./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor361181074 <...> resumed>) = ? [pid 1200] +++ exited with 0 +++ [pid 1204] +++ exited with 0 +++ [pid 1176] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1176, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 1190] <... futex resumed>) = ? [pid 1190] +++ exited with 0 +++ [pid 1188] +++ exited with 0 +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1188, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 284] restart_syscall(<... resuming interrupted clone ...> [pid 1203] <... pwrite64 resumed>) = 176128 [pid 1203] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1175] <... futex resumed>) = 0 [pid 1175] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1178] <... futex resumed>) = 0 [pid 1175] <... futex resumed>) = 1 [pid 1178] truncate("./file1", 1 [pid 1203] futex(0x7f89654836d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1175] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1178] <... truncate resumed>) = 0 [pid 1178] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1178] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1175] <... futex resumed>) = 0 [pid 1175] exit_group(0) = ? [pid 1178] <... futex resumed>) = ? [pid 1178] +++ exited with 0 +++ [pid 1203] <... futex resumed>) = ? [pid 1203] +++ exited with 0 +++ [pid 1175] +++ exited with 0 +++ [pid 284] <... restart_syscall resumed>) = 0 [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1175, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 284] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... restart_syscall resumed>) = 0 [pid 285] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 284] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... openat resumed>) = 3 [pid 284] <... openat resumed>) = 3 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(3, "", [pid 284] newfstatat(3, "", [pid 287] openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, [pid 284] getdents64(3, [pid 287] getdents64(3, [pid 285] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 287] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 47.099694][ T1203] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 285] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] <... umount2 resumed>) = 0 [pid 283] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] close(4) = 0 [pid 283] rmdir("./34/file1") = 0 [pid 283] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] unlink("./34/binderfs") = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] close(3) = 0 [pid 283] rmdir("./34") = 0 [pid 283] mkdir("./35", 0777) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 287] <... umount2 resumed>) = 0 [pid 286] <... umount2 resumed>) = 0 [pid 283] <... openat resumed>) = 3 [pid 285] <... umount2 resumed>) = 0 [pid 284] <... umount2 resumed>) = 0 [pid 285] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./34/file1", [pid 284] newfstatat(AT_FDCWD, "./34/file1", [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 284] openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 285] <... openat resumed>) = 4 [pid 284] <... openat resumed>) = 4 [pid 285] newfstatat(4, "", [pid 284] newfstatat(4, "", [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(4, [pid 284] getdents64(4, [pid 285] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] getdents64(4, [pid 284] getdents64(4, [pid 285] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] close(4 [pid 284] close(4 [pid 285] <... close resumed>) = 0 [pid 284] <... close resumed>) = 0 [pid 285] rmdir("./34/file1" [pid 284] rmdir("./34/file1" [pid 285] <... rmdir resumed>) = 0 [pid 284] <... rmdir resumed>) = 0 [pid 285] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./34/binderfs", [pid 284] newfstatat(AT_FDCWD, "./34/binderfs", [pid 287] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] unlink("./34/binderfs" [pid 284] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] unlink("./34/binderfs" [pid 283] ioctl(3, LOOP_CLR_FD [pid 287] newfstatat(AT_FDCWD, "./34/file1", [pid 286] newfstatat(AT_FDCWD, "./35/file1", [pid 285] <... unlink resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] <... unlink resumed>) = 0 [pid 283] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] getdents64(3, [pid 287] openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] close(3 [pid 287] <... openat resumed>) = 4 [pid 286] openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] newfstatat(4, "", [pid 284] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] <... openat resumed>) = 4 [pid 284] close(3 [pid 283] <... close resumed>) = 0 [pid 287] getdents64(4, [pid 286] newfstatat(4, "", [pid 284] <... close resumed>) = 0 [pid 287] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] rmdir("./34" [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] getdents64(4, [pid 286] getdents64(4, [pid 284] <... rmdir resumed>) = 0 [pid 287] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 executing program executing program [pid 284] mkdir("./35", 0777./strace-static-x86_64: Process 1205 attached [pid 287] close(4 [pid 286] getdents64(4, [pid 285] getdents64(3, [pid 1205] set_robust_list(0x55557fe8a6a0, 24 [pid 285] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 1205] <... set_robust_list resumed>) = 0 [pid 285] close(3 [pid 1205] chdir("./35" [pid 285] <... close resumed>) = 0 [pid 1205] <... chdir resumed>) = 0 [pid 286] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] <... close resumed>) = 0 [pid 285] rmdir("./34" [pid 1205] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 287] rmdir("./34/file1" [pid 286] close(4 [pid 285] <... rmdir resumed>) = 0 [pid 1205] <... prctl resumed>) = 0 [pid 285] mkdir("./35", 0777 [pid 1205] setpgid(0, 0 [pid 285] <... mkdir