0", 0777 [pid 428] <... chdir resumed>) = 0 [pid 426] <... mmap resumed>) = 0x7f3264d86000 [pid 421] <... mkdir resumed>) = 0 [pid 428] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 426] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE [pid 421] mount("/dev/loop2", "./file0", "ext4", 0, ",errors=continue" [pid 428] <... prctl resumed>) = 0 [pid 426] <... mprotect resumed>) = 0 [pid 428] setpgid(0, 0 [pid 426] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 428] <... setpgid resumed>) = 0 [pid 428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 426] <... clone resumed>, parent_tid=[430], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 430 [pid 428] <... openat resumed>) = 3 [pid 426] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] write(3, "1000", 4 [pid 426] <... futex resumed>) = 0 [pid 428] <... write resumed>) = 4 [pid 426] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 428] close(3) = 0 [pid 428] symlink("/dev/binderfs", "./binderfs") = 0 [pid 428] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 428] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 428] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[431], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 431 [pid 428] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 423] close(3) = 0 [pid 423] mkdir("./file0", 0777) = 0 [pid 423] mount("/dev/loop1", "./file0", "ext4", 0, ",errors=continue" [pid 425] munmap(0x7f325c986000, 2097152) = 0 [pid 425] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 425] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 425] close(3) = 0 [pid 425] mkdir("./file0", 0777) = 0 [pid 425] mount("/dev/loop3", "./file0", "ext4", 0, ",errors=continue" [pid 419] <... mount resumed>) = 0 [pid 419] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 419] chdir("./file0") = 0 [pid 419] ioctl(4, LOOP_CLR_FD) = 0 [pid 419] close(4) = 0 [pid 419] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 419] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 430 attached [pid 430] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 430] memfd_create("syzkaller", 0) = 3 [pid 430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [pid 418] <... futex resumed>) = 0 [pid 418] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 418] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] <... futex resumed>) = 0 [pid 419] creat("./bus", 000) = 4 [pid 419] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 418] <... futex resumed>) = 0 [pid 419] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 418] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 419] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 418] <... futex resumed>) = 0 [pid 418] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL) = 0 [pid 419] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 418] <... futex resumed>) = 0 [pid 418] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 419] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 418] <... futex resumed>) = 0 [pid 418] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 419] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 418] <... futex resumed>) = 0 [pid 419] <... openat resumed>) = 6 [pid 418] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 418] <... futex resumed>) = 0 [pid 418] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152./strace-static-x86_64: Process 431 attached [pid 431] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 431] memfd_create("syzkaller", 0) = 3 [pid 431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [ 21.942969][ T421] loop2: detected capacity change from 0 to 4096 [ 21.953997][ T423] loop1: detected capacity change from 0 to 4096 [ 21.962796][ T419] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 21.979822][ T425] loop3: detected capacity change from 0 to 4096 [pid 431] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 430] <... write resumed>) = 2097152 [pid 430] munmap(0x7f325c986000, 2097152) = 0 [pid 430] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 431] <... write resumed>) = 2097152 [pid 431] munmap(0x7f325c986000, 2097152) = 0 [pid 431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 431] ioctl(4, LOOP_SET_FD, 3 [pid 430] <... openat resumed>) = 4 [pid 418] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 431] <... ioctl resumed>) = 0 [pid 431] close(3) = 0 [pid 431] mkdir("./file0", 0777) = 0 [pid 431] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue" [pid 418] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f325cb65000 [pid 418] mprotect(0x7f325cb66000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 418] clone(child_stack=0x7f325cb853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[438], tls=0x7f325cb85700, child_tidptr=0x7f325cb859d0) = 438 [pid 418] futex(0x7f3264e807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 438 attached [pid 438] set_robust_list(0x7f325cb859e0, 24) = 0 [ 22.040938][ T425] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 22.045465][ T431] loop0: detected capacity change from 0 to 4096 [ 22.053070][ T421] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 22.074490][ T419] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5805: Corrupt filesystem [pid 438] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 430] ioctl(4, LOOP_SET_FD, 3 [pid 425] <... mount resumed>) = 0 [pid 425] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 425] chdir("./file0") = 0 [pid 425] ioctl(4, LOOP_CLR_FD) = 0 [pid 425] close(4) = 0 [pid 425] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 424] <... futex resumed>) = 0 [pid 424] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 425] <... futex resumed>) = 1 [pid 425] creat("./bus", 000 [pid 421] <... mount resumed>) = 0 [pid 421] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 421] chdir("./file0") = 0 [pid 421] ioctl(4, LOOP_CLR_FD) = 0 [pid 421] close(4) = 0 [pid 421] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 1 [pid 421] creat("./bus", 000 [pid 423] <... mount resumed>) = 0 [pid 423] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 423] chdir("./file0") = 0 [pid 423] ioctl(4, LOOP_CLR_FD) = 0 [pid 423] close(4) = 0 [pid 423] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 423] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 430] <... ioctl resumed>) = 0 [pid 430] close(3) = 0 [pid 430] mkdir("./file0", 0777) = 0 [pid 430] mount("/dev/loop5", "./file0", "ext4", 0, ",errors=continue" [pid 422] <... futex resumed>) = 0 [pid 422] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] <... futex resumed>) = 0 [pid 422] <... futex resumed>) = 1 [pid 423] creat("./bus", 000 [pid 425] <... creat resumed>) = 4 [pid 421] <... creat resumed>) = 4 [pid 422] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 425] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 425] <... futex resumed>) = 1 [pid 424] <... futex resumed>) = 0 [pid 421] <... futex resumed>) = 1 [pid 420] <... futex resumed>) = 0 [pid 425] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 424] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 420] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 425] <... mount resumed>) = 0 [pid 424] <... futex resumed>) = 0 [pid 421] <... mount resumed>) = 0 [pid 420] <... futex resumed>) = 0 [pid 425] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 424] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 425] <... futex resumed>) = 0 [pid 424] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 421] <... futex resumed>) = 0 [pid 420] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 425] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 424] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 420] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 425] <... open resumed>) = 5 [pid 424] <... futex resumed>) = 0 [pid 421] <... open resumed>) = 5 [pid 420] <... futex resumed>) = 0 [pid 425] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 424] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 425] <... futex resumed>) = 0 [pid 424] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 421] <... futex resumed>) = 0 [pid 420] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 425] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 424] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 420] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 425] <... openat resumed>) = 6 [pid 424] <... futex resumed>) = 0 [pid 421] <... openat resumed>) = 6 [pid 420] <... futex resumed>) = 0 [pid 425] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 424] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 425] <... futex resumed>) = 0 [pid 424] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 421] <... futex resumed>) = 0 [pid 420] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 425] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 424] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 420] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 424] <... futex resumed>) = 0 [pid 423] <... creat resumed>) = 4 [pid 420] <... futex resumed>) = 0 [pid 419] <... write resumed>) = 1462272 [pid 418] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 424] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 419] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] <... futex resumed>) = 1 [pid 422] <... futex resumed>) = 0 [pid 423] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 422] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 419] <... futex resumed>) = 0 [pid 423] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 422] <... futex resumed>) = 0 [pid 419] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 423] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 422] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] <... mount resumed>) = 0 [pid 423] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 422] <... futex resumed>) = 0 [pid 423] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 422] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 422] <... futex resumed>) = 0 [pid 423] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 422] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] <... open resumed>) = 5 [pid 423] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 422] <... futex resumed>) = 0 [pid 423] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 422] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 438] <... write resumed>) = 2097152 [pid 423] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 422] <... futex resumed>) = 0 [pid 423] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 422] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] <... openat resumed>) = 6 [pid 423] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 422] <... futex resumed>) = 0 [pid 423] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 422] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 422] <... futex resumed>) = 0 [pid 423] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 422] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 438] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 431] <... mount resumed>) = 0 [pid 421] <... write resumed>) = 1507328 [ 22.083167][ T423] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 22.095412][ T419] EXT4-fs error (device loop4): ext4_write_end:1345: inode #19: comm syz-executor211: mark_inode_dirty error [ 22.096561][ T430] loop5: detected capacity change from 0 to 4096 [ 22.120011][ T431] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 438] <... futex resumed>) = 0 [pid 431] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 421] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] exit_group(0 [pid 431] <... openat resumed>) = 3 [pid 423] <... write resumed>) = 1507328 [pid 421] <... futex resumed>) = 1 [pid 420] <... futex resumed>) = 0 [pid 419] <... futex resumed>) = ? [pid 418] <... exit_group resumed>) = ? [pid 438] +++ exited with 0 +++ [pid 431] chdir("./file0" [pid 423] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 420] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 419] +++ exited with 0 +++ [pid 418] +++ exited with 0 +++ [pid 423] <... futex resumed>) = 1 [pid 422] <... futex resumed>) = 0 [pid 423] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 422] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=418, si_uid=0, si_status=0, si_utime=2, si_stime=10} --- [pid 422] <... futex resumed>) = 0 [pid 327] restart_syscall(<... resuming interrupted clone ...> [pid 422] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... restart_syscall resumed>) = 0 [pid 327] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 327] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 327] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 327] getdents64(3, 0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 431] <... chdir resumed>) = 0 [pid 430] <... mount resumed>) = 0 [pid 424] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 421] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 420] <... futex resumed>) = 0 [pid 327] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 431] ioctl(4, LOOP_CLR_FD [pid 430] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 424] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 420] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 431] <... ioctl resumed>) = 0 [pid 430] <... openat resumed>) = 3 [pid 424] <... futex resumed>) = 0 [pid 327] lstat("./3/binderfs", [pid 430] chdir("./file0" [pid 327] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 430] <... chdir resumed>) = 0 [pid 327] unlink("./3/binderfs" [pid 430] ioctl(4, LOOP_CLR_FD [pid 327] <... unlink resumed>) = 0 [pid 431] close(4 [pid 430] <... ioctl resumed>) = 0 [pid 424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 327] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 431] <... close resumed>) = 0 [pid 430] close(4 [pid 424] <... mmap resumed>) = 0x7f325cb65000 [pid 431] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] <... close resumed>) = 0 [pid 424] mprotect(0x7f325cb66000, 131072, PROT_READ|PROT_WRITE [pid 431] <... futex resumed>) = 1 [pid 428] <... futex resumed>) = 0 [pid 424] <... mprotect resumed>) = 0 [pid 431] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 428] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 424] clone(child_stack=0x7f325cb853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 430] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] <... futex resumed>) = 0 [pid 431] creat("./bus", 000 [pid 430] <... futex resumed>) = 1 [pid 428] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 426] <... futex resumed>) = 0 [pid 424] <... clone resumed>, parent_tid=[444], tls=0x7f325cb85700, child_tidptr=0x7f325cb859d0) = 444 [pid 431] <... creat resumed>) = 4 [pid 430] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 426] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 424] futex(0x7f3264e807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 431] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 426] <... futex resumed>) = 0 [pid 424] <... futex resumed>) = 0 [pid 431] <... futex resumed>) = 1 [pid 428] <... futex resumed>) = 0 [pid 426] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 431] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 428] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 428] <... futex resumed>) = 0 [pid 431] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 428] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 431] <... mount resumed>) = 0 [pid 431] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] <... futex resumed>) = 0 [pid 431] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 428] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 428] <... futex resumed>) = 0 [pid 431] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 428] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 431] <... open resumed>) = 5 [pid 431] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 428] <... futex resumed>) = 0 [pid 431] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 428] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 428] <... futex resumed>) = 0 [pid 431] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 428] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 431] <... openat resumed>) = 6 [pid 430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 431] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] creat("./bus", 000 [pid 431] <... futex resumed>) = 1 [pid 428] <... futex resumed>) = 0 ./strace-static-x86_64: Process 444 attached [pid 431] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 430] <... creat resumed>) = 4 [pid 428] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 425] <... write resumed>) = 1507328 [pid 444] set_robust_list(0x7f325cb859e0, 24 [pid 431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 428] <... futex resumed>) = 0 [pid 444] <... set_robust_list resumed>) = 0 [pid 431] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 428] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 444] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 430] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 426] <... futex resumed>) = 0 [pid 422] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 420] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 426] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 430] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL) = 0 [pid 430] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 425] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] <... futex resumed>) = 1 [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 425] <... futex resumed>) = 0 [pid 425] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 430] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 430] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 430] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [ 22.181658][ T430] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 22.201053][ T352] EXT4-fs error (device loop4): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:3: bad extent address lblock: 0, depth: 1 pblock 0 [pid 430] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 426] <... futex resumed>) = 0 [pid 426] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 423] <... write resumed>) = 2097152 [pid 423] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 423] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 422] exit_group(0 [pid 423] <... futex resumed>) = ? [pid 422] <... exit_group resumed>) = ? [pid 423] +++ exited with 0 +++ [pid 431] <... write resumed>) = 1507328 [pid 430] <... write resumed>) = 1507328 [pid 428] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 426] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 422] +++ exited with 0 +++ [pid 431] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 426] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] <... write resumed>) = 2097152 [pid 431] <... futex resumed>) = 0 [pid 430] <... futex resumed>) = 0 [pid 428] <... futex resumed>) = 0 [pid 426] <... futex resumed>) = 0 [pid 421] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 324] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=422, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 431] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 430] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 428] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 426] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 324] restart_syscall(<... resuming interrupted clone ...> [pid 444] <... write resumed>) = 2097152 [pid 421] <... futex resumed>) = 0 [pid 444] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 420] exit_group(0 [pid 444] <... futex resumed>) = 0 [pid 421] <... futex resumed>) = ? [pid 420] <... exit_group resumed>) = ? [pid 444] futex(0x7f3264e807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 421] +++ exited with 0 +++ [pid 420] +++ exited with 0 +++ [pid 324] <... restart_syscall resumed>) = 0 [pid 424] exit_group(0 [pid 325] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=420, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 444] <... futex resumed>) = ? [pid 425] <... futex resumed>) = ? [pid 424] <... exit_group resumed>) = ? [pid 444] +++ exited with 0 +++ [pid 425] +++ exited with 0 +++ [pid 424] +++ exited with 0 +++ [pid 326] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=424, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 324] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 324] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 326] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 325] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 324] fstat(3, [pid 325] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 326] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 324] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 325] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 326] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 324] getdents64(3, [pid 326] <... openat resumed>) = 3 [pid 324] <... getdents64 resumed>0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 326] fstat(3, [pid 325] <... openat resumed>) = 3 [pid 324] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 325] fstat(3, [pid 326] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 325] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 324] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 326] getdents64(3, [pid 325] getdents64(3, [pid 324] lstat("./3/binderfs", [pid 325] <... getdents64 resumed>0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 326] <... getdents64 resumed>0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 325] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 324] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 22.266470][ T352] EXT4-fs (loop4): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 22.292756][ T352] EXT4-fs (loop4): This should not happen!! Data will be lost [ 22.292756][ T352] [pid 326] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 325] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 324] unlink("./3/binderfs" [pid 326] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 325] lstat("./3/binderfs", [pid 324] <... unlink resumed>) = 0 [pid 326] lstat("./3/binderfs", [pid 325] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 324] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 325] unlink("./3/binderfs" [pid 326] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 326] unlink("./3/binderfs" [pid 325] <... unlink resumed>) = 0 [pid 326] <... unlink resumed>) = 0 [pid 325] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 326] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 327] <... umount2 resumed>) = 0 [pid 327] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 327] lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 327] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 327] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 327] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 327] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 327] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 327] close(4) = 0 [pid 327] rmdir("./3/file0") = 0 [pid 327] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 327] close(3) = 0 [pid 327] rmdir("./3") = 0 [pid 327] mkdir("./4", 0777) = 0 [pid 327] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 327] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 327] close(3) = 0 [pid 327] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d3c5d0) = 445 ./strace-static-x86_64: Process 445 attached [pid 445] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 445] chdir("./4") = 0 [pid 445] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 445] setpgid(0, 0) = 0 [pid 445] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 445] write(3, "1000", 4) = 4 [pid 445] close(3) = 0 [pid 445] symlink("/dev/binderfs", "./binderfs") = 0 [pid 445] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 445] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 445] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[446], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 446 [pid 445] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 446 attached [pid 446] set_robust_list(0x7f3264da69e0, 24 [pid 428] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 426] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 446] <... set_robust_list resumed>) = 0 [ 22.349422][ T8] EXT4-fs error (device loop1): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:0: bad extent address lblock: 0, depth: 1 pblock 0 [ 22.365043][ T352] EXT4-fs error (device loop2): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:3: bad extent address lblock: 0, depth: 1 pblock 0 [ 22.365283][ T10] EXT4-fs error (device loop3): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:1: bad extent address lblock: 0, depth: 1 pblock 0 [pid 446] memfd_create("syzkaller", 