resumed>) = 0 [pid 1205] <... setpgid resumed>) = 0 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1205] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 285] <... openat resumed>) = 3 [pid 1205] <... openat resumed>) = 3 [pid 285] ioctl(3, LOOP_CLR_FD [pid 1205] write(3, "1000", 4 [pid 285] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1205] <... write resumed>) = 4 [pid 285] close(3 [pid 1205] close(3 [pid 286] <... close resumed>) = 0 [pid 285] <... close resumed>) = 0 [pid 1205] <... close resumed>) = 0 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1205] symlink("/dev/binderfs", "./binderfs") = 0 [pid 285] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1206 [pid 1205] write(1, "executing program\n", 18) = 18 [pid 1205] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1205] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1205] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1205] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1205] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1205] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1207]}, 88) = 1207 [pid 1205] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1205] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1205] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1206 attached [pid 1206] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1206] chdir("./35") = 0 [pid 1206] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1206] setpgid(0, 0) = 0 [pid 1206] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 286] rmdir("./35/file1" [pid 1206] <... openat resumed>) = 3 [pid 1206] write(3, "1000", 4 [pid 287] <... rmdir resumed>) = 0 [pid 1206] <... write resumed>) = 4 [pid 1206] close(3) = 0 [pid 1206] symlink("/dev/binderfs", "./binderfs" [pid 286] <... rmdir resumed>) = 0 [pid 287] umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1206] <... symlink resumed>) = 0 [pid 1206] write(1, "executing program\n", 18 [pid 284] <... mkdir resumed>) = 0 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 286] newfstatat(AT_FDCWD, "./35/binderfs", [pid 283] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1205 [pid 1206] <... write resumed>) = 18 [pid 1206] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1206] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1206] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 286] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1206] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 286] unlink("./35/binderfs" [pid 1206] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1206] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 286] <... unlink resumed>) = 0 [pid 1206] <... mprotect resumed>) = 0 [pid 286] getdents64(3, [pid 1206] rt_sigprocmask(SIG_BLOCK, ~[], [pid 286] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 1206] <... rt_sigprocmask resumed>[], 8) = 0 [pid 287] newfstatat(AT_FDCWD, "./34/binderfs", [pid 286] close(3 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] <... close resumed>) = 0 [pid 1206] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 286] rmdir("./35" [pid 284] <... openat resumed>) = 3 [pid 287] unlink("./34/binderfs" [pid 1206] <... clone3 resumed> => {parent_tid=[1208]}, 88) = 1208 [pid 286] <... rmdir resumed>) = 0 [pid 1206] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 287] <... unlink resumed>) = 0 [pid 286] mkdir("./36", 0777 [pid 287] getdents64(3, [pid 284] ioctl(3, LOOP_CLR_FD [pid 1206] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1206] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1208 attached [pid 1208] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1208] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1208] memfd_create("syzkaller", 0) = 3 [pid 1208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 286] <... mkdir resumed>) = 0 [pid 287] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 287] close(3 [pid 286] <... openat resumed>) = 3 [pid 287] <... close resumed>) = 0 [pid 286] ioctl(3, LOOP_CLR_FD [pid 287] rmdir("./34" [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 284] close(3 [pid 287] <... rmdir resumed>) = 0 [pid 286] close(3 [pid 287] mkdir("./35", 0777 [pid 284] <... close resumed>) = 0 [pid 286] <... close resumed>) = 0 [pid 1208] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1208] munmap(0x7f895cf98000, 138412032) = 0 [pid 1208] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 1208] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 1207 attached [pid 1207] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1207] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1207] memfd_create("syzkaller", 0 [pid 287] <... mkdir resumed>) = 0 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1207] <... memfd_create resumed>) = 3 [pid 1207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 286] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1210 [pid 284] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1211 ./strace-static-x86_64: Process 1210 attached ./strace-static-x86_64: Process 1211 attached [pid 1211] set_robust_list(0x55557fe8a6a0, 24 [pid 1210] set_robust_list(0x55557fe8a6a0, 24 [pid 1211] <... set_robust_list resumed>) = 0 [pid 1210] <... set_robust_list resumed>) = 0 [pid 1208] <... ioctl resumed>) = 0 [pid 1211] chdir("./35" [pid 1210] chdir("./36" [pid 1208] close(3) = 0 [pid 1208] close(4 [pid 1207] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1210] <... chdir resumed>) = 0 [pid 1211] <... chdir resumed>) = 0 [pid 1210] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1210] setpgid(0, 0) = 0 [pid 1210] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1207] <... write resumed>) = 524288 [pid 1211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1210] <... openat