0) = 3 [pid 446] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [ 22.393453][ T352] EXT4-fs (loop2): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 22.405810][ T8] EXT4-fs (loop1): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 22.431316][ T352] EXT4-fs (loop2): This should not happen!! Data will be lost [ 22.431316][ T352] [pid 430] <... write resumed>) = 2097152 [pid 430] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 430] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 426] exit_group(0) = ? [pid 430] <... futex resumed>) = ? [pid 431] <... write resumed>) = 2097152 [pid 430] +++ exited with 0 +++ [pid 426] +++ exited with 0 +++ [pid 431] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 328] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=426, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 431] <... futex resumed>) = 0 [pid 428] exit_group(0 [pid 431] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 428] <... exit_group resumed>) = ? [pid 431] +++ exited with 0 +++ [pid 428] +++ exited with 0 +++ [pid 323] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=428, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 328] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 323] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 328] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 328] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 323] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 323] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 328] <... openat resumed>) = 3 [pid 328] fstat(3, [pid 323] <... openat resumed>) = 3 [pid 328] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 323] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 323] getdents64(3, [pid 328] getdents64(3, [pid 323] <... getdents64 resumed>0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 328] <... getdents64 resumed>0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 323] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 328] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 323] lstat("./3/binderfs", [pid 328] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 323] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 323] unlink("./3/binderfs" [pid 328] lstat("./3/binderfs", [pid 323] <... unlink resumed>) = 0 [pid 328] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 328] unlink("./3/binderfs" [pid 323] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 328] <... unlink resumed>) = 0 [pid 446] <... write resumed>) = 2097152 [pid 446] munmap(0x7f325c986000, 2097152) = 0 [pid 446] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 446] ioctl(4, LOOP_SET_FD, 3 [ 22.442724][ T8] EXT4-fs (loop1): This should not happen!! Data will be lost [ 22.442724][ T8] [ 22.469853][ T45] EXT4-fs error (device loop0): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:2: bad extent address lblock: 0, depth: 1 pblock 0 [ 22.478100][ T446] loop4: detected capacity change from 0 to 4096 [ 22.490748][ T10] EXT4-fs (loop3): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 22.493705][ T45] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 22.503513][ T10] EXT4-fs (loop3): This should not happen!! Data will be lost [ 22.503513][ T10] [ 22.526383][ T357] EXT4-fs error (device loop5): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:4: bad extent address lblock: 0, depth: 1 pblock 0 [ 22.540175][ T45] EXT4-fs (loop0): This should not happen!! Data will be lost [ 22.540175][ T45] [pid 328] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 446] <... ioctl resumed>) = 0 [pid 446] close(3) = 0 [pid 446] mkdir("./file0", 0777) = 0 [pid 446] mount("/dev/loop4", "./file0", "ext4", 0, ",errors=continue" [pid 325] <... umount2 resumed>) = 0 [pid 325] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 325] lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 325] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 325] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 325] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 325] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 325] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 325] close(4) = 0 [pid 325] rmdir("./3/file0") = 0 [pid 325] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 325] close(3) = 0 [pid 325] rmdir("./3") = 0 [pid 325] mkdir("./4", 0777) = 0 [pid 325] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 325] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 325] close(3) = 0 [pid 325] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d3c5d0) = 448 ./strace-static-x86_64: Process 448 attached [pid 448] set_robust_list(0x555556d3c5e0, 24) = 0 [ 22.549753][ T357] EXT4-fs (loop5): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 22.562348][ T357] EXT4-fs (loop5): This should not happen!! Data will be lost [ 22.562348][ T357] [pid 448] chdir("./4") = 0 [pid 448] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 448] setpgid(0, 0) = 0 [pid 448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 448] write(3, "1000", 4) = 4 [pid 448] close(3) = 0 [pid 448] symlink("/dev/binderfs", "./binderfs") = 0 [pid 448] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 448] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 448] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[450], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 450 [pid 448] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 448] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 450 attached [pid 450] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 450] memfd_create("syzkaller", 0) = 3 [pid 450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [pid 450] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 450] munmap(0x7f325c986000, 2097152) = 0 [pid 450] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 450] ioctl(4, LOOP_SET_FD, 3 [pid 326] <... umount2 resumed>) = 0 [pid 323] <... umount2 resumed>) = 0 [pid 326] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 326] lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 326] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 326] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 326] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 326] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 326] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 326] close(4) = 0 [pid 326] rmdir("./3/file0" [pid 450] <... ioctl resumed>) = 0 [pid 450] close(3) = 0 [pid 450] mkdir("./file0", 0777) = 0 [pid 446] <... mount resumed>) = 0 [pid 450] mount("/dev/loop2", "./file0", "ext4", 0, ",errors=continue" [pid 446] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 446] chdir("./file0") = 0 [pid 446] ioctl(4, LOOP_CLR_FD) = 0 [pid 446] close(4) = 0 [pid 446] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 326] <... rmdir resumed>) = 0 [pid 324] <... umount2 resumed>) = 0 [pid 323] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 445] <... futex resumed>) = 0 [pid 446] <... futex resumed>) = 1 [pid 445] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] creat("./bus", 000 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] <... creat resumed>) = 4 [pid 446] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] <... futex resumed>) = 1 [pid 446] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL) = 0 [pid 446] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] <... futex resumed>) = 1 [pid 446] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 446] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] <... futex resumed>) = 1 [pid 446] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 446] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 446] <... futex resumed>) = 1 [pid 446] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 324] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 324] lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 324] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 324] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 326] getdents64(3, [pid 323] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 328] <... umount2 resumed>) = 0 [pid 324] fstat(4, [pid 326] <... getdents64 resumed>0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 324] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 323] lstat("./3/file0", [pid 326] close(3 [pid 324] getdents64(4, [pid 323] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 326] <... close resumed>) = 0 [pid 324] <... getdents64 resumed>0x555556d45660 /* 2 entries */, 32768) = 48 [pid 323] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 326] rmdir("./3" [pid 324] getdents64(4, [pid 323] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 326] <... rmdir resumed>) = 0 [pid 324] <... getdents64 resumed>0x555556d45660 /* 0 entries */, 32768) = 0 [pid 323] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 326] mkdir("./4", 0777 [pid 324] close(4 [pid 323] <... openat resumed>) = 4 [pid 326] <... mkdir resumed>) = 0 [pid 324] <... close resumed>) = 0 [pid 323] fstat(4, [pid 326] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 324] rmdir("./3/file0" [pid 323] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 326] <... openat resumed>) = 3 [pid 324] <... rmdir resumed>) = 0 [pid 323] getdents64(4, [pid 326] ioctl(3, LOOP_CLR_FD [pid 324] getdents64(3, [pid 323] <... getdents64 resumed>0x555556d45660 /* 2 entries */, 32768) = 48 [pid 326] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 324] <... getdents64 resumed>0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 323] getdents64(4, [pid 326] close(3 [pid 324] close(3 [pid 323] <... getdents64 resumed>0x555556d45660 /* 0 entries */, 32768) = 0 [pid 326] <... close resumed>) = 0 [pid 324] <... close resumed>) = 0 [pid 323] close(4 [pid 326] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 324] rmdir("./3" [pid 323] <... close resumed>) = 0 [ 22.621235][ T446] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 22.645254][ T450] loop2: detected capacity change from 0 to 4096 [pid 324] <... rmdir resumed>) = 0 [pid 323] rmdir("./3/file0"./strace-static-x86_64: Process 453 attached [pid 446] <... write resumed>) = 1507328 [pid 328] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 453] set_robust_list(0x555556d3c5e0, 24 [pid 328] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 453] <... set_robust_list resumed>) = 0 [pid 453] chdir("./4" [pid 328] lstat("./3/file0", [pid 453] <... chdir resumed>) = 0 [pid 328] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 453] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 328] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 453] <... prctl resumed>) = 0 [pid 328] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 453] setpgid(0, 0 [pid 328] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 453] <... setpgid resumed>) = 0 [pid 453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 328] <... openat resumed>) = 4 [pid 326] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 453 [pid 324] mkdir("./4", 0777 [pid 323] <... rmdir resumed>) = 0 [pid 453] <... openat resumed>) = 3 [pid 328] fstat(4, [pid 324] <... mkdir resumed>) = 0 [pid 323] getdents64(3, [pid 453] write(3, "1000", 4 [pid 328] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 324] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 453] <... write resumed>) = 4 [pid 328] getdents64(4, [pid 323] <... getdents64 resumed>0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 453] close(3 [pid 328] <... getdents64 resumed>0x555556d45660 /* 2 entries */, 32768) = 48 [pid 324] <... openat resumed>) = 3 [pid 453] <... close resumed>) = 0 [pid 328] getdents64(4, [pid 453] symlink("/dev/binderfs", "./binderfs" [pid 328] <... getdents64 resumed>0x555556d45660 /* 0 entries */, 32768) = 0 [pid 453] <... symlink resumed>) = 0 [pid 328] close(4 [pid 453] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... close resumed>) = 0 [pid 453] <... futex resumed>) = 0 [pid 328] rmdir("./3/file0" [pid 324] ioctl(3, LOOP_CLR_FD [pid 323] close(3 [pid 453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 328] <... rmdir resumed>) = 0 [pid 324] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 323] <... close resumed>) = 0 [pid 453] <... mmap resumed>) = 0x7f3264d86000 [pid 328] getdents64(3, [pid 324] close(3 [pid 323] rmdir("./3" [pid 453] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE [pid 328] <... getdents64 resumed>0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 324] <... close resumed>) = 0 [pid 453] <... mprotect resumed>) = 0 [pid 328] close(3 [pid 324] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 323] <... rmdir resumed>) = 0 [pid 453] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 328] <... close resumed>) = 0 [pid 328] rmdir("./3" [pid 323] mkdir("./4", 0777 [pid 453] <... clone resumed>, parent_tid=[454], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 454 [pid 328] <... rmdir resumed>) = 0 [pid 324] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 455 [pid 453] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] mkdir("./4", 0777 [pid 323] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 455 attached ./strace-static-x86_64: Process 454 attached [pid 453] <... futex resumed>) = 0 [pid 450] <... mount resumed>) = 0 [pid 323] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 455] set_robust_list(0x555556d3c5e0, 24 [pid 454] set_robust_list(0x7f3264da69e0, 24 [pid 453] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 450] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 328] <... mkdir resumed>) = 0 [pid 323] <... openat resumed>) = 3 [pid 455] <... set_robust_list resumed>) = 0 [pid 454] <... set_robust_list resumed>) = 0 [pid 450] <... openat resumed>) = 3 [pid 446] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 323] ioctl(3, LOOP_CLR_FD [pid 455] chdir("./4" [pid 454] memfd_create("syzkaller", 0 [pid 450] chdir("./file0" [pid 446] <... futex resumed>) = 1 [pid 328] <... openat resumed>) = 3 [pid 455] <... chdir resumed>) = 0 [pid 454] <... memfd_create resumed>) = 3 [pid 450] <... chdir resumed>) = 0 [pid 446] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 328] ioctl(3, LOOP_CLR_FD [pid 455] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 450] ioctl(4, LOOP_CLR_FD [pid 328] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 455] <... prctl resumed>) = 0 [pid 454] <... mmap resumed>) = 0x7f325c986000 [pid 450] <... ioctl resumed>) = 0 [pid 328] close(3 [pid 455] setpgid(0, 0 [pid 450] close(4 [pid 445] <... futex resumed>) = 0 [pid 323] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 328] <... close resumed>) = 0 [pid 455] <... setpgid resumed>) = 0 [pid 450] <... close resumed>) = 0 [pid 445] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 323] close(3 [pid 455] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 450] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] <... futex resumed>) = 0 [pid 445] <... futex resumed>) = 1 [pid 323] <... close resumed>) = 0 [ 22.684463][ T450] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 455] <... openat resumed>) = 3 [pid 450] <... futex resumed>) = 1 [pid 448] <... futex resumed>) = 0 [pid 446] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 445] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 323] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 456 attached [pid 455] write(3, "1000", 4 [pid 454] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 450] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 448] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 456 [pid 456] set_robust_list(0x555556d3c5e0, 24 [pid 455] <... write resumed>) = 4 [pid 454] <... write resumed>) = 2097152 [pid 450] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 448] <... futex resumed>) = 0 [pid 456] <... set_robust_list resumed>) = 0 [pid 455] close(3 [pid 450] creat("./bus", 000 [pid 448] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 323] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 457 [pid 456] chdir("./4" [pid 455] <... close resumed>) = 0 [pid 456] <... chdir resumed>) = 0 [pid 455] symlink("/dev/binderfs", "./binderfs" [pid 450] <... creat resumed>) = 4 [pid 456] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 455] <... symlink resumed>) = 0 [pid 454] munmap(0x7f325c986000, 2097152 [pid 450] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] <... prctl resumed>) = 0 [pid 455] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 454] <... munmap resumed>) = 0 [pid 450] <... futex resumed>) = 1 [pid 448] <... futex resumed>) = 0 [pid 456] setpgid(0, 0 [pid 455] <... futex resumed>) = 0 [pid 454] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 450] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 448] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] <... setpgid resumed>) = 0 [pid 455] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 454] <... openat resumed>) = 4 [pid 450] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 448] <... futex resumed>) = 0 [pid 456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 455] <... mmap resumed>) = 0x7f3264d86000 [pid 454] ioctl(4, LOOP_SET_FD, 3 [pid 450] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 448] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 456] <... openat resumed>) = 3 [pid 455] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE [pid 450] <... mount resumed>) = 0 [pid 450] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 448] <... futex resumed>) = 0 [pid 450] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 448] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 450] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 448] <... futex resumed>) = 0 [pid 450] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 448] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 450] <... open resumed>) = 5 [pid 450] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 448] <... futex resumed>) = 0 [pid 456] write(3, "1000", 4 [pid 455] <... mprotect resumed>) = 0 [pid 450] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 448] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] <... write resumed>) = 4 [pid 455] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 450] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 448] <... futex resumed>) = 0 ./strace-static-x86_64: Process 457 attached [pid 456] close(3 [pid 454] <... ioctl resumed>) = 0 [pid 450] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 448] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 457] set_robust_list(0x555556d3c5e0, 24 [pid 456] <... close resumed>) = 0 [pid 455] <... clone resumed>, parent_tid=[458], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 458 [pid 454] close(3 [pid 457] <... set_robust_list resumed>) = 0 [pid 456] symlink("/dev/binderfs", "./binderfs" [pid 455] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 454] <... close resumed>) = 0 [pid 450] <... openat resumed>) = 6 [pid 457] chdir("./4" [pid 456] <... symlink resumed>) = 0 [pid 455] <... futex resumed>) = 0 [pid 454] mkdir("./file0", 0777 [pid 457] <... chdir resumed>) = 0 [pid 456] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 455] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 454] <... mkdir resumed>) = 0 [pid 457] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 456] <... futex resumed>) = 0 [pid 454] mount("/dev/loop3", "./file0", "ext4", 0, ",errors=continue" [pid 450] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] <... prctl resumed>) = 0 [pid 456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 457] setpgid(0, 0 [pid 456] <... mmap resumed>) = 0x7f3264d86000 [pid 450] <... futex resumed>) = 1 [pid 448] <... futex resumed>) = 0 [pid 457] <... setpgid resumed>) = 0 [pid 456] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE [pid 450] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 448] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 456] <... mprotect resumed>) = 0 [pid 450] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 448] <... futex resumed>) = 0 [pid 457] <... openat resumed>) = 3 [pid 456] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 450] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 448] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 457] write(3, "1000", 4) = 4 [pid 456] <... clone resumed>, parent_tid=[459], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 459 [pid 457] close(3 [pid 456] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] <... close resumed>) = 0 [pid 456] <... futex resumed>) = 0 [pid 457] symlink("/dev/binderfs", "./binderfs" [pid 456] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 457] <... symlink resumed>) = 0 [pid 457] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 457] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 457] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[460], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 460 [pid 457] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 458 attached [pid 458] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 458] memfd_create("syzkaller", 0) = 3 [pid 458] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 ./strace-static-x86_64: Process 459 attached [pid 459] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 459] memfd_create("syzkaller", 0) = 3 [pid 459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [pid 445] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 446] <... write resumed>) = 2097152 [pid 446] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 445] exit_group(0) = ? [pid 446] <... futex resumed>) = ? [pid 446] +++ exited with 0 +++ [pid 445] +++ exited with 0 +++ [pid 327] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=445, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 327] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 327] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 327] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 327] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 327] getdents64(3, 0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 327] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 327] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 327] unlink("./4/binderfs") = 0 [ 22.736449][ T454] loop3: detected capacity change from 0 to 4096 [pid 327] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 459] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 459] munmap(0x7f325c986000, 2097152) = 0 [pid 459] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 459] ioctl(4, LOOP_SET_FD, 3 [pid 448] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 448] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f325cb65000 [pid 448] mprotect(0x7f325cb66000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 448] clone(child_stack=0x7f325cb853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[462], tls=0x7f325cb85700, child_tidptr=0x7f325cb859d0) = 462 [pid 448] futex(0x7f3264e807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 448] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] <... ioctl resumed>) = 0 [pid 459] close(3) = 0 [pid 459] mkdir("./file0", 0777) = 0 [pid 459] mount("/dev/loop5", "./file0", "ext4", 0, ",errors=continue"./strace-static-x86_64: Process 460 attached [pid 460] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 460] memfd_create("syzkaller", 0) = 3 [pid 460] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 ./strace-static-x86_64: Process 462 attached [pid 458] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 462] set_robust_list(0x7f325cb859e0, 24) = 0 [ 22.790069][ T45] EXT4-fs error (device loop4): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:2: bad extent address lblock: 0, depth: 1 pblock 0 [ 22.806335][ T459] loop5: detected capacity change from 0 to 4096 [pid 462] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 460] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 460] munmap(0x7f325c986000, 2097152) = 0 [pid 460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 460] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 460] close(3) = 0 [pid 460] mkdir("./file0", 0777) = 0 [pid 460] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue" [pid 458] <... write resumed>) = 2097152 [pid 458] munmap(0x7f325c986000, 2097152) = 0 [pid 458] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 22.833715][ T450] EXT4-fs error (device loop2): ext4_ext_split:1072: inode #19: comm syz-executor211: p_ext > EXT_MAX_EXTENT! [ 22.845897][ T460] loop0: detected capacity change from 0 to 4096 [ 22.853490][ T459] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 22.863121][ T458] loop1: detected capacity change from 0 to 4096 [ 22.870507][ T45] EXT4-fs (loop4): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [pid 458] ioctl(4, LOOP_SET_FD, 3 [pid 448] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 458] <... ioctl resumed>) = 0 [pid 458] close(3) = 0 [pid 458] mkdir("./file0", 0777 [pid 459] <... mount resumed>) = 0 [pid 458] <... mkdir resumed>) = 0 [pid 454] <... mount resumed>) = 0 [pid 459] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 459] chdir("./file0") = 0 [pid 459] ioctl(4, LOOP_CLR_FD) = 0 [pid 459] close(4 [pid 460] <... mount resumed>) = 0 [pid 459] <... close resumed>) = 0 [ 22.872326][ T454] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 22.899838][ T45] EXT4-fs (loop4): This should not happen!! Data will be lost [ 22.899838][ T45] [ 22.913521][ T460] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 458] mount("/dev/loop1", "./file0", "ext4", 0, ",errors=continue" [pid 454] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 459] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 454] <... openat resumed>) = 3 [pid 459] <... futex resumed>) = 1 [pid 456] <... futex resumed>) = 0 [pid 454] chdir("./file0" [pid 459] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 456] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 454] <... chdir resumed>) = 0 [pid 459] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 456] <... futex resumed>) = 0 [pid 454] ioctl(4, LOOP_CLR_FD [pid 459] creat("./bus", 000 [pid 456] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] <... ioctl resumed>) = 0 [pid 454] close(4) = 0 [pid 454] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 453] <... futex resumed>) = 0 [pid 454] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 453] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 453] <... futex resumed>) = 0 [pid 454] creat("./bus", 000 [pid 453] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 460] chdir("./file0") = 0 [pid 460] ioctl(4, LOOP_CLR_FD) = 0 [pid 460] close(4) = 0 [pid 460] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] <... futex resumed>) = 1 [pid 460] creat("./bus", 000 [pid 459] <... creat resumed>) = 4 [pid 460] <... creat resumed>) = 4 [pid 460] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] <... futex resumed>) = 0 [pid 457] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] <... futex resumed>) = 0 [pid 454] <... creat resumed>) = 4 [pid 457] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] <... futex resumed>) = 1 [pid 460] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 459] <... futex resumed>) = 1 [pid 456] <... futex resumed>) = 0 [pid 454] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 460] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 457] <... futex resumed>) = 0 [pid 460] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 457] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 460] <... open resumed>) = 5 [pid 457] <... futex resumed>) = 0 [pid 460] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] <... futex resumed>) = 0 [pid 457] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 460] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 457] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 460] <... openat resumed>) = 6 [pid 459] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 457] <... futex resumed>) = 0 [pid 456] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 460] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... mount resumed>) = 0 [pid 457] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 456] <... futex resumed>) = 0 [pid 454] <... futex resumed>) = 1 [pid 453] <... futex resumed>) = 0 [pid 462] <... write resumed>) = 2097152 [pid 460] <... futex resumed>) = 0 [pid 459] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 457] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 456] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 453] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 462] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 460] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 459] <... futex resumed>) = 0 [pid 457] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 454] <... mount resumed>) = 0 [pid 453] <... futex resumed>) = 0 [pid 462] <... futex resumed>) = 0 [pid 459] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 457] <... futex resumed>) = 0 [pid 456] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 454] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 453] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 462] futex(0x7f3264e807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 459] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 457] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 456] <... futex resumed>) = 0 [pid 454] <... futex resumed>) = 0 [pid 453] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 459] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 456] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 453] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... open resumed>) = 5 [pid 454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 453] <... futex resumed>) = 0 [pid 459] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 454] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 453] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] <... futex resumed>) = 1 [pid 456] <... futex resumed>) = 0 [pid 454] <... open resumed>) = 5 [pid 459] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 456] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 454] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 456] <... futex resumed>) = 0 [pid 459] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 456] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] <... futex resumed>) = 1 [pid 453] <... futex resumed>) = 0 [pid 459] <... openat resumed>) = 6 [pid 453] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 454] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 459] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 453] <... futex resumed>) = 0 [pid 454] <... openat resumed>) = 6 [pid 453] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] <... futex resumed>) = 1 [pid 456] <... futex resumed>) = 0 [pid 454] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 456] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 454] <... futex resumed>) = 1 [pid 453] <... futex resumed>) = 0 [ 22.920966][ T450] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:437: comm syz-executor211: Invalid block bitmap block 0 in block_group 0 [pid 459] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 456] <... futex resumed>) = 0 [pid 454] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 453] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 456] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 453] <... futex resumed>) = 0 [pid 453] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 457] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 457] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f325cb65000 [pid 457] mprotect(0x7f325cb66000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 457] clone(child_stack=0x7f325cb853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[469], tls=0x7f325cb85700, child_tidptr=0x7f325cb859d0) = 469 [pid 457] futex(0x7f3264e807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 457] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 469 attached [pid 469] set_robust_list(0x7f325cb859e0, 24) = 0 [pid 469] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 454] <... write resumed>) = 1507328 [ 22.965354][ T450] EXT4-fs error (device loop2): ext4_discard_preallocations:5045: comm syz-executor211: Error -117 reading block bitmap for 0 [ 22.979493][ T450] EXT4-fs error (device loop2): ext4_free_blocks:5934: comm syz-executor211: Freeing blocks not in datazone - block = 320, count = 16 [ 22.999581][ T450] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5805: Corrupt filesystem [pid 454] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 454] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 459] <... write resumed>) = 1507328 [pid 459] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 459] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 453] <... futex resumed>) = 0 [pid 456] <... futex resumed>) = 0 [pid 456] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 453] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... futex resumed>) = 0 [pid 456] <... futex resumed>) = 1 [pid 459] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 456] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 453] <... futex resumed>) = 1 [pid 454] <... futex resumed>) = 0 [pid 453] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 327] <... umount2 resumed>) = 0 [pid 327] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 327] lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 327] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 327] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 327] fstat(4, [pid 457] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 457] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 457] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 327] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 327] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 327] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 327] close(4) = 0 [pid 327] rmdir("./4/file0") = 0 [pid 327] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 327] close(3) = 0 [pid 327] rmdir("./4") = 0 [pid 327] mkdir("./5", 0777) = 0 [pid 327] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 327] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 327] close(3) = 0 [pid 327] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d3c5d0) = 471 ./strace-static-x86_64: Process 471 attached [pid 471] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 471] chdir("./5") = 0 [pid 471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 471] setpgid(0, 0) = 0 [pid 471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 471] write(3, "1000", 4) = 4 [pid 471] close(3) = 0 [pid 471] symlink("/dev/binderfs", "./binderfs") = 0 [pid 471] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 471] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 471] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[472], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 472 [pid 471] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 472 attached [pid 472] set_robust_list(0x7f3264da69e0, 24) = 0 [ 23.028578][ T460] EXT4-fs error (device loop0): ext4_map_blocks:726: inode #19: block 454: comm syz-executor211: lblock 326 mapped to illegal pblock 454 (length 1) [ 23.044187][ T450] EXT4-fs error (device loop2): ext4_ext_truncate:4402: inode #19: comm syz-executor211: mark_inode_dirty error [ 23.056599][ T458] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 472] memfd_create("syzkaller", 0) = 3 [pid 472] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [pid 472] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 456] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 453] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 23.077196][ T460] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:437: comm syz-executor211: Invalid block bitmap block 0 in block_group 0 [pid 458] <... mount resumed>) = 0 [pid 458] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 458] chdir("./file0") = 0 [pid 458] ioctl(4, LOOP_CLR_FD) = 0 [pid 458] close(4) = 0 [pid 458] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 455] <... futex resumed>) = 0 [pid 455] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 455] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... futex resumed>) = 1 [pid 458] creat("./bus", 000 [pid 472] <... write resumed>) = 2097152 [pid 472] munmap(0x7f325c986000, 2097152) = 0 [pid 472] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 472] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 472] close(3) = 0 [pid 472] mkdir("./file0", 0777) = 0 [pid 472] mount("/dev/loop4", "./file0", "ext4", 0, ",errors=continue" [pid 458] <... creat resumed>) = 4 [pid 458] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 458] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 455] <... futex resumed>) = 0 [pid 455] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] <... futex resumed>) = 0 [pid 455] <... futex resumed>) = 1 [pid 458] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 455] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... mount resumed>) = 0 [pid 458] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 455] <... futex resumed>) = 0 [pid 458] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 455] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 455] <... futex resumed>) = 0 [pid 458] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 455] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... open resumed>) = 5 [pid 458] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 455] <... futex resumed>) = 0 [pid 458] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 455] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 455] <... futex resumed>) = 0 [pid 458] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [ 23.136673][ T472] loop4: detected capacity change from 0 to 4096 [ 23.148980][ T460] EXT4-fs error (device loop0): ext4_discard_preallocations:5045: comm syz-executor211: Error -117 reading block bitmap for 0 [ 23.161911][ T450] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5805: Corrupt filesystem [pid 455] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] <... openat resumed>) = 6 [pid 458] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 455] <... futex resumed>) = 0 [pid 455] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 455] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 458] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 459] <... write resumed>) = 2097152 [pid 459] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 469] <... write resumed>) = 2097152 [pid 469] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7f3264e807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 456] exit_group(0) = ? [pid 459] <... futex resumed>) = ? [pid 459] +++ exited with 0 +++ [pid 456] +++ exited with 0 +++ [pid 328] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=456, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 328] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 328] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 328] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 328] getdents64(3, 0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 328] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 328] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 328] unlink("./4/binderfs") = 0 [ 23.183822][ T450] EXT4-fs error (device loop2): ext4_truncate:4299: inode #19: comm syz-executor211: mark_inode_dirty error [ 23.198199][ T460] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5805: Corrupt filesystem [ 23.199257][ T472] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 23.207775][ T460] EXT4-fs error (device loop0): ext4_ext_truncate:4402: inode #19: comm syz-executor211: mark_inode_dirty error [pid 328] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 472] <... mount resumed>) = 0 [pid 458] <... write resumed>) = 1507328 [pid 455] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 454] <... write resumed>) = 2097152 [pid 458] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 455] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 454] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] <... futex resumed>) = 0 [pid 455] <... futex resumed>) = 0 [pid 453] exit_group(0 [pid 450] <... write resumed>) = 786432 [pid 453] <... exit_group resumed>) = ? [pid 450] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 455] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] <... futex resumed>) = ? [pid 450] <... futex resumed>) = 0 [pid 450] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 448] exit_group(0 [pid 462] <... futex resumed>) = ? [pid 450] <... futex resumed>) = ? [pid 448] <... exit_group resumed>) = ? [pid 472] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 462] +++ exited with 0 +++ [pid 450] +++ exited with 0 +++ [pid 448] +++ exited with 0 +++ [pid 472] <... openat resumed>) = 3 [pid 454] +++ exited with 0 +++ [pid 453] +++ exited with 0 +++ [pid 325] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=448, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- [pid 472] chdir("./file0") = 0 [pid 326] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=453, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 472] ioctl(4, LOOP_CLR_FD [pid 326] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 325] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 472] <... ioctl resumed>) = 0 [pid 326] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 325] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 472] close(4 [pid 326] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 325] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 472] <... close resumed>) = 0 [pid 326] <... openat resumed>) = 3 [pid 325] <... openat resumed>) = 3 [pid 472] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 326] fstat(3, [pid 325] fstat(3, [pid 472] <... futex resumed>) = 1 [pid 471] <... futex resumed>) = 0 [pid 326] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 325] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 472] creat("./bus", 000 [pid 471] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 326] getdents64(3, [pid 325] getdents64(3, [pid 471] <... futex resumed>) = 0 [pid 326] <... getdents64 resumed>0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 325] <... getdents64 resumed>0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 471] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 326] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 325] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 472] <... creat resumed>) = 4 [pid 326] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 325] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 326] lstat("./4/binderfs", [pid 325] lstat("./4/binderfs", [pid 472] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 326] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 325] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 472] <... futex resumed>) = 1 [pid 471] <... futex resumed>) = 0 [pid 326] unlink("./4/binderfs" [pid 325] unlink("./4/binderfs" [pid 472] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 471] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 326] <... unlink resumed>) = 0 [pid 325] <... unlink resumed>) = 0 [pid 472] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 23.230941][ T8] EXT4-fs error (device loop5): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:0: bad extent address lblock: 0, depth: 1 pblock 0 [ 23.244788][ T460] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5805: Corrupt filesystem [ 23.254529][ T8] EXT4-fs (loop5): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 23.256172][ T450] syz-executor211 (450) used greatest stack depth: 20904 bytes left [pid 471] <... futex resumed>) = 0 [pid 326] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 325] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 472] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 471] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 472] <... mount resumed>) = 0 [pid 472] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 471] <... futex resumed>) = 0 [pid 472] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 471] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 472] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 471] <... futex resumed>) = 0 [pid 472] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 471] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 472] <... open resumed>) = 5 [pid 472] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 471] <... futex resumed>) = 0 [pid 472] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 471] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 472] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 471] <... futex resumed>) = 0 [pid 472] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 471] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 472] <... openat resumed>) = 6 [pid 472] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 471] <... futex resumed>) = 0 [pid 472] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 471] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 472] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 471] <... futex resumed>) = 0 [pid 472] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 23.290114][ T10] EXT4-fs error (device loop3): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:1: bad extent address lblock: 0, depth: 1 pblock 0 [ 23.299668][ T460] EXT4-fs error (device loop0): ext4_truncate:4299: inode #19: comm syz-executor211: mark_inode_dirty error [ 23.316113][ T357] EXT4-fs error (device loop2): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:4: bad extent address lblock: 0, depth: 1 pblock 0 [pid 471] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 455] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 460] <... write resumed>) = 1335296 [pid 460] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 471] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 471] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f325cb65000 [pid 460] <... futex resumed>) = 0 [pid 471] mprotect(0x7f325cb66000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 471] clone(child_stack=0x7f325cb853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[476], tls=0x7f325cb85700, child_tidptr=0x7f325cb859d0) = 476 [pid 471] futex(0x7f3264e807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 457] exit_group(0) = ? ./strace-static-x86_64: Process 476 attached [pid 476] set_robust_list(0x7f325cb859e0, 24) = 0 [ 23.323975][ T10] EXT4-fs (loop3): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 23.333136][ T8] EXT4-fs (loop5): This should not happen!! Data will be lost [ 23.333136][ T8] [ 23.354525][ T357] EXT4-fs (loop2): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 23.369414][ T357] EXT4-fs (loop2): This should not happen!! Data will be lost [ 23.369414][ T357] [pid 476] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 469] <... futex resumed>) = ? [pid 460] +++ exited with 0 +++ [pid 469] +++ exited with 0 +++ [pid 457] +++ exited with 0 +++ [pid 323] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=457, si_uid=0, si_status=0, si_utime=0, si_stime=18} --- [pid 323] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 323] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 323] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 323] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 323] getdents64(3, 0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 323] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 323] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 323] unlink("./4/binderfs") = 0 [pid 323] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 471] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 23.381613][ T472] EXT4-fs error (device loop4): ext4_map_blocks:726: inode #19: block 500: comm syz-executor211: lblock 356 mapped to illegal pblock 500 (length 1) [ 23.406779][ T362] EXT4-fs error (device loop0): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:5: bad extent address lblock: 0, depth: 1 pblock 0 [ 23.414375][ T10] EXT4-fs (loop3): This should not happen!! Data will be lost [ 23.414375][ T10] [pid 458] <... write resumed>) = 2097152 [pid 458] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 455] exit_group(0 [pid 458] <... futex resumed>) = 0 [pid 455] <... exit_group resumed>) = ? [pid 328] <... umount2 resumed>) = 0 [pid 458] +++ exited with 0 +++ [pid 455] +++ exited with 0 +++ [pid 328] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 328] lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 324] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=455, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 328] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 324] restart_syscall(<... resuming interrupted clone ...