resumed>) = 3 [pid 1207] munmap(0x7f895cf98000, 138412032 [pid 1211] setpgid(0, 0) = 0 [pid 1211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1210] write(3, "1000", 4 [pid 1211] write(3, "1000", 4 [pid 1210] <... write resumed>) = 4 [pid 1211] <... write resumed>) = 4 [pid 1210] close(3 [pid 1211] close(3 [pid 1210] <... close resumed>) = 0 [pid 1211] <... close resumed>) = 0 [pid 1211] symlink("/dev/binderfs", "./binderfs" [pid 1210] symlink("/dev/binderfs", "./binderfs" [pid 1211] <... symlink resumed>) = 0 [pid 1207] <... munmap resumed>) = 0 executing program [pid 1210] <... symlink resumed>) = 0 [pid 1210] write(1, "executing program\n", 18) = 18 executing program [pid 1210] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1211] write(1, "executing program\n", 18) = 18 [pid 1210] <... futex resumed>) = 0 [pid 1211] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1210] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1211] <... futex resumed>) = 0 [pid 1210] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1211] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1210] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1211] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1210] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1211] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1210] <... mmap resumed>) = 0x7f8965398000 [pid 1211] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1210] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1211] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1207] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1210] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1211] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1210] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1211] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1211] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0}./strace-static-x86_64: Process 1212 attached [pid 1210] <... clone3 resumed> => {parent_tid=[1212]}, 88) = 1212 [pid 1212] set_robust_list(0x7f89653b89a0, 24 [pid 1210] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 1213 attached [pid 1212] <... set_robust_list resumed>) = 0 [pid 1212] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1212] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1211] <... clone3 resumed> => {parent_tid=[1213]}, 88) = 1213 [pid 1211] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1211] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1211] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1210] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1210] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1210] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1212] <... futex resumed>) = 0 [pid 1212] memfd_create("syzkaller", 0) = 3 [pid 1212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1213] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1213] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1213] memfd_create("syzkaller", 0) = 3 [pid 1213] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1212] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1212] munmap(0x7f895cf98000, 138412032) = 0 [pid 1212] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1213] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1208] <... close resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 1213] munmap(0x7f895cf98000, 138412032) = 0 [pid 1213] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1208] mkdir("./file1", 0777) = 0 [pid 287] ioctl(3, LOOP_CLR_FD [pid 1208] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1207] <... openat resumed>) = 4 [pid 1207] ioctl(4, LOOP_SET_FD, 3 [pid 1213] <... openat resumed>) = 4 [pid 1207] <... ioctl resumed>) = 0 [pid 1213] ioctl(4, LOOP_SET_FD, 3 [pid 1207] close(3) = 0 [pid 1207] close(4 [pid 1213] <... ioctl resumed>) = 0 [pid 1213] close(3) = 0 [pid 1213] close(4 [pid 1207] <... close resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1213] <... close resumed>) = 0 [pid 1207] mkdir("./file1", 0777 [pid 287] close(3 [pid 1213] mkdir("./file1", 0777 [pid 1207] <... mkdir resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 1213] <... mkdir resumed>) = 0 [pid 1207] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1216 attached [pid 1213] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 287] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1216 [pid 1212] <... openat resumed>) = 4 [pid 1212] ioctl(4, LOOP_SET_FD, 3executing program [pid 1216] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1216] chdir("./35") = 0 [pid 1216] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1216] setpgid(0, 0) = 0 [pid 1216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1216] write(3, "1000", 4) = 4 [pid 1216] close(3) = 0 [pid 1216] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1216] write(1, "executing program\n", 18) = 18 [pid 1216] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1216] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1216] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1216] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1216] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1216] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1218]}, 88) = 1218 [pid 1216] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1216] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1216] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1218 attached [pid 1218] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1218] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1218] memfd_create("syzkaller", 0) = 3 [pid 1218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1218] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1218] munmap(0x7f895cf98000, 138412032) = 0 [pid 1218] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1212] <... ioctl resumed>) = 0 [pid 1212] close(3) = 0 [ 47.665476][ T1208] EXT4-fs (loop2): Ignoring removed nobh option [ 47.671815][ T1208] EXT4-fs (loop2): Ignoring removed bh option [ 47.681186][ T1208] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 47.685817][ T1207] EXT4-fs (loop0): Ignoring removed nobh option [ 47.699871][ T1213] EXT4-fs (loop1): Ignoring removed nobh option [ 47.703800][ T1207] EXT4-fs (loop0): Ignoring removed bh option [pid 1212] close(4) = 0 [pid 1218] <... openat resumed>) = 4 [pid 1212] mkdir("./file1", 0777 [pid 1218] ioctl(4, LOOP_SET_FD, 3 [pid 1212] <... mkdir resumed>) = 0 [pid 1212] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1208] <... mount resumed>) = 0 [pid 1208] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1208] chdir("./file1") = 0 [pid 1208] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1218] <... ioctl resumed>) = 0 [pid 1208] <... openat resumed>) = 4 [pid 1208] ioctl(4, LOOP_CLR_FD) = 0 [pid 1218] close(3) = 0 [pid 1218] close(4 [pid 1208] close(4 [pid 1218] <... close resumed>) = 0 [pid 1208] <... close resumed>) = 0 [pid 1208] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1218] mkdir("./file1", 0777 [pid 1208] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1206] <... futex resumed>) = 0 [pid 1218] <... mkdir resumed>) = 0 [pid 1206] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1218] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1208] <... futex resumed>) = 0 [pid 1206] <... futex resumed>) = 1 [pid 1208] openat(AT_FDCWD, "./file1", O_RDWR [pid 1206] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1208] <... openat resumed>) = 4 [pid 1208] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1206] <... futex resumed>) = 0 [pid 1208] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1206] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1208] <... pwrite64 resumed>) = 87490 [pid 1206] <... futex resumed>) = 0 [pid 1206] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1208] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1206] <... futex resumed>) = 0 [pid 1206] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1206] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1208] <... futex resumed>) = 1 [pid 1208] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1208] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1206] <... futex resumed>) = 0 [pid 1206] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1206] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1208] <... futex resumed>) = 1 [ 47.707187][ T1213] EXT4-fs (loop1): Ignoring removed bh option [ 47.712958][ T1207] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 47.718941][ T1213] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 47.739203][ T1212] EXT4-fs (loop3): Ignoring removed nobh option [ 47.750347][ T1212] EXT4-fs (loop3): Ignoring removed bh option [pid 1208] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1207] <... mount resumed>) = 0 [pid 1207] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1207] chdir("./file1") = 0 [pid 1207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1207] ioctl(4, LOOP_CLR_FD) = 0 [pid 1207] close(4) = 0 [pid 1207] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1207] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1208] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1208] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1206] <... futex resumed>) = 0 [pid 1205] <... futex resumed>) = 0 [pid 1206] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1205] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1213] <... mount resumed>) = 0 [pid 1212] <... mount resumed>) = 0 [pid 1213] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1212] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1213] chdir("./file1" [pid 1212] chdir("./file1" [pid 1213] <... chdir resumed>) = 0 [pid 1212] <... chdir resumed>) = 0 [pid 1213] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1212] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1213] <... openat resumed>) = 4 [pid 1212] <... openat resumed>) = 4 [pid 1213] ioctl(4, LOOP_CLR_FD) = 0 [pid 1212] ioctl(4, LOOP_CLR_FD [pid 1213] close(4 [pid 1212] <... ioctl resumed>) = 0 [pid 1213] <... close resumed>) = 0 [pid 1212] close(4 [pid 1213] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1212] <... close resumed>) = 0 [pid 1213] <... futex resumed>) = 1 [pid 1212] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1211] <... futex resumed>) = 0 [pid 1213] openat(AT_FDCWD, "./file1", O_RDWR [pid 1212] <... futex resumed>) = 1 [pid 1211] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1210] <... futex resumed>) = 0 [pid 1213] <... openat resumed>) = 4 [pid 1212] openat(AT_FDCWD, "./file1", O_RDWR [pid 1211] <... futex resumed>) = 0 [pid 1210] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1213] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1212] <... openat resumed>) = 4 [pid 1211] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1210] <... futex resumed>) = 0 [pid 1213] <... futex resumed>) = 0 [pid 1212] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1211] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1210] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1213] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1212] <... futex resumed>) = 0 [pid 1211] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1210] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1213] <... pwrite64 resumed>) = 87490 [pid 1212] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1211] <... futex resumed>) = 0 [ 47.756794][ T1212] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 