> [pid 328] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 324] <... restart_syscall resumed>) = 0 [pid 328] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 328] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 324] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 328] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 324] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 328] close(4) = 0 [pid 324] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 328] rmdir("./4/file0" [pid 324] <... openat resumed>) = 3 [pid 324] fstat(3, [pid 328] <... rmdir resumed>) = 0 [pid 324] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 328] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 324] getdents64(3, [pid 328] close(3) = 0 [pid 324] <... getdents64 resumed>0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 328] rmdir("./4" [pid 324] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 328] <... rmdir resumed>) = 0 [pid 324] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 328] mkdir("./5", 0777 [pid 324] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 328] <... mkdir resumed>) = 0 [pid 324] unlink("./4/binderfs" [pid 328] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 324] <... unlink resumed>) = 0 [ 23.431548][ T362] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 23.446903][ T362] EXT4-fs (loop0): This should not happen!! Data will be lost [ 23.446903][ T362] [pid 328] <... openat resumed>) = 3 [pid 324] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 328] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 328] close(3) = 0 [pid 328] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d3c5d0) = 477 ./strace-static-x86_64: Process 477 attached [pid 477] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 477] chdir("./5") = 0 [pid 477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 477] setpgid(0, 0) = 0 [pid 477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 477] write(3, "1000", 4) = 4 [pid 477] close(3) = 0 [pid 477] symlink("/dev/binderfs", "./binderfs") = 0 [pid 477] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 477] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 477] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[478], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 478 [pid 477] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 478 attached [pid 478] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 478] memfd_create("syzkaller", 0) = 3 [pid 478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [ 23.478346][ T352] EXT4-fs error (device loop1): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:3: bad extent address lblock: 0, depth: 1 pblock 0 [ 23.492436][ T472] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5805: Corrupt filesystem [ 23.519886][ T472] EXT4-fs error (device loop4): ext4_ext_truncate:4402: inode #19: comm syz-executor211: mark_inode_dirty error [pid 478] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 476] <... write resumed>) = 2097152 [pid 326] <... umount2 resumed>) = 0 [pid 326] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 326] lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 326] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 326] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 326] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 326] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 326] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 326] close(4) = 0 [pid 326] rmdir("./4/file0") = 0 [pid 326] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 326] close(3) = 0 [pid 326] rmdir("./4") = 0 [pid 326] mkdir("./5", 0777) = 0 [pid 326] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 326] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 326] close(3) = 0 [pid 326] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d3c5d0) = 479 ./strace-static-x86_64: Process 479 attached [pid 479] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 479] chdir("./5") = 0 [pid 479] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 479] setpgid(0, 0) = 0 [pid 479] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 479] write(3, "1000", 4) = 4 [pid 479] close(3) = 0 [pid 479] symlink("/dev/binderfs", "./binderfs") = 0 [pid 479] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 479] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 478] <... write resumed>) = 2097152 [pid 479] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[480], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 480 [pid 479] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 479] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 478] munmap(0x7f325c986000, 2097152) = 0 [pid 478] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 478] ioctl(4, LOOP_SET_FD, 3 [pid 325] <... umount2 resumed>) = 0 [pid 476] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000 [ 23.528050][ T352] EXT4-fs (loop1): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 23.558478][ T472] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5805: Corrupt filesystem [ 23.562334][ T352] EXT4-fs (loop1): This should not happen!! Data will be lost [ 23.562334][ T352] [ 23.575744][ T478] loop5: detected capacity change from 0 to 4096 [pid 325] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 480 attached [pid 476] <... futex resumed>) = 0 [pid 325] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 480] set_robust_list(0x7f3264da69e0, 24 [pid 476] futex(0x7f3264e807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 325] lstat("./4/file0", [pid 480] <... set_robust_list resumed>) = 0 [pid 325] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 480] memfd_create("syzkaller", 0 [pid 325] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 480] <... memfd_create resumed>) = 3 [pid 325] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 472] <... write resumed>) = 1458176 [pid 472] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 472] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 325] <... openat resumed>) = 4 [pid 480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 325] fstat(4, [pid 480] <... mmap resumed>) = 0x7f325c986000 [pid 471] exit_group(0) = ? [pid 472] <... futex resumed>) = ? [pid 472] +++ exited with 0 +++ [pid 476] <... futex resumed>) = ? [pid 325] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 476] +++ exited with 0 +++ [pid 471] +++ exited with 0 +++ [pid 327] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=471, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 325] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 327] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 325] getdents64(4, [pid 327] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 325] <... getdents64 resumed>0x555556d45660 /* 0 entries */, 32768) = 0 [pid 327] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 325] close(4 [pid 327] <... openat resumed>) = 3 [pid 325] <... close resumed>) = 0 [pid 327] fstat(3, [pid 325] rmdir("./4/file0" [pid 327] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 325] <... rmdir resumed>) = 0 [pid 327] getdents64(3, [pid 325] getdents64(3, [pid 327] <... getdents64 resumed>0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 325] <... getdents64 resumed>0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 327] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 325] close(3 [pid 327] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 325] <... close resumed>) = 0 [pid 327] lstat("./5/binderfs", [pid 325] rmdir("./4" [pid 327] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 327] unlink("./5/binderfs" [pid 325] <... rmdir resumed>) = 0 [pid 327] <... unlink resumed>) = 0 [pid 325] mkdir("./5", 0777 [pid 327] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 325] <... mkdir resumed>) = 0 [pid 478] <... ioctl resumed>) = 0 [pid 478] close(3) = 0 [ 23.581060][ T472] EXT4-fs error (device loop4): ext4_truncate:4299: inode #19: comm syz-executor211: mark_inode_dirty error [pid 478] mkdir("./file0", 0777) = 0 [pid 478] mount("/dev/loop5", "./file0", "ext4", 0, ",errors=continue" [pid 325] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 325] ioctl(3, LOOP_CLR_FD [pid 480] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 325] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 325] close(3) = 0 [pid 325] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d3c5d0) = 481 [pid 480] <... write resumed>) = 2097152 [pid 480] munmap(0x7f325c986000, 2097152) = 0 [pid 480] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 480] ioctl(4, LOOP_SET_FD, 3 [pid 323] <... umount2 resumed>) = 0 [pid 480] <... ioctl resumed>) = 0 [pid 480] close(3) = 0 [pid 480] mkdir("./file0", 0777) = 0 [pid 480] mount("/dev/loop3", "./file0", "ext4", 0, ",errors=continue"./strace-static-x86_64: Process 481 attached [pid 481] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 481] chdir("./5") = 0 [pid 481] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 481] setpgid(0, 0) = 0 [pid 481] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 481] write(3, "1000", 4) = 4 [pid 481] close(3) = 0 [pid 481] symlink("/dev/binderfs", "./binderfs") = 0 [pid 481] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 481] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 481] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[483], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 483 [pid 481] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 483 attached [pid 483] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 483] memfd_create("syzkaller", 0) = 3 [pid 483] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [pid 323] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 324] <... umount2 resumed>) = 0 [pid 483] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 323] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 324] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 323] lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 324] lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 323] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 324] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 323] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 324] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 324] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 323] <... openat resumed>) = 4 [pid 324] <... openat resumed>) = 4 [pid 323] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 23.617369][ T8] EXT4-fs error (device loop4): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:0: bad extent address lblock: 0, depth: 1 pblock 0 [ 23.640175][ T480] loop3: detected capacity change from 0 to 4096 [pid 324] fstat(4, [pid 323] getdents64(4, [pid 324] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 483] <... write resumed>) = 2097152 [pid 483] munmap(0x7f325c986000, 2097152) = 0 [pid 483] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 483] ioctl(4, LOOP_SET_FD, 3 [pid 324] getdents64(4, [pid 323] <... getdents64 resumed>0x555556d45660 /* 2 entries */, 32768) = 48 [pid 483] <... ioctl resumed>) = 0 [pid 483] close(3) = 0 [pid 483] mkdir("./file0", 0777) = 0 [pid 483] mount("/dev/loop2", "./file0", "ext4", 0, ",errors=continue" [pid 324] <... getdents64 resumed>0x555556d45660 /* 2 entries */, 32768) = 48 [pid 323] getdents64(4, [pid 324] getdents64(4, [pid 323] <... getdents64 resumed>0x555556d45660 /* 0 entries */, 32768) = 0 [pid 324] <... getdents64 resumed>0x555556d45660 /* 0 entries */, 32768) = 0 [pid 323] close(4 [pid 324] close(4 [pid 323] <... close resumed>) = 0 [pid 324] <... close resumed>) = 0 [pid 323] rmdir("./4/file0" [pid 324] rmdir("./4/file0" [pid 323] <... rmdir resumed>) = 0 [pid 324] <... rmdir resumed>) = 0 [pid 323] getdents64(3, [pid 324] getdents64(3, [pid 323] <... getdents64 resumed>0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 324] <... getdents64 resumed>0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 323] close(3 [pid 324] close(3 [pid 323] <... close resumed>) = 0 [pid 324] <... close resumed>) = 0 [pid 323] rmdir("./4" [pid 324] rmdir("./4" [pid 323] <... rmdir resumed>) = 0 [pid 324] <... rmdir resumed>) = 0 [pid 323] mkdir("./5", 0777 [pid 324] mkdir("./5", 0777 [pid 323] <... mkdir resumed>) = 0 [pid 324] <... mkdir resumed>) = 0 [pid 323] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 324] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 323] <... openat resumed>) = 3 [pid 324] <... openat resumed>) = 3 [pid 323] ioctl(3, LOOP_CLR_FD [pid 324] ioctl(3, LOOP_CLR_FD [pid 323] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 324] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 323] close(3 [pid 324] close(3 [pid 323] <... close resumed>) = 0 [pid 324] <... close resumed>) = 0 [pid 323] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 324] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 323] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 488 [ 23.673366][ T8] EXT4-fs (loop4): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 23.675578][ T483] loop2: detected capacity change from 0 to 4096 [ 23.697708][ T8] EXT4-fs (loop4): This should not happen!! Data will be lost [ 23.697708][ T8] [pid 324] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 489 [pid 478] <... mount resumed>) = 0 [pid 478] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 478] chdir("./file0") = 0 [pid 478] ioctl(4, LOOP_CLR_FD) = 0 [pid 478] close(4) = 0 [pid 478] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = 0 [pid 477] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... futex resumed>) = 1 [pid 478] creat("./bus", 000./strace-static-x86_64: Process 488 attached [pid 488] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 488] chdir("./5") = 0 [pid 488] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 488] setpgid(0, 0) = 0 [pid 488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 488] write(3, "1000", 4) = 4 [pid 488] close(3) = 0 [pid 488] symlink("/dev/binderfs", "./binderfs") = 0 [pid 488] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 488] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 488] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[491], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 491 [pid 488] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 491 attached [pid 491] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 491] memfd_create("syzkaller", 0) = 3 [pid 491] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [pid 478] <... creat resumed>) = 4 [pid 478] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 477] <... futex resumed>) = 0 [pid 478] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 477] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] <... mount resumed>) = 0 [pid 477] <... futex resumed>) = 0 [pid 478] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... futex resumed>) = 0 [pid 477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 478] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 477] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] <... open resumed>) = 5 [pid 477] <... futex resumed>) = 0 [pid 478] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... futex resumed>) = 0 [pid 477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 478] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 477] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] <... openat resumed>) = 6 [pid 477] <... futex resumed>) = 0 [pid 478] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... futex resumed>) = 0 [pid 477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 478] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 477] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 491] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 491] munmap(0x7f325c986000, 2097152) = 0 [pid 491] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 23.715298][ T478] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 23.727212][ T483] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 23.747434][ T480] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 491] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 489 attached [pid 489] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 489] chdir("./5") = 0 [pid 483] <... mount resumed>) = 0 [pid 489] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 480] <... mount resumed>) = 0 [pid 489] <... prctl resumed>) = 0 [pid 483] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 489] setpgid(0, 0) = 0 [pid 483] <... openat resumed>) = 3 [pid 480] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 483] chdir("./file0" [pid 480] <... openat resumed>) = 3 [pid 489] <... openat resumed>) = 3 [pid 483] <... chdir resumed>) = 0 [pid 480] chdir("./file0" [pid 489] write(3, "1000", 4 [pid 483] ioctl(4, LOOP_CLR_FD [pid 489] <... write resumed>) = 4 [pid 480] <... chdir resumed>) = 0 [pid 483] <... ioctl resumed>) = 0 [pid 489] close(3 [pid 483] close(4 [pid 480] ioctl(4, LOOP_CLR_FD [pid 489] <... close resumed>) = 0 [pid 491] <... ioctl resumed>) = 0 [pid 491] close(3) = 0 [pid 491] mkdir("./file0", 0777) = 0 [pid 491] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue" [pid 478] <... write resumed>) = 1507328 [pid 478] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = 0 [pid 477] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... futex resumed>) = 1 [pid 478] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 489] symlink("/dev/binderfs", "./binderfs") = 0 [pid 489] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 489] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 483] <... close resumed>) = 0 [pid 489] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 483] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 489] <... clone resumed>, parent_tid=[492], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 492 [pid 483] creat("./bus", 000 [pid 481] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 481] <... futex resumed>) = 0 [pid 489] <... futex resumed>) = 0 [pid 481] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 489] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 483] <... creat resumed>) = 4 [pid 483] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] <... mount resumed>) = 0 [pid 483] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 480] <... ioctl resumed>) = 0 [pid 481] <... futex resumed>) = 0 [pid 483] <... futex resumed>) = 1 [pid 481] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 480] close(4 [pid 483] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 481] <... futex resumed>) = 0 [pid 483] <... open resumed>) = 5 [pid 481] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 480] <... close resumed>) = 0 [pid 483] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 481] <... futex resumed>) = 0 [pid 483] <... futex resumed>) = 1 [pid 480] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 481] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 483] <... openat resumed>) = 6 [pid 480] <... futex resumed>) = 1 [pid 479] <... futex resumed>) = 0 [pid 483] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 480] creat("./bus", 000 [pid 479] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] <... futex resumed>) = 1 [pid 481] <... futex resumed>) = 0 [pid 479] <... futex resumed>) = 0 [pid 483] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 481] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 480] <... creat resumed>) = 4 [pid 479] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 481] <... futex resumed>) = 0 [pid 481] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 480] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 479] <... futex resumed>) = 0 [pid 479] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 479] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 492 attached [pid 492] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 492] memfd_create("syzkaller", 0) = 3 [pid 492] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [pid 327] <... umount2 resumed>) = 0 [pid 480] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL) = 0 [pid 480] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 479] <... futex resumed>) = 0 [pid 479] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 479] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 480] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [ 23.774613][ T491] loop0: detected capacity change from 0 to 4096 [pid 492] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 480] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 479] <... futex resumed>) = 0 [pid 480] <... futex resumed>) = 1 [pid 479] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 479] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 480] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 327] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 477] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 477] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 477] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 492] <... write resumed>) = 2097152 [pid 492] munmap(0x7f325c986000, 2097152) = 0 [pid 492] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 492] ioctl(4, LOOP_SET_FD, 3 [pid 480] <... openat resumed>) = 6 [pid 327] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 480] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] lstat("./5/file0", [pid 480] <... futex resumed>) = 1 [pid 479] <... futex resumed>) = 0 [pid 480] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 479] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 480] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 479] <... futex resumed>) = 0 [pid 327] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 479] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 480] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 327] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 481] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 481] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f325cb65000 [pid 481] mprotect(0x7f325cb66000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 481] clone(child_stack=0x7f325cb853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[495], tls=0x7f325cb85700, child_tidptr=0x7f325cb859d0) = 495 [pid 481] futex(0x7f3264e807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 481] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 327] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 327] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 327] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 327] close(4) = 0 [pid 327] rmdir("./5/file0") = 0 [pid 327] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 327] close(3) = 0 [pid 327] rmdir("./5") = 0 [pid 327] mkdir("./6", 0777) = 0 [pid 327] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 327] ioctl(3, LOOP_CLR_FD [pid 491] <... mount resumed>) = 0 [pid 327] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 491] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 327] close(3 [pid 491] <... openat resumed>) = 3 [pid 327] <... close resumed>) = 0 [pid 491] chdir("./file0" [pid 327] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 491] <... chdir resumed>) = 0 [pid 327] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 496 [pid 491] ioctl(4, LOOP_CLR_FD) = 0 [pid 491] close(4) = 0 [pid 491] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 491] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 488] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 491] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 496 attached ./strace-static-x86_64: Process 495 attached [ 23.843672][ T491] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 23.854667][ T492] loop1: detected capacity change from 0 to 4096 [pid 492] <... ioctl resumed>) = 0 [pid 491] creat("./bus", 000 [pid 483] <... write resumed>) = 1507328 [pid 480] <... write resumed>) = 1507328 [pid 496] set_robust_list(0x555556d3c5e0, 24 [pid 495] set_robust_list(0x7f325cb859e0, 24 [pid 492] close(3 [pid 483] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 480] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... set_robust_list resumed>) = 0 [pid 495] <... set_robust_list resumed>) = 0 [pid 492] <... close resumed>) = 0 [pid 483] <... futex resumed>) = 0 [pid 480] <... futex resumed>) = 1 [pid 479] <... futex resumed>) = 0 [pid 478] <... write resumed>) = 2097152 [pid 496] chdir("./6" [pid 495] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 492] mkdir("./file0", 0777 [pid 483] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 480] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 479] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... chdir resumed>) = 0 [pid 492] <... mkdir resumed>) = 0 [pid 491] <... creat resumed>) = 4 [pid 481] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 480] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 479] <... futex resumed>) = 0 [pid 478] <... futex resumed>) = 0 [pid 477] exit_group(0 [pid 496] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 492] mount("/dev/loop1", "./file0", "ext4", 0, ",errors=continue" [pid 491] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 480] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 479] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 496] <... prctl resumed>) = 0 [pid 495] <... write resumed>) = 2097152 [pid 491] <... futex resumed>) = 1 [pid 488] <... futex resumed>) = 0 [pid 478] +++ exited with 0 +++ [pid 477] <... exit_group resumed>) = ? [pid 496] setpgid(0, 0 [pid 495] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 491] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 488] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 481] exit_group(0 [pid 477] +++ exited with 0 +++ [pid 496] <... setpgid resumed>) = 0 [pid 483] <... futex resumed>) = ? [pid 481] <... exit_group resumed>) = ? [pid 496] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 483] +++ exited with 0 +++ [pid 328] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=477, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- [pid 496] <... openat resumed>) = 3 [pid 328] restart_syscall(<... resuming interrupted clone ...