47.769769][ T1218] EXT4-fs (loop4): Ignoring removed nobh option [ 47.778043][ T1208] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 47.781209][ T1218] EXT4-fs (loop4): Ignoring removed bh option [ 47.799349][ T1218] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1210] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1212] <... pwrite64 resumed>) = 87490 [pid 1211] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1210] <... futex resumed>) = 0 [pid 1208] <... futex resumed>) = 0 [pid 1207] <... futex resumed>) = 0 [pid 1206] <... futex resumed>) = 1 [pid 1205] <... futex resumed>) = 1 [pid 1210] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1208] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1207] openat(AT_FDCWD, "./file1", O_RDWR [pid 1206] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1205] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1213] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1207] <... openat resumed>) = 4 [pid 1213] <... futex resumed>) = 1 [pid 1212] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1211] <... futex resumed>) = 0 [pid 1207] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1213] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1212] <... futex resumed>) = 1 [pid 1211] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1210] <... futex resumed>) = 0 [pid 1208] <... pwrite64 resumed>) = 176128 [pid 1207] <... futex resumed>) = 1 [pid 1205] <... futex resumed>) = 0 [pid 1213] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1212] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1211] <... futex resumed>) = 0 [pid 1210] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1207] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1208] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1205] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1213] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1212] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1211] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1210] <... futex resumed>) = 0 [pid 1207] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1205] <... futex resumed>) = 0 [pid 1213] <... openat resumed>) = 5 [pid 1212] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1210] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1207] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1205] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1213] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1212] <... openat resumed>) = 5 [pid 1213] <... futex resumed>) = 1 [pid 1212] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1213] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1212] <... futex resumed>) = 1 [pid 1212] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1206] <... futex resumed>) = 0 [pid 1206] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1206] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1208] <... futex resumed>) = 1 [pid 1208] truncate("./file1", 1 [pid 1207] <... pwrite64 resumed>) = 87490 [pid 1211] <... futex resumed>) = 0 [pid 1210] <... futex resumed>) = 0 [pid 1211] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1210] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1207] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1213] <... futex resumed>) = 0 [pid 1212] <... futex resumed>) = 0 [pid 1211] <... futex resumed>) = 1 [pid 1210] <... futex resumed>) = 1 [pid 1213] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1212] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1211] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1207] <... futex resumed>) = 1 [pid 1205] <... futex resumed>) = 0 [pid 1213] <... pwrite64 resumed>) = 176128 [pid 1210] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1207] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1208] <... truncate resumed>) = 0 [pid 1213] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1211] <... futex resumed>) = 0 [pid 1211] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1211] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1213] <... futex resumed>) = 1 [ 47.812995][ T1208] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 47.838503][ T1213] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1213] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1208] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1205] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1205] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1206] <... futex resumed>) = 0 [pid 1206] exit_group(0) = ? [pid 1208] <... futex resumed>) = ? [pid 1208] +++ exited with 0 +++ [pid 1206] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1206, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 285] restart_syscall(<... resuming interrupted clone ...> [pid 1212] <... pwrite64 resumed>) = 176128 [pid 1212] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1212] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1207] <... futex resumed>) = 0 [pid 1207] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1207] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1205] <... futex resumed>) = 0 [pid 1207] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1205] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1210] <... futex resumed>) = 0 [pid 1205] <... futex resumed>) = 0 [pid 285] <... restart_syscall resumed>) = 0 [pid 1210] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1210] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1213] <... pwrite64 resumed>) = 176128 [pid 1213] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1211] <... futex resumed>) = 0 [pid 1211] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1211] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1213] <... futex resumed>) = 1 [pid 1213] truncate("./file1", 1) = 0 [pid 1213] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1211] <... futex resumed>) = 0 [pid 1211] exit_group(0) = ? [pid 1213] <... futex resumed>) = ? [pid 1213] +++ exited with 0 +++ [pid 1211] +++ exited with 0 +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1211, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 284] restart_syscall(<... resuming interrupted clone ...