> [pid 496] write(3, "1000", 4 [pid 328] <... restart_syscall resumed>) = 0 [pid 496] <... write resumed>) = 4 [pid 496] close(3) = 0 [pid 328] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 496] symlink("/dev/binderfs", "./binderfs" [pid 328] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 496] <... symlink resumed>) = 0 [pid 328] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 496] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... openat resumed>) = 3 [pid 496] <... futex resumed>) = 0 [pid 328] fstat(3, [pid 496] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 328] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 496] <... mmap resumed>) = 0x7f3264d86000 [pid 328] getdents64(3, [pid 496] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE [pid 328] <... getdents64 resumed>0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 496] <... mprotect resumed>) = 0 [pid 328] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 496] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 491] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 488] <... futex resumed>) = 0 [pid 328] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 491] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 488] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] lstat("./5/binderfs", [pid 496] <... clone resumed>, parent_tid=[499], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 499 [pid 328] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 496] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] unlink("./5/binderfs" [pid 496] <... futex resumed>) = 0 [pid 328] <... unlink resumed>) = 0 [pid 496] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 328] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 491] <... mount resumed>) = 0 [pid 495] <... futex resumed>) = ? [pid 495] +++ exited with 0 +++ [pid 481] +++ exited with 0 +++ [pid 325] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=481, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 325] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 325] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 325] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 325] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 325] getdents64(3, 0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 325] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 325] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 325] unlink("./5/binderfs") = 0 [pid 325] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 499 attached [pid 499] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 499] memfd_create("syzkaller", 0) = 3 [pid 499] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [pid 491] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 499] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 491] <... futex resumed>) = 1 [pid 488] <... futex resumed>) = 0 [pid 479] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 23.944039][ T352] EXT4-fs error (device loop5): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:3: bad extent address lblock: 0, depth: 1 pblock 0 [ 23.958580][ T492] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 23.968132][ T8] EXT4-fs error (device loop2): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:0: bad extent address lblock: 0, depth: 1 pblock 0 [pid 491] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 488] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 491] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 488] <... futex resumed>) = 0 [pid 491] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 488] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 492] <... mount resumed>) = 0 [pid 491] <... open resumed>) = 5 [pid 491] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 491] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 488] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 491] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 488] <... futex resumed>) = 0 [pid 491] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 488] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 491] <... openat resumed>) = 6 [pid 491] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 491] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 488] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 491] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 488] <... futex resumed>) = 0 [pid 491] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 488] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 492] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 492] chdir("./file0") = 0 [pid 492] ioctl(4, LOOP_CLR_FD) = 0 [pid 492] close(4) = 0 [pid 492] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [pid 492] creat("./bus", 000 [pid 489] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 492] <... creat resumed>) = 4 [pid 492] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 492] <... futex resumed>) = 0 [pid 489] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 492] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 489] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 492] <... futex resumed>) = 0 [pid 489] <... futex resumed>) = 1 [pid 492] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL) = 0 [pid 489] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 492] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 489] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 492] <... futex resumed>) = 0 [pid 489] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 492] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 492] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 492] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 489] <... futex resumed>) = 1 [pid 492] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 489] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 489] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 492] <... futex resumed>) = 0 [pid 489] <... futex resumed>) = 1 [pid 492] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 489] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 492] <... openat resumed>) = 6 [pid 499] <... write resumed>) = 2097152 [pid 492] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 489] <... futex resumed>) = 0 [pid 480] <... write resumed>) = 2097152 [pid 492] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] munmap(0x7f325c986000, 2097152 [pid 489] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 480] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 479] exit_group(0 [pid 499] <... munmap resumed>) = 0 [pid 492] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 489] <... futex resumed>) = 0 [pid 480] <... futex resumed>) = ? [pid 479] <... exit_group resumed>) = ? [pid 499] openat(AT_FDCWD, "/dev/loop4", O_RDWR [ 23.975483][ T352] EXT4-fs (loop5): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 23.995933][ T352] EXT4-fs (loop5): This should not happen!! Data will be lost [ 23.995933][ T352] [ 24.029636][ T8] EXT4-fs (loop2): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [pid 492] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 489] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 480] +++ exited with 0 +++ [pid 479] +++ exited with 0 +++ [pid 499] <... openat resumed>) = 4 [pid 488] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 326] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=479, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 499] ioctl(4, LOOP_SET_FD, 3 [pid 488] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 491] <... write resumed>) = 1507328 [pid 491] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 491] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 488] <... futex resumed>) = 0 [pid 488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f325cb65000 [pid 488] mprotect(0x7f325cb66000, 131072, PROT_READ|PROT_WRITE [pid 326] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 488] <... mprotect resumed>) = 0 [pid 326] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 488] clone(child_stack=0x7f325cb853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 326] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 488] <... clone resumed>, parent_tid=[500], tls=0x7f325cb85700, child_tidptr=0x7f325cb859d0) = 500 [pid 326] fstat(3, [pid 488] futex(0x7f3264e807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 326] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 488] <... futex resumed>) = 0 [pid 326] getdents64(3, [pid 488] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 326] <... getdents64 resumed>0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 326] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 326] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 326] unlink("./5/binderfs") = 0 [pid 326] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 500 attached [pid 500] set_robust_list(0x7f325cb859e0, 24) = 0 [pid 500] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 499] <... ioctl resumed>) = 0 [pid 499] close(3) = 0 [pid 499] mkdir("./file0", 0777 [pid 489] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 489] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... umount2 resumed>) = 0 [pid 328] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 489] <... futex resumed>) = 0 [pid 328] lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 328] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 489] <... mmap resumed>) = 0x7f325cb65000 [pid 489] mprotect(0x7f325cb66000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 328] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 489] clone(child_stack=0x7f325cb853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 328] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 489] <... clone resumed>, parent_tid=[501], tls=0x7f325cb85700, child_tidptr=0x7f325cb859d0) = 501 [pid 489] futex(0x7f3264e807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] <... openat resumed>) = 4 [pid 489] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 328] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 328] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 328] close(4) = 0 [pid 328] rmdir("./5/file0") = 0 [pid 328] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 328] close(3) = 0 [pid 328] rmdir("./5") = 0 [pid 328] mkdir("./6", 0777) = 0 [pid 499] <... mkdir resumed>) = 0 [pid 328] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 328] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 328] close(3) = 0 [pid 328] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d3c5d0) = 502 ./strace-static-x86_64: Process 501 attached [pid 501] set_robust_list(0x7f325cb859e0, 24) = 0 [pid 501] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 499] mount("/dev/loop4", "./file0", "ext4", 0, ",errors=continue"./strace-static-x86_64: Process 502 attached [pid 502] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 502] chdir("./6") = 0 [pid 502] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 502] setpgid(0, 0) = 0 [pid 502] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 502] write(3, "1000", 4) = 4 [pid 502] close(3) = 0 [pid 502] symlink("/dev/binderfs", "./binderfs" [pid 488] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 488] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 502] <... symlink resumed>) = 0 [pid 502] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 502] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [ 24.059662][ T499] loop4: detected capacity change from 0 to 4096 [ 24.063755][ T8] EXT4-fs (loop2): This should not happen!! Data will be lost [ 24.063755][ T8] [ 24.078310][ T45] EXT4-fs error (device loop3): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:2: bad extent address lblock: 0, depth: 1 pblock 0 [pid 502] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[503], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 503 [pid 502] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 503 attached [pid 503] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 503] memfd_create("syzkaller", 0) = 3 [pid 503] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [pid 325] <... umount2 resumed>) = 0 [pid 325] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 325] lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 325] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 325] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 325] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 325] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 325] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 325] close(4) = 0 [pid 325] rmdir("./5/file0") = 0 [pid 325] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 325] close(3) = 0 [pid 325] rmdir("./5") = 0 [pid 325] mkdir("./6", 0777) = 0 [pid 325] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 325] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 325] close(3) = 0 [pid 325] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 489] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 325] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 505 [ 24.130325][ T492] EXT4-fs error (device loop1): ext4_ext_map_blocks:4121: inode #19: comm syz-executor211: bad extent address lblock: 165, depth: 1 pblock 0 ./strace-static-x86_64: Process 505 attached [pid 500] <... write resumed>) = 2097152 [pid 503] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 505] set_robust_list(0x555556d3c5e0, 24 [pid 500] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] exit_group(0 [pid 503] <... write resumed>) = 2097152 [pid 503] munmap(0x7f325c986000, 2097152 [pid 505] <... set_robust_list resumed>) = 0 [pid 500] <... futex resumed>) = ? [pid 488] <... exit_group resumed>) = ? [pid 491] <... futex resumed>) = ? [pid 491] +++ exited with 0 +++ [pid 503] <... munmap resumed>) = 0 [pid 503] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 503] ioctl(4, LOOP_SET_FD, 3 [pid 505] chdir("./6" [pid 500] +++ exited with 0 +++ [pid 488] +++ exited with 0 +++ [ 24.176613][ T492] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:437: comm syz-executor211: Invalid block bitmap block 0 in block_group 0 [ 24.194045][ T45] EXT4-fs (loop3): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 24.195139][ T499] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 24.207481][ T503] loop5: detected capacity change from 0 to 4096 [pid 505] <... chdir resumed>) = 0 [pid 501] <... write resumed>) = 2097152 [pid 323] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=488, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 503] <... ioctl resumed>) = 0 [pid 503] close(3) = 0 [pid 503] mkdir("./file0", 0777) = 0 [pid 503] mount("/dev/loop5", "./file0", "ext4", 0, ",errors=continue" [pid 499] <... mount resumed>) = 0 [pid 499] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 499] chdir("./file0") = 0 [pid 499] ioctl(4, LOOP_CLR_FD) = 0 [pid 499] close(4) = 0 [pid 499] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... futex resumed>) = 0 [pid 496] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 499] <... futex resumed>) = 1 [pid 499] creat("./bus", 000) = 4 [pid 499] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... futex resumed>) = 0 [pid 496] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 499] <... futex resumed>) = 1 [pid 499] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL) = 0 [pid 499] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... futex resumed>) = 0 [pid 496] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 499] <... futex resumed>) = 1 [pid 499] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 499] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... futex resumed>) = 0 [pid 496] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 499] <... futex resumed>) = 1 [pid 499] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 499] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... futex resumed>) = 0 [pid 496] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 499] <... futex resumed>) = 1 [pid 499] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 505] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 501] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] futex(0x7f3264e807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 505] <... prctl resumed>) = 0 [pid 505] setpgid(0, 0 [pid 323] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 505] <... setpgid resumed>) = 0 [pid 505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 323] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 323] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 505] <... openat resumed>) = 3 [pid 323] <... openat resumed>) = 3 [pid 323] fstat(3, [pid 505] write(3, "1000", 4 [pid 323] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 323] getdents64(3, [pid 505] <... write resumed>) = 4 [pid 323] <... getdents64 resumed>0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 505] close(3 [pid 323] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 505] <... close resumed>) = 0 [pid 323] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 505] symlink("/dev/binderfs", "./binderfs") = 0 [pid 323] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 505] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 323] unlink("./5/binderfs" [pid 505] <... futex resumed>) = 0 [pid 323] <... unlink resumed>) = 0 [pid 505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 323] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 505] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 499] <... write resumed>) = 1507328 [pid 499] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 496] <... futex resumed>) = 0 [pid 496] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 499] <... futex resumed>) = 1 [pid 499] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 505] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[509], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 509 [pid 505] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 509 attached [pid 509] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 509] memfd_create("syzkaller", 0) = 3 [pid 509] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [ 24.223299][ T45] EXT4-fs (loop3): This should not happen!! Data will be lost [ 24.223299][ T45] [ 24.230913][ T492] EXT4-fs error (device loop1): ext4_discard_preallocations:5045: comm syz-executor211: Error -117 reading block bitmap for 0 [ 24.260334][ T45] EXT4-fs error (device loop0): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:2: bad extent address lblock: 0, depth: 1 pblock 0 [pid 509] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 496] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 496] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 496] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 496] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 496] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 509] <... write resumed>) = 2097152 [pid 509] munmap(0x7f325c986000, 2097152) = 0 [pid 509] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 509] ioctl(4, LOOP_SET_FD, 3 [pid 503] <... mount resumed>) = 0 [pid 499] <... write resumed>) = 2097152 [pid 499] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 499] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 509] <... ioctl resumed>) = 0 [pid 503] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 496] exit_group(0 [pid 503] chdir("./file0" [pid 496] <... exit_group resumed>) = ? [pid 503] <... chdir resumed>) = 0 [pid 503] ioctl(4, LOOP_CLR_FD) = 0 [pid 503] close(4) = 0 [pid 503] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 503] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 502] <... futex resumed>) = 0 [pid 499] <... futex resumed>) = ? [pid 503] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 502] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 499] +++ exited with 0 +++ [pid 496] +++ exited with 0 +++ [pid 503] creat("./bus", 000 [pid 502] <... futex resumed>) = 0 [pid 503] <... creat resumed>) = 4 [pid 502] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 503] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 502] <... futex resumed>) = 0 [pid 503] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 502] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 503] <... mount resumed>) = 0 [pid 502] <... futex resumed>) = 0 [pid 503] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 503] <... futex resumed>) = 0 [pid 502] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 503] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 502] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 503] <... open resumed>) = 5 [pid 502] <... futex resumed>) = 0 [pid 503] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 503] <... futex resumed>) = 0 [pid 502] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 503] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 502] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 503] <... openat resumed>) = 6 [ 24.308461][ T503] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 24.324090][ T509] loop2: detected capacity change from 0 to 4096 [ 24.326584][ T492] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5805: Corrupt filesystem [ 24.331109][ T45] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [pid 503] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 502] <... futex resumed>) = 0 [pid 502] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 503] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 327] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=496, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 326] <... umount2 resumed>) = 0 [pid 326] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 327] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 326] lstat("./5/file0", [pid 327] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 326] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 327] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 326] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 327] <... openat resumed>) = 3 [pid 326] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 509] close(3 [pid 327] fstat(3, [pid 326] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 509] <... close resumed>) = 0 [pid 509] mkdir("./file0", 0777 [pid 327] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 326] <... openat resumed>) = 4 [pid 509] <... mkdir resumed>) = 0 [pid 327] getdents64(3, [pid 326] fstat(4, [pid 509] mount("/dev/loop2", "./file0", "ext4", 0, ",errors=continue" [pid 326] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 327] <... getdents64 resumed>0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 326] getdents64(4, [pid 327] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 326] <... getdents64 resumed>0x555556d45660 /* 2 entries */, 32768) = 48 [pid 502] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 327] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 24.351822][ T45] EXT4-fs (loop0): This should not happen!! Data will be lost [ 24.351822][ T45] [ 24.373983][ T492] EXT4-fs error (device loop1): ext4_ext_truncate:4402: inode #19: comm syz-executor211: mark_inode_dirty error [ 24.388032][ T492] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5805: Corrupt filesystem [pid 326] getdents64(4, [pid 502] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 327] lstat("./6/binderfs", [pid 326] <... getdents64 resumed>0x555556d45660 /* 0 entries */, 32768) = 0 [pid 502] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 327] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 326] close(4 [pid 502] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 327] unlink("./6/binderfs" [pid 326] <... close resumed>) = 0 [pid 502] <... futex resumed>) = 0 [pid 327] <... unlink resumed>) = 0 [pid 326] rmdir("./5/file0" [pid 502] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 327] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 326] <... rmdir resumed>) = 0 [pid 502] <... mmap resumed>) = 0x7f325cb65000 [pid 326] getdents64(3, [pid 502] mprotect(0x7f325cb66000, 131072, PROT_READ|PROT_WRITE [pid 326] <... getdents64 resumed>0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 502] <... mprotect resumed>) = 0 [pid 326] close(3 [pid 502] clone(child_stack=0x7f325cb853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 326] <... close resumed>) = 0 [pid 326] rmdir("./5" [pid 502] <... clone resumed>, parent_tid=[511], tls=0x7f325cb85700, child_tidptr=0x7f325cb859d0) = 511 [pid 326] <... rmdir resumed>) = 0 [pid 502] futex(0x7f3264e807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 326] mkdir("./6", 0777 [pid 502] <... futex resumed>) = 0 [pid 326] <... mkdir resumed>) = 0 [pid 502] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 326] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 326] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 