> [pid 1205] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1212] <... futex resumed>) = 0 [pid 1212] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1218] <... mount resumed>) = 0 [pid 284] <... restart_syscall resumed>) = 0 [pid 1218] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1218] chdir("./file1" [pid 284] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1218] <... chdir resumed>) = 0 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1218] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 284] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1218] <... openat resumed>) = 4 [pid 284] <... openat resumed>) = 3 [pid 1218] ioctl(4, LOOP_CLR_FD [pid 284] newfstatat(3, "", [pid 1218] <... ioctl resumed>) = 0 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1218] close(4 [pid 284] getdents64(3, [pid 1218] <... close resumed>) = 0 [pid 284] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 1218] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1218] <... futex resumed>) = 1 [pid 1218] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1207] <... pwrite64 resumed>) = 176128 [pid 1207] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1207] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1216] <... futex resumed>) = 0 [pid 1216] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1218] <... futex resumed>) = 0 [pid 1216] <... futex resumed>) = 1 [pid 1218] openat(AT_FDCWD, "./file1", O_RDWR [pid 1216] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1218] <... openat resumed>) = 4 [ 47.838556][ T1212] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 47.858649][ T1213] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 47.874712][ T1207] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 47.888646][ T1212] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1218] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1216] <... futex resumed>) = 0 [pid 1218] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1216] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1218] <... pwrite64 resumed>) = 87490 [pid 1216] <... futex resumed>) = 0 [pid 1212] <... pwrite64 resumed>) = 176128 [pid 1205] <... futex resumed>) = 0 [pid 1218] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1216] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1218] <... futex resumed>) = 0 [pid 1216] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1205] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1218] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1216] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1216] <... futex resumed>) = 0 [pid 1207] <... futex resumed>) = 0 [pid 1205] <... futex resumed>) = 1 [pid 1218] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1216] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1207] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1218] <... openat resumed>) = 5 [pid 1205] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1218] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1216] <... futex resumed>) = 0 [pid 1218] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1216] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1216] <... futex resumed>) = 0 [pid 1218] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1216] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1212] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1207] <... pwrite64 resumed>) = 176128 [pid 1212] <... futex resumed>) = 1 [pid 1210] <... futex resumed>) = 0 [pid 1212] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1210] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1212] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1210] <... futex resumed>) = 0 [pid 1212] truncate("./file1", 1 [pid 1210] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1212] <... truncate resumed>) = 0 [pid 1212] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1210] <... futex resumed>) = 0 [pid 1212] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1210] exit_group(0 [pid 1212] <... futex resumed>) = ? [pid 1210] <... exit_group resumed>) = ? [pid 1212] +++ exited with 0 +++ [pid 1210] +++ exited with 0 +++ [pid 1207] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1205] <... futex resumed>) = 0 [pid 1205] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1205] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1207] <... futex resumed>) = 1 [pid 1207] truncate("./file1", 1) = 0 [pid 1207] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1205] <... futex resumed>) = 0 [pid 1205] exit_group(0) = ? [pid 1207] <... futex resumed>) = ? [pid 1207] +++ exited with 0 +++ [pid 1205] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1210, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 286] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 286] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 286] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1205, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 283] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 283] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1218] <... pwrite64 resumed>) = 176128 [pid 1218] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1218] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1216] <... futex resumed>) = 0 [pid 1216] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1218] <... futex resumed>) = 0 [pid 1216] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 47.914059][ T1207] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 47.936658][ T1218] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1218] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1218] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1216] <... futex resumed>) = 0 [pid 1218] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1216] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1216] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1218] <... futex resumed>) = 0 [pid 1218] truncate("./file1", 1) = 0 [pid 1218] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1216] <... futex resumed>) = 0 [pid 1218] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1216] exit_group(0 [pid 1218] <... futex resumed>) = ? [pid 1216] <... exit_group resumed>) = ? [pid 1218] +++ exited with 0 +++ [pid 1216] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1216, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] <... umount2 resumed>) = 0 [pid 284] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 284] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [ 47.954322][ T1218] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 284] close(4) = 0 [pid 284] rmdir("./35/file1") = 0 [pid 284] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] unlink("./35/binderfs") = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] close(3) = 0 [pid 284] rmdir("./35") = 0 [pid 284] mkdir("./36", 0777) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 285] <... umount2 resumed>) = 0 [pid 284] <... openat resumed>) = 3 [pid 283] <... umount2 resumed>) = 0 [pid 285] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] ioctl(3, LOOP_CLR_FD [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 285] newfstatat(AT_FDCWD, "./35/file1", [pid 284] close(3 [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] <... close resumed>) = 0 [pid 285] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 284] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1230 [pid 285] <... openat resumed>) = 4 [pid 285] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] close(4) = 0 [pid 285] rmdir("./35/file1"./strace-static-x86_64: Process 1230 attached [pid 1230] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1230] chdir("./36") = 0 [pid 1230] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1230] setpgid(0, 0) = 0 [pid 1230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1230] write(3, "1000", 4) = 4 [pid 1230] close(3) = 0 [pid 1230] symlink("/dev/binderfs", "./binderfs" [pid 287] <... umount2 resumed>) = 0 [pid 286] <... umount2 resumed>) = 0 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, [pid 286] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./36/file1", [pid 287] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, [pid 286] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, [pid 283] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] close(4) = 0 [pid 285] <... rmdir resumed>) = 0 [pid 283] rmdir("./35/file1") = 0 [pid 285] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] getdents64(4, [pid 285] newfstatat(AT_FDCWD, "./35/binderfs", [pid 287] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] close(4 [pid 285] unlink("./35/binderfs" [pid 287] <... close resumed>) = 0 [pid 283] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] rmdir("./35/file1" [pid 285] <... unlink resumed>) = 0 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] unlink("./35/binderfs" [pid 287] <... rmdir resumed>) = 0 [pid 285] getdents64(3, [pid 287] umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] close(3 [pid 283] <... unlink resumed>) = 0 [pid 287] newfstatat(AT_FDCWD, "./35/binderfs", [pid 285] <... close resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] rmdir("./35" [pid 287] unlink("./35/binderfs" [pid 283] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] close(3 [pid 285] <... rmdir resumed>) = 0 [pid 283] <... close resumed>) = 0 [pid 283] rmdir("./35" [pid 287] <... unlink resumed>) = 0 [pid 285] mkdir("./36", 0777 [pid 283] <... rmdir resumed>) = 0 [pid 287] getdents64(3, [pid 283] mkdir("./36", 0777 [pid 287] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] <... mkdir resumed>) = 0 [pid 283] <... mkdir resumed>) = 0 [pid 287] close(3 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 287] <... close resumed>) = 0 [pid 287] rmdir("./35" [pid 285] <... openat resumed>) = 3 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 283] ioctl(3, LOOP_CLR_FD [pid 287] <... rmdir resumed>) = 0 [pid 285] ioctl(3, LOOP_CLR_FD [pid 283] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] mkdir("./36", 0777 [pid 285] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 283] close(3 [pid 1230] <... symlink resumed>) = 0 [pid 287] <... mkdir resumed>) = 0 [pid 286] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] close(3 [pid 283] <... close resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 285] <... close resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 285] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1231 [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1232 executing program [pid 1230] write(1, "executing program\n", 18) = 18 [pid 286] getdents64(4, [pid 1230] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] close(4) = 0 [pid 1230] <... futex resumed>) = 0 [pid 1230] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 286] rmdir("./36/file1" [pid 1230] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 286] <... rmdir resumed>) = 0 [pid 