326] close(3) = 0 [pid 326] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d3c5d0) = 513 ./strace-static-x86_64: Process 513 attached [pid 513] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 492] <... write resumed>) = 675840 [pid 492] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 492] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 489] exit_group(0) = ? [pid 492] <... futex resumed>) = ? [pid 492] +++ exited with 0 +++ [pid 513] chdir("./6" [pid 501] <... futex resumed>) = ? [pid 513] <... chdir resumed>) = 0 [pid 513] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 513] setpgid(0, 0) = 0 [pid 513] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 511 attached [pid 513] write(3, "1000", 4) = 4 [pid 511] set_robust_list(0x7f325cb859e0, 24 [pid 513] close(3 [pid 511] <... set_robust_list resumed>) = 0 [pid 513] <... close resumed>) = 0 [pid 511] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [ 24.399019][ T492] EXT4-fs error (device loop1): ext4_truncate:4299: inode #19: comm syz-executor211: mark_inode_dirty error [ 24.413521][ T10] EXT4-fs error (device loop4): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:1: bad extent address lblock: 0, depth: 1 pblock 0 [ 24.428735][ T10] EXT4-fs (loop4): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 24.441300][ T10] EXT4-fs (loop4): This should not happen!! Data will be lost [ 24.441300][ T10] [pid 513] symlink("/dev/binderfs", "./binderfs" [pid 502] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 501] +++ exited with 0 +++ [pid 489] +++ exited with 0 +++ [pid 324] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=489, si_uid=0, si_status=0, si_utime=0, si_stime=17} --- [pid 323] <... umount2 resumed>) = 0 [pid 324] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 324] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 513] <... symlink resumed>) = 0 [pid 324] <... openat resumed>) = 3 [pid 323] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 324] fstat(3, [pid 513] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 324] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 323] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 513] <... futex resumed>) = 0 [pid 324] getdents64(3, [pid 509] <... mount resumed>) = 0 [pid 324] <... getdents64 resumed>0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 503] <... write resumed>) = 1122304 [pid 323] lstat("./5/file0", [pid 509] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 509] chdir("./file0") = 0 [pid 509] ioctl(4, LOOP_CLR_FD) = 0 [pid 509] close(4) = 0 [pid 324] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 509] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 509] creat("./bus", 000 [pid 505] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 324] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 505] <... futex resumed>) = 0 [pid 505] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] <... mmap resumed>) = 0x7f3264d86000 [pid 324] lstat("./5/binderfs", [pid 513] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE [pid 324] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 323] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 509] <... creat resumed>) = 4 [pid 324] unlink("./5/binderfs" [pid 513] <... mprotect resumed>) = 0 [pid 509] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 505] <... futex resumed>) = 0 [pid 509] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL [pid 505] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 509] <... mount resumed>) = 0 [pid 505] <... futex resumed>) = 0 [pid 324] <... unlink resumed>) = 0 [pid 513] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 509] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 505] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 509] <... futex resumed>) = 0 [pid 505] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 509] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 505] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 324] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 509] <... open resumed>) = 5 [pid 505] <... futex resumed>) = 0 [ 24.453324][ T509] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 24.455102][ T503] EXT4-fs error (device loop5): __ext4_get_inode_loc:4347: comm syz-executor211: Invalid inode table block 4 in block_group 0 [ 24.476882][ T503] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5805: Corrupt filesystem [ 24.486750][ T503] EXT4-fs error (device loop5): ext4_write_end:1345: inode #19: comm syz-executor211: mark_inode_dirty error [pid 509] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 505] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] <... clone resumed>, parent_tid=[515], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 515 [pid 509] <... futex resumed>) = 0 [pid 505] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 323] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 513] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 509] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 505] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 509] <... openat resumed>) = 6 [pid 505] <... futex resumed>) = 0 [pid 509] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 505] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 509] <... futex resumed>) = 0 [pid 505] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 509] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 505] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 503] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 515 attached [pid 515] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 513] <... futex resumed>) = 0 [pid 323] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 515] memfd_create("syzkaller", 0 [pid 513] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 323] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 515] <... memfd_create resumed>) = 3 [pid 515] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [pid 323] <... openat resumed>) = 4 [pid 323] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 323] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 323] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 323] close(4) = 0 [pid 323] rmdir("./5/file0") = 0 [pid 323] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 323] close(3) = 0 [pid 323] rmdir("./5") = 0 [pid 323] mkdir("./6", 0777) = 0 [pid 323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 323] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 323] close(3) = 0 [pid 323] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d3c5d0) = 516 ./strace-static-x86_64: Process 516 attached [pid 516] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 516] chdir("./6") = 0 [pid 516] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 516] setpgid(0, 0) = 0 [pid 516] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 516] write(3, "1000", 4) = 4 [pid 516] close(3) = 0 [pid 516] symlink("/dev/binderfs", "./binderfs") = 0 [pid 516] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 516] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 516] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 516] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[517], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 517 [pid 516] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 516] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 515] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 515] munmap(0x7f325c986000, 2097152) = 0 [pid 515] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 24.514885][ T10] EXT4-fs error (device loop1): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:1: bad extent address lblock: 0, depth: 1 pblock 0 [pid 515] ioctl(4, LOOP_SET_FD, 3 [pid 327] <... umount2 resumed>) = 0 [pid 515] <... ioctl resumed>) = 0 [pid 515] close(3) = 0 [pid 515] mkdir("./file0", 0777) = 0 [pid 515] mount("/dev/loop3", "./file0", "ext4", 0, ",errors=continue" [pid 505] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 505] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f325cb65000 [pid 505] mprotect(0x7f325cb66000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 505] clone(child_stack=0x7f325cb853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[518], tls=0x7f325cb85700, child_tidptr=0x7f325cb859d0) = 518 [pid 505] futex(0x7f3264e807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 517 attached [pid 517] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 517] memfd_create("syzkaller", 0) = 3 [pid 517] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 327] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 517] <... mmap resumed>) = 0x7f325c986000 [pid 327] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 327] lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 327] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 327] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 509] <... write resumed>) = 1507328 [pid 509] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 509] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 327] <... openat resumed>) = 4 [pid 327] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 ./strace-static-x86_64: Process 518 attached [pid 518] set_robust_list(0x7f325cb859e0, 24 [pid 327] getdents64(4, [pid 518] <... set_robust_list resumed>) = 0 [pid 327] <... getdents64 resumed>0x555556d45660 /* 2 entries */, 32768) = 48 [pid 518] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 327] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 327] close(4) = 0 [pid 327] rmdir("./6/file0") = 0 [pid 327] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 327] close(3) = 0 [pid 327] rmdir("./6") = 0 [pid 327] mkdir("./7", 0777) = 0 [pid 327] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 327] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 327] close(3) = 0 [pid 327] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 521 attached [pid 521] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 521] chdir("./7") = 0 [pid 521] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 521] setpgid(0, 0) = 0 [pid 521] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 521] write(3, "1000", 4) = 4 [pid 521] close(3) = 0 [pid 521] symlink("/dev/binderfs", "./binderfs") = 0 [pid 521] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 521] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 521] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 521] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[522], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 522 [pid 521] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 521] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 505] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 505] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 505] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 505] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) ./strace-static-x86_64: Process 522 attached [pid 522] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 522] memfd_create("syzkaller", 0) = 3 [pid 522] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [pid 327] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 521 [ 24.563308][ T515] loop3: detected capacity change from 0 to 4096 [ 24.571675][ T10] EXT4-fs (loop1): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 24.594976][ T10] EXT4-fs (loop1): This should not happen!! Data will be lost [ 24.594976][ T10] [pid 517] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 511] <... write resumed>) = 2097152 [pid 517] <... write resumed>) = 2097152 [pid 511] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] exit_group(0 [pid 511] <... futex resumed>) = -1 (errno 18446744073709551555) [pid 502] <... exit_group resumed>) = ? [pid 503] <... futex resumed>) = ? [pid 503] +++ exited with 0 +++ [pid 515] <... mount resumed>) = 0 [pid 515] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 515] chdir("./file0") = 0 [pid 515] ioctl(4, LOOP_CLR_FD) = 0 [pid 515] close(4) = 0 [pid 515] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 515] <... futex resumed>) = 1 [pid 515] creat("./bus", 000) = 4 [pid 515] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 515] <... futex resumed>) = 1 [pid 515] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL) = 0 [pid 515] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 515] <... futex resumed>) = 1 [pid 515] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 515] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 515] <... futex resumed>) = 1 [pid 515] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 6 [pid 515] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = 0 [pid 513] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 513] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 515] <... futex resumed>) = 1 [pid 515] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 324] <... umount2 resumed>) = 0 [pid 324] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 324] lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 324] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 324] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 324] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 324] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 324] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 324] close(4) = 0 [pid 324] rmdir("./5/file0") = 0 [pid 324] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 324] close(3) = 0 [pid 324] rmdir("./5") = 0 [pid 324] mkdir("./6", 0777) = 0 [pid 324] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 324] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 324] close(3 [pid 522] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 518] <... write resumed>) = 2097152 [pid 517] munmap(0x7f325c986000, 2097152 [pid 515] <... write resumed>) = 1507328 [pid 324] <... close resumed>) = 0 [pid 518] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 517] <... munmap resumed>) = 0 [pid 515] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [ 24.641051][ T515] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 24.660088][ T511] EXT4-fs error (device loop5): ext4_read_block_bitmap_nowait:437: comm syz-executor211: Invalid block bitmap block 0 in block_group 0 [pid 505] exit_group(0 [pid 518] <... futex resumed>) = 0 [pid 517] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 515] <... futex resumed>) = 1 [pid 518] futex(0x7f3264e807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 517] <... openat resumed>) = 4 [pid 515] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 517] ioctl(4, LOOP_SET_FD, 3 [pid 518] <... futex resumed>) = ? [pid 513] <... futex resumed>) = 0 [pid 509] <... futex resumed>) = ? [pid 505] <... exit_group resumed>) = ? [pid 518] +++ exited with 0 +++ [pid 517] <... ioctl resumed>) = 0 [pid 513] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] +++ exited with 0 +++ [pid 509] +++ exited with 0 +++ [pid 505] +++ exited with 0 +++ [pid 502] +++ exited with 0 +++ [pid 324] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 517] close(3 [pid 515] <... futex resumed>) = 0 [pid 513] <... futex resumed>) = 1 [pid 517] <... close resumed>) = 0 [pid 515] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 513] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=502, si_uid=0, si_status=0, si_utime=2, si_stime=15} --- [pid 325] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=505, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- [pid 517] mkdir("./file0", 0777 [pid 328] restart_syscall(<... resuming interrupted clone ...> [pid 325] restart_syscall(<... resuming interrupted clone ...> [pid 517] <... mkdir resumed>) = 0 [pid 328] <... restart_syscall resumed>) = 0 [pid 325] <... restart_syscall resumed>) = 0 [pid 517] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue" [pid 324] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 523 [pid 328] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 325] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 328] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 325] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 328] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 325] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 328] <... openat resumed>) = 3 [pid 325] <... openat resumed>) = 3 [pid 328] fstat(3, [pid 325] fstat(3, [pid 328] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 325] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 328] getdents64(3, [pid 325] getdents64(3, [pid 328] <... getdents64 resumed>0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 325] <... getdents64 resumed>0x555556d3d620 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 523 attached [pid 522] <... write resumed>) = 2097152 [pid 328] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 325] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 523] set_robust_list(0x555556d3c5e0, 24 [pid 522] munmap(0x7f325c986000, 2097152 [pid 523] <... set_robust_list resumed>) = 0 [pid 522] <... munmap resumed>) = 0 [pid 523] chdir("./6" [pid 522] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 328] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 325] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 523] <... chdir resumed>) = 0 [pid 522] <... openat resumed>) = 4 [pid 328] lstat("./6/binderfs", [pid 523] prctl(PR_SET_PDEATHSIG, SIGKILL [ 24.705891][ T511] EXT4-fs error (device loop5): ext4_discard_preallocations:5045: comm syz-executor211: Error -117 reading block bitmap for 0 [ 24.708165][ T517] loop0: detected capacity change from 0 to 4096 [pid 522] ioctl(4, LOOP_SET_FD, 3 [pid 328] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 325] lstat("./6/binderfs", [pid 523] <... prctl resumed>) = 0 [pid 328] unlink("./6/binderfs" [pid 523] setpgid(0, 0 [pid 325] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 523] <... setpgid resumed>) = 0 [pid 328] <... unlink resumed>) = 0 [pid 325] unlink("./6/binderfs" [pid 523] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 522] <... ioctl resumed>) = 0 [pid 523] <... openat resumed>) = 3 [pid 522] close(3 [pid 328] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 325] <... unlink resumed>) = 0 [pid 523] write(3, "1000", 4 [pid 522] <... close resumed>) = 0 [pid 523] <... write resumed>) = 4 [pid 522] mkdir("./file0", 0777 [pid 523] close(3 [pid 522] <... mkdir resumed>) = 0 [pid 523] <... close resumed>) = 0 [pid 523] symlink("/dev/binderfs", "./binderfs" [pid 522] mount("/dev/loop4", "./file0", "ext4", 0, ",errors=continue" [pid 523] <... symlink resumed>) = 0 [pid 523] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 325] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 523] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 513] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 523] <... mmap resumed>) = 0x7f3264d86000 [pid 523] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 523] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[526], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 526 [pid 523] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 526 attached [pid 526] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 526] memfd_create("syzkaller", 0 [pid 515] <... write resumed>) = 2097152 [pid 515] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 526] <... memfd_create resumed>) = 3 [pid 513] exit_group(0 [pid 526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 513] <... exit_group resumed>) = ? [pid 515] <... futex resumed>) = ? [pid 526] <... mmap resumed>) = 0x7f325c986000 [ 24.757868][ T522] loop4: detected capacity change from 0 to 4096 [ 24.771341][ T45] EXT4-fs error (device loop5): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:2: bad extent address lblock: 0, depth: 1 pblock 0 [ 24.787100][ T352] EXT4-fs error (device loop2): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:3: bad extent address lblock: 0, depth: 1 pblock 0 [pid 515] +++ exited with 0 +++ [pid 513] +++ exited with 0 +++ [pid 326] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=513, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 326] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 326] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 326] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 326] getdents64(3, 0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 326] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 326] lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 326] unlink("./6/binderfs") = 0 [pid 326] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 526] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152) = 2097152 [pid 526] munmap(0x7f325c986000, 2097152) = 0 [pid 526] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 24.807662][ T45] EXT4-fs (loop5): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 24.820792][ T357] EXT4-fs error (device loop3): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:4: bad extent address lblock: 0, depth: 1 pblock 0 [ 24.830699][ T352] EXT4-fs (loop2): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 24.838110][ T526] loop1: detected capacity change from 0 to 4096 [ 24.846823][ T352] EXT4-fs (loop2): This should not happen!! Data will be lost [ 24.846823][ T352] [ 24.853363][ T517] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 24.879564][ T45] EXT4-fs (loop5): This should not happen!! Data will be lost [ 24.879564][ T45] [ 24.881831][ T522] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 526] ioctl(4, LOOP_SET_FD, 3 [pid 517] <... mount resumed>) = 0 [pid 517] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 517] chdir("./file0") = 0 [pid 517] ioctl(4, LOOP_CLR_FD) = 0 [pid 517] close(4 [pid 526] <... ioctl resumed>) = 0 [pid 526] close(3) = 0 [pid 526] mkdir("./file0", 0777) = 0 [pid 526] mount("/dev/loop1", "./file0", "ext4", 0, ",errors=continue" [pid 522] <... mount resumed>) = 0 [pid 517] <... close resumed>) = 0 [pid 522] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 517] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 522] <... openat resumed>) = 3 [pid 517] <... futex resumed>) = 1 [pid 516] <... futex resumed>) = 0 [pid 522] chdir("./file0" [pid 517] creat("./bus", 000 [pid 516] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 522] <... chdir resumed>) = 0 [pid 516] <... futex resumed>) = 0 [pid 522] ioctl(4, LOOP_CLR_FD [pid 516] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 522] <... ioctl resumed>) = 0 [pid 522] close(4) = 0 [pid 522] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 521] <... futex resumed>) = 0 [pid 522] <... futex resumed>) = 1 [pid 521] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 522] creat("./bus", 000 [pid 521] <... futex resumed>) = 0 [pid 521] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 522] <... creat resumed>) = 4 [pid 517] <... creat resumed>) = 4 [pid 328] <... umount2 resumed>) = 0 [pid 325] <... umount2 resumed>) = 0 [pid 328] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 522] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 517] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 325] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 516] <... futex resumed>) = 0 [pid 328] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 328] lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 328] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 328] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 328] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 328] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 328] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 328] close(4) = 0 [pid 522] <... futex resumed>) = 1 [pid 521] <... futex resumed>) = 0 [pid 517] <... futex resumed>) = 1 [pid 516] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] rmdir("./6/file0" [pid 325] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 521] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 516] <... futex resumed>) = 0 [pid 521] <... futex resumed>) = 0 [pid 516] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 325] lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 325] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 325] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 325] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 325] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 325] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 325] close(4) = 0 [pid 325] rmdir("./6/file0" [pid 522] mount("/dev/loop4", "./bus", NULL, MS_BIND, NULL [pid 517] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 328] <... rmdir resumed>) = 0 [pid 325] <... rmdir resumed>) = 0 [pid 325] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [ 24.902995][ T357] EXT4-fs (loop3): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 24.915937][ T357] EXT4-fs (loop3): This should not happen!! Data will be lost [ 24.915937][ T357] [pid 325] close(3 [pid 522] <... mount resumed>) = 0 [pid 517] <... mount resumed>) = 0 [pid 328] getdents64(3, [pid 522] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 517] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... getdents64 resumed>0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 522] <... futex resumed>) = 1 [pid 517] <... futex resumed>) = 1 [pid 328] close(3 [pid 522] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 517] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 328] <... close resumed>) = 0 [pid 328] rmdir("./6") = 0 [pid 328] mkdir("./7", 0777) = 0 [pid 328] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 328] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 328] close(3) = 0 [pid 328] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d3c5d0) = 531 ./strace-static-x86_64: Process 531 attached [pid 531] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 531] chdir("./7") = 0 [pid 531] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 531] setpgid(0, 0) = 0 [pid 531] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 531] write(3, "1000", 4) = 4 [pid 531] close(3) = 0 [pid 531] symlink("/dev/binderfs", "./binderfs") = 0 [pid 531] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 531] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 531] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 531] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[532], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 532 [pid 531] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 531] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 532 attached [pid 532] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 532] memfd_create("syzkaller", 0) = 3 [pid 532] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [pid 516] <... futex resumed>) = 0 [pid 521] <... futex resumed>) = 0 [pid 516] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 521] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 517] <... futex resumed>) = 0 [pid 516] <... futex resumed>) = 1 [pid 522] <... futex resumed>) = 0 [pid 521] <... futex resumed>) = 1 [pid 517] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 516] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 522] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 521] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 517] <... open resumed>) = 5 [pid 522] <... open resumed>) = 5 [pid 517] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 522] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 517] <... futex resumed>) = 1 [pid 516] <... futex resumed>) = 0 [pid 522] <... futex resumed>) = 1 [pid 521] <... futex resumed>) = 0 [pid 522] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 517] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 516] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 522] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 521] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 517] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 516] <... futex resumed>) = 0 [pid 522] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 521] <... futex resumed>) = 0 [pid 517] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 516] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 522] <... openat resumed>) = 6 [pid 521] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 517] <... openat resumed>) = 6 [pid 522] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 517] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 522] <... futex resumed>) = 1 [pid 521] <... futex resumed>) = 0 [pid 522] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 517] <... futex resumed>) = 1 [pid 516] <... futex resumed>) = 0 [pid 521] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 522] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 521] <... futex resumed>) = 0 [pid 517] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 516] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 522] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 521] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 516] <... futex resumed>) = 0 [pid 326] <... umount2 resumed>) = 0 [pid 516] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 326] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 326] lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 326] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 326] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 326] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 326] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 326] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 326] close(4) = 0 [pid 326] rmdir("./6/file0") = 0 [pid 326] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 326] close(3) = 0 [pid 326] rmdir("./6") = 0 [pid 326] mkdir("./7", 0777) = 0 [pid 325] <... close resumed>) = 0 [pid 326] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 326] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 326] close(3 [pid 325] rmdir("./6" [pid 326] <... close resumed>) = 0 [pid 326] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 325] <... rmdir resumed>) = 0 [pid 325] mkdir("./7", 0777 [pid 326] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 533 [pid 325] <... mkdir resumed>) = 0 [pid 325] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 325] ioctl(3, LOOP_CLR_FD [pid 532] <... write resumed>) = 2097152 [pid 325] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 325] close(3 [pid 532] munmap(0x7f325c986000, 2097152) = 0 [pid 532] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 325] <... close resumed>) = 0 [ 24.966178][ T526] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 325] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 532] <... openat resumed>) = 4 [pid 532] ioctl(4, LOOP_SET_FD, 3 [pid 325] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 534 ./strace-static-x86_64: Process 534 attached [pid 534] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 534] chdir("./7") = 0 [pid 534] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 534] setpgid(0, 0) = 0 [pid 534] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 534] write(3, "1000", 4) = 4 ./strace-static-x86_64: Process 533 attached [pid 534] close(3) = 0 [pid 534] symlink("/dev/binderfs", "./binderfs") = 0 [pid 534] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 534] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 534] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE [pid 533] set_robust_list(0x555556d3c5e0, 24 [pid 534] <... mprotect resumed>) = 0 [pid 534] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 533] <... set_robust_list resumed>) = 0 [pid 534] <... clone resumed>, parent_tid=[535], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 535 [pid 533] chdir("./7") = 0 [pid 534] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 534] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 532] <... ioctl resumed>) = 0 [pid 532] close(3) = 0 [pid 532] mkdir("./file0", 0777) = 0 [pid 532] mount("/dev/loop5", "./file0", "ext4", 0, ",errors=continue" [pid 526] <... mount resumed>) = 0 [pid 526] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 526] chdir("./file0") = 0 [pid 526] ioctl(4, LOOP_CLR_FD) = 0 [pid 526] close(4) = 0 [pid 526] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 533] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 526] <... futex resumed>) = 1 [pid 523] <... futex resumed>) = 0 [pid 526] creat("./bus", 000 [pid 523] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 535 attached [pid 535] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 526] <... creat resumed>) = 4 [pid 533] <... prctl resumed>) = 0 [pid 535] memfd_create("syzkaller", 0) = 3 [pid 535] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [pid 526] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] mount("/dev/loop1", "./bus", NULL, MS_BIND, NULL [pid 523] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 526] <... mount resumed>) = 0 [pid 526] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 523] <... futex resumed>) = 0 [pid 526] <... futex resumed>) = 1 [pid 523] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 526] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 526] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 523] <... futex resumed>) = 0 [pid 526] <... futex resumed>) = 1 [pid 523] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 526] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 526] <... openat resumed>) = 6 [pid 526] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 523] <... futex resumed>) = 0 [pid 526] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 523] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 526] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 523] <... futex resumed>) = 0 [pid 526] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 523] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 521] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 521] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f325cb65000 [pid 521] mprotect(0x7f325cb66000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 521] clone(child_stack=0x7f325cb853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[536], tls=0x7f325cb85700, child_tidptr=0x7f325cb859d0) = 536 [pid 521] futex(0x7f3264e807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 521] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 536 attached [pid 536] set_robust_list(0x7f325cb859e0, 24) = 0 [pid 536] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 516] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 516] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 516] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f325cb65000 [pid 516] mprotect(0x7f325cb66000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 516] clone(child_stack=0x7f325cb853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[537], tls=0x7f325cb85700, child_tidptr=0x7f325cb859d0) = 537 [pid 516] futex(0x7f3264e807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 516] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] setpgid(0, 0) = 0 [pid 533] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 533] write(3, "1000", 4) = 4 [ 25.009183][ T532] loop5: detected capacity change from 0 to 4096 [pid 533] close(3./strace-static-x86_64: Process 537 attached [pid 537] set_robust_list(0x7f325cb859e0, 24) = 0 [pid 537] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 533] <... close resumed>) = 0 [pid 533] symlink("/dev/binderfs", "./binderfs") = 0 [pid 533] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 533] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 533] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE [pid 535] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 533] <... mprotect resumed>) = 0 [pid 523] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 523] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f325cb65000 [pid 523] mprotect(0x7f325cb66000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 523] clone(child_stack=0x7f325cb853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[540], tls=0x7f325cb85700, child_tidptr=0x7f325cb859d0) = 540 [pid 523] futex(0x7f3264e807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[541], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 541 [pid 533] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 533] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 521] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 521] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 521] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) ./strace-static-x86_64: Process 540 attached [pid 540] set_robust_list(0x7f325cb859e0, 24) = 0 [pid 540] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 516] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 25.055290][ T522] EXT4-fs error (device loop4): ext4_ext_map_blocks:4121: inode #19: comm syz-executor211: bad extent address lblock: 232, depth: 1 pblock 0 ./strace-static-x86_64: Process 541 attached [pid 541] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 541] memfd_create("syzkaller", 0 [pid 532] <... mount resumed>) = 0 [pid 523] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 532] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 532] chdir("./file0") = 0 [ 25.103652][ T532] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 25.115789][ T517] EXT4-fs error (device loop0): ext4_ext_map_blocks:4121: inode #19: comm syz-executor211: bad extent address lblock: 265, depth: 1 pblock 0 [ 25.129104][ T526] EXT4-fs error (device loop1): ext4_map_blocks:726: inode #19: block 411: comm syz-executor211: lblock 283 mapped to illegal pblock 411 (length 1) [pid 541] <... memfd_create resumed>) = 3 [pid 536] <... write resumed>) = 2097152 [pid 535] <... write resumed>) = 2097152 [pid 532] ioctl(4, LOOP_CLR_FD [pid 541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 535] munmap(0x7f325c986000, 2097152 [pid 532] <... ioctl resumed>) = 0 [pid 541] <... mmap resumed>) = 0x7f325c986000 [pid 535] <... munmap resumed>) = 0 [pid 532] close(4 [pid 536] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 535] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 532] <... close resumed>) = 0 [pid 536] <... futex resumed>) = 0 [pid 535] <... openat resumed>) = 4 [pid 532] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [ 25.158294][ T522] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:437: comm syz-executor211: Invalid block bitmap block 0 in block_group 0 [ 25.164791][ T517] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:437: comm syz-executor211: Invalid block bitmap block 0 in block_group 0 [ 25.177801][ T526] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:437: comm syz-executor211: Invalid block bitmap block 0 in block_group 0 [pid 535] ioctl(4, LOOP_SET_FD, 3 [pid 532] <... futex resumed>) = 1 [pid 536] futex(0x7f3264e807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 532] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 531] <... futex resumed>) = 0 [pid 531] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 532] <... futex resumed>) = 0 [pid 531] <... futex resumed>) = 1 [pid 532] creat("./bus", 000) = 4 [pid 531] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 531] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 532] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 531] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 540] <... write resumed>) = 2097152 [pid 532] <... futex resumed>) = 0 [pid 531] <... futex resumed>) = 1 [pid 540] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 532] mount("/dev/loop5", "./bus", NULL, MS_BIND, NULL [pid 531] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 540] <... futex resumed>) = 0 [pid 535] <... ioctl resumed>) = 0 [pid 532] <... mount resumed>) = 0 [pid 540] futex(0x7f3264e807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 535] close(3 [pid 532] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 535] <... close resumed>) = 0 [pid 532] <... futex resumed>) = 1 [pid 531] <... futex resumed>) = 0 [pid 535] mkdir("./file0", 0777 [pid 532] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 531] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 541] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 537] <... write resumed>) = 2097152 [pid 535] <... mkdir resumed>) = 0 [pid 532] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 531] <... futex resumed>) = 0 [pid 535] mount("/dev/loop2", "./file0", "ext4", 0, ",errors=continue" [pid 532] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 531] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] <... open resumed>) = 5 [pid 532] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 531] <... futex resumed>) = 0 [pid 532] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 531] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 532] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 531] <... futex resumed>) = 0 [pid 532] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 531] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] <... openat resumed>) = 6 [pid 532] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 531] <... futex resumed>) = 0 [pid 532] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 531] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 532] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 531] <... futex resumed>) = 0 [ 25.207376][ T535] loop2: detected capacity change from 0 to 4096 [ 25.225836][ T517] EXT4-fs error (device loop0): ext4_discard_preallocations:5045: comm syz-executor211: Error -117 reading block bitmap for 0 [ 25.226799][ T526] EXT4-fs error (device loop1): ext4_discard_preallocations:5045: comm syz-executor211: Error -117 reading block bitmap for 0 [pid 532] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 531] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 541] <... write resumed>) = 2097152 [pid 537] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 541] munmap(0x7f325c986000, 2097152 [pid 537] <... futex resumed>) = 0 [pid 541] <... munmap resumed>) = 0 [pid 537] futex(0x7f3264e807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 541] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 25.260390][ T526] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5805: Corrupt filesystem [ 25.270442][ T526] EXT4-fs error (device loop1): ext4_ext_truncate:4402: inode #19: comm syz-executor211: mark_inode_dirty error [ 25.282781][ T522] EXT4-fs error (device loop4): ext4_discard_preallocations:5045: comm syz-executor211: Error -117 reading block bitmap for 0 [ 25.282931][ T541] loop3: detected capacity change from 0 to 4096 [pid 541] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 532] <... write resumed>) = 1507328 [pid 541] close(3 [pid 532] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 541] <... close resumed>) = 0 [pid 532] <... futex resumed>) = 1 [pid 541] mkdir("./file0", 0777 [pid 532] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 541] <... mkdir resumed>) = 0 [pid 541] mount("/dev/loop3", "./file0", "ext4", 0, ",errors=continue" [pid 531] <... futex resumed>) = 0 [pid 531] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 532] <... futex resumed>) = 0 [pid 531] <... futex resumed>) = 1 [pid 531] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 25.296252][ T517] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5805: Corrupt filesystem [ 25.304523][ T526] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5805: Corrupt filesystem [ 25.329423][ T522] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5805: Corrupt filesystem [ 25.329726][ T535] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 25.348402][ T517] EXT4-fs error (device loop0): ext4_ext_truncate:4402: inode #19: comm syz-executor211: mark_inode_dirty error [pid 532] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 535] <... mount resumed>) = 0 [ 25.352126][ T541] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 25.363580][ T517] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5805: Corrupt filesystem [ 25.371533][ T526] EXT4-fs error (device loop1): ext4_truncate:4299: inode #19: comm syz-executor211: mark_inode_dirty error [ 25.381202][ T517] EXT4-fs error (device loop0): ext4_truncate:4299: inode #19: comm syz-executor211: mark_inode_dirty error [pid 541] <... mount resumed>) = 0 [pid 531] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 517] <... write resumed>) = 1085440 [pid 517] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 517] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 535] <... openat resumed>) = 3 [pid 535] chdir("./file0") = 0 [pid 535] ioctl(4, LOOP_CLR_FD) = 0 [pid 535] close(4) = 0 [pid 535] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 534] <... futex resumed>) = 0 [pid 534] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 534] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 535] <... futex resumed>) = 1 [pid 535] creat("./bus", 000) = 4 [pid 535] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 534] <... futex resumed>) = 0 [pid 534] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 534] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 516] exit_group(0 [pid 535] <... futex resumed>) = 1 [pid 535] mount("/dev/loop2", "./bus", NULL, MS_BIND, NULL) = 0 [pid 535] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 534] <... futex resumed>) = 0 [pid 534] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 534] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 535] <... futex resumed>) = 1 [pid 535] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 5 [pid 535] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 534] <... futex resumed>) = 0 [pid 534] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 534] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 535] <... futex resumed>) = 1 [pid 535] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 537] <... futex resumed>) = ? [pid 535] <... openat resumed>) = 6 [pid 517] <... futex resumed>) = ? [pid 516] <... exit_group resumed>) = ? [pid 537] +++ exited with 0 +++ [pid 535] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 517] +++ exited with 0 +++ [pid 535] <... futex resumed>) = 1 [pid 534] <... futex resumed>) = 0 [pid 535] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 534] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 516] +++ exited with 0 +++ [pid 534] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 323] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=516, si_uid=0, si_status=0, si_utime=0, si_stime=24} --- [pid 323] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 323] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 323] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 323] getdents64(3, 0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 323] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 323] lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 323] unlink("./6/binderfs") = 0 [pid 323] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 541] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 541] chdir("./file0") = 0 [pid 541] ioctl(4, LOOP_CLR_FD) = 0 [pid 541] close(4) = 0 [pid 541] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 533] <... futex resumed>) = 0 [pid 526] <... write resumed>) = 1159168 [ 25.391621][ T522] EXT4-fs error (device loop4): ext4_ext_truncate:4402: inode #19: comm syz-executor211: mark_inode_dirty error [ 25.430493][ T45] EXT4-fs error (device loop0): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:2: bad extent address lblock: 0, depth: 1 pblock 0 [ 25.449187][ T45] EXT4-fs (loop0): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [pid 541] creat("./bus", 000 [pid 533] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 526] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 541] <... creat resumed>) = 4 [pid 533] <... futex resumed>) = 0 [pid 526] <... futex resumed>) = 0 [pid 541] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 533] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 526] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 523] exit_group(0 [pid 541] <... futex resumed>) = 0 [pid 540] <... futex resumed>) = ? [pid 534] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 533] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 532] <... write resumed>) = 2097152 [pid 526] <... futex resumed>) = ? [pid 523] <... exit_group resumed>) = ? [pid 541] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 540] +++ exited with 0 +++ [pid 534] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 533] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 532] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 526] +++ exited with 0 +++ [pid 541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 534] <... futex resumed>) = 0 [pid 533] <... futex resumed>) = 0 [pid 532] <... futex resumed>) = 0 [pid 531] exit_group(0 [pid 541] mount("/dev/loop3", "./bus", NULL, MS_BIND, NULL [pid 534] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 533] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 532] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 541] <... mount resumed>) = 0 [pid 534] <... mmap resumed>) = 0x7f325cb65000 [pid 532] +++ exited with 0 +++ [pid 531] <... exit_group resumed>) = ? [pid 523] +++ exited with 0 +++ [pid 541] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 534] mprotect(0x7f325cb66000, 131072, PROT_READ|PROT_WRITE [pid 324] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=523, si_uid=0, si_status=0, si_utime=0, si_stime=20} --- [pid 541] <... futex resumed>) = 1 [pid 534] <... mprotect resumed>) = 0 [pid 533] <... futex resumed>) = 0 [pid 531] +++ exited with 0 +++ [pid 535] <... write resumed>) = 1507328 [pid 541] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 534] clone(child_stack=0x7f325cb853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 533] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=531, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 533] <... futex resumed>) = 0 [pid 328] restart_syscall(<... resuming interrupted clone ...> [pid 324] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 541] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 535] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 534] <... clone resumed>, parent_tid=[547], tls=0x7f325cb85700, child_tidptr=0x7f325cb859d0) = 547 [pid 533] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] <... restart_syscall resumed>) = 0 [pid 324] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 541] <... open resumed>) = 5 [pid 535] <... futex resumed>) = 0 [pid 534] futex(0x7f3264e807b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 324] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 541] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 535] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 534] <... futex resumed>) = 0 [pid 324] <... openat resumed>) = 3 [pid 541] <... futex resumed>) = 1 [pid 534] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 533] <... futex resumed>) = 0 [pid 328] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW [pid 324] fstat(3, ./strace-static-x86_64: Process 547 attached [pid 541] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 533] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 522] <... write resumed>) = 950272 [pid 328] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 324] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 547] set_robust_list(0x7f325cb859e0, 24 [pid 541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 533] <... futex resumed>) = 0 [pid 522] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 521] exit_group(0 [pid 328] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 324] getdents64(3, [pid 541] openat(AT_FDCWD, "memory.current", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 536] <... futex resumed>) = ? [pid 533] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 521] <... exit_group resumed>) = ? [pid 328] <... openat resumed>) = 3 [pid 324] <... getdents64 resumed>0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 547] <... set_robust_list resumed>) = 0 [pid 541] <... openat resumed>) = 6 [pid 536] +++ exited with 0 +++ [pid 522] <... futex resumed>) = ? [ 25.451488][ T522] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5805: Corrupt filesystem [ 25.475301][ T45] EXT4-fs (loop0): This should not happen!! Data will be lost [ 25.475301][ T45] [ 25.493533][ T522] EXT4-fs error (device loop4): ext4_truncate:4299: inode #19: comm syz-executor211: mark_inode_dirty error [pid 547] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 541] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 522] +++ exited with 0 +++ [pid 521] +++ exited with 0 +++ [pid 328] fstat(3, [pid 324] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 541] <... futex resumed>) = 1 [pid 533] <... futex resumed>) = 0 [pid 328] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 541] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 533] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 324] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 328] getdents64(3, [pid 541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 533] <... futex resumed>) = 0 [pid 327] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=521, si_uid=0, si_status=0, si_utime=0, si_stime=18} --- [pid 324] lstat("./6/binderfs", [pid 541] write(6, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x2e\x2f\x62\x75\x73\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 533] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] <... getdents64 resumed>0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 327] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW [pid 324] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 324] unlink("./6/binderfs" [pid 328] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 327] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 324] <... unlink resumed>) = 0 [pid 327] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 328] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 327] <... openat resumed>) = 3 [pid 324] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 328] lstat("./7/binderfs", [pid 327] fstat(3, [pid 328] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 327] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 327] getdents64(3, [pid 328] unlink("./7/binderfs" [pid 327] <... getdents64 resumed>0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 328] <... unlink resumed>) = 0 [pid 327] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 328] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 327] lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 327] unlink("./7/binderfs") = 0 [pid 327] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 547] <... write resumed>) = 2097152 [pid 547] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 534] <... futex resumed>) = 0 [pid 534] exit_group(0) = ? [pid 547] <... futex resumed>) = ? [pid 547] +++ exited with 0 +++ [pid 535] <... futex resumed>) = ? [pid 535] +++ exited with 0 +++ [pid 534] +++ exited with 0 +++ [pid 325] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=534, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 325] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 325] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 325] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 325] getdents64(3, 0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 325] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 325] lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 25.520651][ T352] EXT4-fs error (device loop5): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:3: bad extent address lblock: 0, depth: 1 pblock 0 [ 25.535514][ T357] ------------[ cut here ]------------ [ 25.541633][ T362] EXT4-fs error (device loop4): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:5: bad extent address lblock: 0, depth: 1 pblock 0 [pid 325] unlink("./7/binderfs") = 0 [ 25.567598][ T357] kernel BUG at fs/ext4/inode.c:2431! [ 25.568055][ T45] EXT4-fs error (device loop2): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:2: bad extent address lblock: 0, depth: 1 pblock 0 [ 25.578484][ T357] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 25.588366][ T45] EXT4-fs (loop2): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 25.592415][ T357] CPU: 1 PID: 357 Comm: kworker/u4:4 Not tainted 5.15.94-syzkaller-03204-g5448b2fda85f #0 [ 25.592439][ T357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023 [ 25.592450][ T357] Workqueue: writeback wb_workfn [ 25.605879][ T352] EXT4-fs (loop5): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 25.614291][ T357] (flush-7:1) [ 25.614305][ T357] RIP: 0010:ext4_writepages+0x3f45/0x4010 [ 25.614333][ T357] Code: 00 74 08 48 89 df e8 2a f8 c9 ff 48 8b 3b 48 8b 74 24 48 48 8b 54 24 28 44 89 e9 45 89 f8 e8 22 45 08 00 eb 60 e8 3b be 88 ff <0f> 0b e8 34 be 88 ff eb 3b e8 2d be 88 ff eb 7a e8 26 be 88 ff 31 [pid 325] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 541] <... write resumed>) = 1507328 [pid 533] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 533] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 533] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f325cb65000 [pid 533] mprotect(0x7f325cb66000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 533] clone(child_stack=0x7f325cb853f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[548], tls=0x7f325cb85700, child_tidptr=0x7f325cb859d0) = 548 [pid 533] futex(0x7f3264e807b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 533] futex(0x7f3264e807bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 541] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 541] futex(0x7f3264e807a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 548 attached [pid 548] set_robust_list(0x7f325cb859e0, 24) = 0 [ 25.624772][ T362] EXT4-fs (loop4): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 25.628954][ T357] RSP: 0018:ffffc90000c27000 EFLAGS: 00010293 [ 25.628975][ T357] RAX: ffffffff81e6b385 RBX: dffffc0000000000 RCX: ffff8881009b13c0 [ 25.641366][ T45] EXT4-fs (loop2): This should not happen!! Data will be lost [ 25.641366][ T45] [ 25.644315][ T357] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 25.650109][ T352] EXT4-fs (loop5): This should not happen!! Data will be lost [pid 548] write(5, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651) = 2097152 [pid 548] futex(0x7f3264e807bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 548] futex(0x7f3264e807b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 533] exit_group(0 [pid 541] <... futex resumed>) = ? [pid 533] <... exit_group resumed>) = ? [pid 541] +++ exited with 0 +++ [ 25.650109][ T352] [ 25.669312][ T357] RBP: ffffc90000c27410 R08: ffffffff81e68d4d R09: ffffed102443fbd4 [ 25.669329][ T357] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 25.669343][ T357] R13: ffffc90000c272e0 R14: 0000000000000000 R15: 0000000000000000 [ 25.685035][ T362] EXT4-fs (loop4): This should not happen!! Data will be lost [ 25.685035][ T362] [ 25.687365][ T357] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 25.763571][ T357] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.769994][ T357] CR2: 0000000020170000 CR3: 00000001228ae000 CR4: 00000000003506a0 [ 25.777808][ T357] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.785613][ T357] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.793425][ T357] Call Trace: [ 25.796553][ T357] [ 25.799333][ T357] ? __kasan_check_write+0x14/0x20 [ 25.804365][ T357] ? __kasan_check_read+0x11/0x20 [ 25.809227][ T357] ? __activate_page+0x1110/0x1110 [ 25.814171][ T357] ? ext4_readpage+0x230/0x230 [ 25.818771][ T357] ? __kasan_check_read+0x11/0x20 [ 25.823630][ T357] ? shmem_getpage_gfp+0x21cd/0x23c0 [ 25.828751][ T357] ? copy_page_from_iter_atomic+0x7fd/0x10e0 [ 25.834568][ T357] ? memcpy+0x56/0x70 [ 25.838398][ T357] ? update_load_avg+0x43a/0x1150 [ 25.843373][ T357] ? update_curr+0x391/0x5e0 [ 25.847802][ T357] ? ext4_readpage+0x230/0x230 [ 25.852396][ T357] do_writepages+0x40e/0x670 [ 25.856911][ T357] ? __writepage+0x130/0x130 [ 25.861338][ T357] ? update_load_avg+0x43a/0x1150 [ 25.866287][ T357] ? __kasan_check_write+0x14/0x20 [ 25.871514][ T357] ? __switch_to+0x62a/0x1190 [ 25.876029][ T357] __writeback_single_inode+0xdf/0xa70 [ 25.881324][ T357] writeback_sb_inodes+0xb2e/0x1910 [ 25.886354][ T357] ? _raw_spin_unlock+0x4d/0x70 [ 25.891043][ T357] ? queue_io+0x520/0x520 [ 25.895209][ T357] ? __writeback_inodes_wb+0x3f0/0x3f0 [ 25.900503][ T357] ? queue_io+0x3d0/0x520 [ 25.904665][ T357] wb_writeback+0x3b9/0x9e0 [ 25.909009][ T357] ? inode_cgwb_move_to_attached+0x3c0/0x3c0 [ 25.914820][ T357] ? set_worker_desc+0x158/0x1c0 [ 25.919597][ T357] ? update_load_avg+0x43a/0x1150 [ 25.924457][ T357] ? __kasan_check_write+0x14/0x20 [ 25.929411][ T357] ? __update_load_avg_cfs_rq+0xb1/0x2f0 [ 25.934872][ T357] wb_workfn+0x3d9/0x1110 [ 25.939041][ T357] ? inode_wait_for_writeback+0x280/0x280 [ 25.944592][ T357] ? _raw_spin_unlock+0x4d/0x70 [ 25.949280][ T357] ? finish_task_switch+0x167/0x7b0 [ 25.954325][ T357] ? __schedule+0xd82/0x1620 [ 25.958821][ T357] ? __kasan_check_read+0x11/0x20 [ 25.963722][ T357] ? read_word_at_a_time+0x12/0x20 [ 25.968728][ T357] ? strscpy+0x9c/0x260 [ 25.972746][ T357] process_one_work+0x6bb/0xc10 [ 25.977410][ T357] worker_thread+0xad5/0x12a0 [ 25.981925][ T357] ? release_firmware_map_entry+0x18b/0x18b [ 25.987654][ T357] ? _raw_spin_lock+0x1b0/0x1b0 [ 25.992340][ T357] kthread+0x421/0x510 [ 25.996241][ T357] ? worker_clr_flags+0x180/0x180 [ 26.001102][ T357] ? kthread_blkcg+0xd0/0xd0 [ 26.005529][ T357] ret_from_fork+0x1f/0x30 [ 26.009814][ T357] [ 26.012643][ T357] Modules linked in: [pid 323] <... umount2 resumed>) = 0 [pid 548] <... futex resumed>) = ? [pid 323] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 548] +++ exited with 0 +++ [pid 533] +++ exited with 0 +++ [pid 323] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 326] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=533, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 323] lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 323] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 323] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 326] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW [pid 323] <... openat resumed>) = 4 [pid 326] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 323] fstat(4, [pid 326] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 323] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 326] <... openat resumed>) = 3 [pid 323] getdents64(4, [pid 326] fstat(3, [pid 323] <... getdents64 resumed>0x555556d45660 /* 2 entries */, 32768) = 48 [pid 326] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 323] getdents64(4, [pid 326] getdents64(3, [pid 323] <... getdents64 resumed>0x555556d45660 /* 0 entries */, 32768) = 0 [pid 326] <... getdents64 resumed>0x555556d3d620 /* 4 entries */, 32768) = 112 [pid 323] close(4 [pid 326] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 323] <... close resumed>) = 0 [pid 326] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 323] rmdir("./6/file0" [pid 326] lstat("./7/binderfs", [pid 323] <... rmdir resumed>) = 0 [pid 326] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 323] getdents64(3, [pid 326] unlink("./7/binderfs" [pid 323] <... getdents64 resumed>0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 326] <... unlink resumed>) = 0 [pid 323] close(3 [pid 326] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 323] <... close resumed>) = 0 [pid 323] rmdir("./6") = 0 [pid 323] mkdir("./7", 0777) = 0 [pid 323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 323] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 323] close(3) = 0 [ 26.024913][ T357] ---[ end trace 19a49287bd6b6328 ]--- [ 26.030482][ T357] RIP: 0010:ext4_writepages+0x3f45/0x4010 [ 26.036056][ T357] Code: 00 74 08 48 89 df e8 2a f8 c9 ff 48 8b 3b 48 8b 74 24 48 48 8b 54 24 28 44 89 e9 45 89 f8 e8 22 45 08 00 eb 60 e8 3b be 88 ff <0f> 0b e8 34 be 88 ff eb 3b e8 2d be 88 ff eb 7a e8 26 be 88 ff 31 [ 26.056547][ T357] RSP: 0018:ffffc90000c27000 EFLAGS: 00010293 [ 26.062687][ T357] RAX: ffffffff81e6b385 RBX: dffffc0000000000 RCX: ffff8881009b13c0 [pid 323] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d3c5d0) = 549 ./strace-static-x86_64: Process 549 attached [pid 328] <... umount2 resumed>) = 0 [pid 327] <... umount2 resumed>) = 0 [pid 549] set_robust_list(0x555556d3c5e0, 24 [pid 327] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 327] lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 328] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 327] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 328] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 327] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 327] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 328] lstat("./7/file0", [pid 327] <... openat resumed>) = 4 [pid 549] <... set_robust_list resumed>) = 0 [pid 549] chdir("./7") = 0 [pid 549] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 549] setpgid(0, 0 [pid 328] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 549] <... setpgid resumed>) = 0 [pid 549] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 328] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 549] write(3, "1000", 4) = 4 [pid 549] close(3) = 0 [pid 549] symlink("/dev/binderfs", "./binderfs" [pid 328] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 327] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 549] <... symlink resumed>) = 0 [pid 549] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 549] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 549] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 328] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 549] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 327] getdents64(4, [pid 549] <... clone resumed>, parent_tid=[550], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 550 [pid 549] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 549] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 328] <... openat resumed>) = 4 [pid 327] <... getdents64 resumed>0x555556d45660 /* 2 entries */, 32768) = 48 [pid 328] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 26.071690][ T362] EXT4-fs error (device loop3): ext4_ext_map_blocks:4121: inode #19: comm kworker/u4:5: bad extent address lblock: 0, depth: 1 pblock 0 [ 26.076153][ T357] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 26.093858][ T362] EXT4-fs (loop3): Delayed block allocation failed for inode 19 at logical offset 0 with max blocks 16 with error 117 [ 26.106524][ T362] EXT4-fs (loop3): This should not happen!! Data will be lost [ 26.106524][ T362] [pid 328] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 327] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 550 attached [pid 327] close(4) = 0 [pid 328] getdents64(4, [pid 327] rmdir("./7/file0" [pid 328] <... getdents64 resumed>0x555556d45660 /* 0 entries */, 32768) = 0 [pid 550] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 325] <... umount2 resumed>) = 0 [pid 328] close(4) = 0 [pid 550] memfd_create("syzkaller", 0 [pid 327] <... rmdir resumed>) = 0 [pid 325] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 328] rmdir("./7/file0") = 0 [pid 327] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 327] close(3 [pid 328] getdents64(3, [pid 327] <... close resumed>) = 0 [pid 328] <... getdents64 resumed>0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 327] rmdir("./7" [pid 550] <... memfd_create resumed>) = 3 [pid 325] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 328] close(3) = 0 [pid 325] lstat("./7/file0", [pid 550] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 325] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 550] <... mmap resumed>) = 0x7f325c986000 [pid 325] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 328] rmdir("./7") = 0 [pid 327] <... rmdir resumed>) = 0 [pid 327] mkdir("./8", 0777) = 0 [pid 328] mkdir("./8", 0777) = 0 [pid 327] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 328] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 327] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 327] close(3 [pid 550] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 325] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 328] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 328] close(3) = 0 [pid 327] <... close resumed>) = 0 [pid 328] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 327] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d3c5d0) = 552 [pid 328] <... clone resumed>, child_tidptr=0x555556d3c5d0) = 551 ./strace-static-x86_64: Process 552 attached [pid 552] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 552] chdir("./8" [pid 325] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 552] <... chdir resumed>) = 0 [pid 552] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 552] setpgid(0, 0) = 0 [pid 552] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 552] write(3, "1000", 4) = 4 [pid 552] close(3) = 0 [pid 552] symlink("/dev/binderfs", "./binderfs") = 0 [pid 552] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 552] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 552] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 552] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[553], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 553 [pid 552] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 552] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 325] <... openat resumed>) = 4 [pid 325] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 325] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 325] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 325] close(4) = 0 [pid 325] rmdir("./7/file0") = 0 [pid 325] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 325] close(3) = 0 [ 26.122877][ T357] RBP: ffffc90000c27410 R08: ffffffff81e68d4d R09: ffffed102443fbd4 [ 26.136227][ T357] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 26.157503][ T357] R13: ffffc90000c272e0 R14: 0000000000000000 R15: 0000000000000000 [pid 325] rmdir("./7"./strace-static-x86_64: Process 553 attached ./strace-static-x86_64: Process 551 attached [pid 550] <... write resumed>) = 2097152 [pid 325] <... rmdir resumed>) = 0 [pid 325] mkdir("./8", 0777) = 0 [pid 325] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 325] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 325] close(3) = 0 [pid 325] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556d3c5d0) = 554 [pid 550] munmap(0x7f325c986000, 2097152) = 0 [pid 550] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 550] ioctl(4, LOOP_SET_FD, 3 [pid 551] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 551] chdir("./8") = 0 [pid 551] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 551] setpgid(0, 0) = 0 [pid 551] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 553] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 553] memfd_create("syzkaller", 0 [pid 551] write(3, "1000", 4) = 4 [pid 551] close(3) = 0 [pid 551] symlink("/dev/binderfs", "./binderfs" [pid 553] <... memfd_create resumed>) = 3 [pid 551] <... symlink resumed>) = 0 [pid 553] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 [pid 551] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 551] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 551] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[556], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 556 [pid 551] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 554 attached [pid 554] set_robust_list(0x555556d3c5e0, 24) = 0 [pid 554] chdir("./8") = 0 [pid 554] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 554] setpgid(0, 0) = 0 [pid 554] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 554] write(3, "1000", 4) = 4 [pid 554] close(3) = 0 [pid 554] symlink("/dev/binderfs", "./binderfs") = 0 [pid 554] futex(0x7f3264e807ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 554] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3264d86000 [pid 554] mprotect(0x7f3264d87000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 554] clone(child_stack=0x7f3264da63f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[557], tls=0x7f3264da6700, child_tidptr=0x7f3264da69d0) = 557 [pid 554] futex(0x7f3264e807a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 554] futex(0x7f3264e807ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 326] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 557 attached [pid 557] set_robust_list(0x7f3264da69e0, 24) = 0 [pid 557] memfd_create("syzkaller", 0) = 3 [pid 557] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f325c986000 ./strace-static-x86_64: Process 556 attached [pid 326] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 553] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 326] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 326] lstat("./7/file0", [pid 556] set_robust_list(0x7f3264da69e0, 24 [pid 326] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 550] <... ioctl resumed>) = 0 [pid 550] close(3) = 0 [pid 550] mkdir("./file0", 0777) = 0 [ 26.177062][ T357] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 26.180983][ T550] loop0: detected capacity change from 0 to 4096 [ 26.192664][ T357] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.210709][ T357] CR2: 00007fffea1b77c0 CR3: 000000011f2aa000 CR4: 00000000003506b0 [pid 550] mount("/dev/loop0", "./file0", "ext4", 0, ",errors=continue" [pid 556] <... set_robust_list resumed>) = 0 [pid 326] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 556] memfd_create("syzkaller", 0 [pid 326] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 556] <... memfd_create resumed>) = 3 [pid 326] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 556] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 326] <... openat resumed>) = 4 [pid 556] <... mmap resumed>) = 0x7f325c986000 [pid 326] fstat(4, [pid 553] <... write resumed>) = 2097152 [pid 557] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 553] munmap(0x7f325c986000, 2097152) = 0 [pid 553] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 553] ioctl(4, LOOP_SET_FD, 3 [pid 556] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 326] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 326] getdents64(4, 0x555556d45660 /* 2 entries */, 32768) = 48 [pid 326] getdents64(4, 0x555556d45660 /* 0 entries */, 32768) = 0 [pid 326] close(4) = 0 [pid 326] rmdir("./7/file0") = 0 [pid 326] getdents64(3, 0x555556d3d620 /* 0 entries */, 32768) = 0 [pid 326] close(3) = 0 [pid 326] rmdir("./7") = 0 [ 26.219914][ T357] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.229021][ T357] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.241990][ T553] loop4: detected capacity change from 0 to 4096 [ 26.256813][ T357] Kernel panic - not syncing: Fatal exception [ 26.262876][ T357] Kernel Offset: disabled [ 26.267010][ T357] Rebooting in 86400 seconds..