1230] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1230] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1230] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1230] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 286] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1230] <... clone3 resumed> => {parent_tid=[1233]}, 88) = 1233 [pid 1230] rt_sigprocmask(SIG_SETMASK, [], [pid 286] unlink("./36/binderfs" [pid 1230] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 286] <... unlink resumed>) = 0 [pid 1230] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1230] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 286] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] close(3) = 0 [pid 286] rmdir("./36") = 0 [pid 286] mkdir("./37", 0777) = 0 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 286] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 286] close(3) = 0 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1234 ./strace-static-x86_64: Process 1233 attached [pid 1233] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1233] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1233] memfd_create("syzkaller", 0) = 3 [pid 1233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1233] <... mmap resumed>) = 0x7f895cf98000 [pid 283] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1235 ./strace-static-x86_64: Process 1231 attached ./strace-static-x86_64: Process 1232 attached [pid 1233] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288./strace-static-x86_64: Process 1235 attached [pid 1235] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1235] chdir("./36") = 0 [pid 1235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1235] setpgid(0, 0) = 0 [pid 1235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1231] set_robust_list(0x55557fe8a6a0, 24 [pid 1232] set_robust_list(0x55557fe8a6a0, 24 [pid 1231] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 1234 attached [pid 1232] <... set_robust_list resumed>) = 0 [pid 1231] chdir("./36" [pid 1232] chdir("./36" [pid 1231] <... chdir resumed>) = 0 [pid 1234] set_robust_list(0x55557fe8a6a0, 24 [pid 1232] <... chdir resumed>) = 0 [pid 1231] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1234] <... set_robust_list resumed>) = 0 [pid 1232] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1231] <... prctl resumed>) = 0 [pid 1232] <... prctl resumed>) = 0 [pid 1231] setpgid(0, 0 [pid 1232] setpgid(0, 0 [pid 1231] <... setpgid resumed>) = 0 [pid 1232] <... setpgid resumed>) = 0 [pid 1231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1234] chdir("./37" [pid 1232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1231] <... openat resumed>) = 3 [pid 1232] <... openat resumed>) = 3 [pid 1231] write(3, "1000", 4 [pid 1234] <... chdir resumed>) = 0 [pid 1232] write(3, "1000", 4 [pid 1231] <... write resumed>) = 4 [pid 1235] write(3, "1000", 4) = 4 [pid 1235] close(3) = 0 [pid 1235] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1235] write(1, "executing program\n", 18executing program ) = 18 [pid 1235] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1235] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1231] close(3 [pid 1232] <... write resumed>) = 4 [pid 1234] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1231] <... close resumed>) = 0 [pid 1234] <... prctl resumed>) = 0 [pid 1232] close(3 [pid 1231] symlink("/dev/binderfs", "./binderfs" [pid 1232] <... close resumed>) = 0 [pid 1234] setpgid(0, 0 [pid 1235] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1231] <... symlink resumed>) = 0 [pid 1234] <... setpgid resumed>) = 0 [pid 1232] symlink("/dev/binderfs", "./binderfs" [pid 1231] write(1, "executing program\n", 18executing program [pid 1232] <... symlink resumed>) = 0 [pid 1231] <... write resumed>) = 18 executing program [pid 1235] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1232] write(1, "executing program\n", 18 [pid 1231] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1232] <... write resumed>) = 18 [pid 1234] <... openat resumed>) = 3 [pid 1231] <... futex resumed>) = 0 [pid 1232] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1234] write(3, "1000", 4 [pid 1232] <... futex resumed>) = 0 [pid 1231] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1234] <... write resumed>) = 4 [pid 1232] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1231] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1234] close(3 [pid 1232] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1231] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1234] <... close resumed>) = 0 [pid 1232] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1234] symlink("/dev/binderfs", "./binderfs" [pid 1232] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1231] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0executing program [pid 1234] <... symlink resumed>) = 0 [pid 1232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1231] <... mmap resumed>) = 0x7f8965398000 [pid 1234] write(1, "executing program\n", 18 [pid 1232] <... mmap resumed>) = 0x7f8965398000 [pid 1231] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 1234] <... write resumed>) = 18 [pid 1232] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 1231] <... mprotect resumed>) = 0 [pid 1232] <... mprotect resumed>) = 0 [pid 1234] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1231] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1232] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1231] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1234] <... futex resumed>) = 0 [pid 1232] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1231] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1234] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1232] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1231] <... clone3 resumed> => {parent_tid=[1236]}, 88) = 1236 [pid 1234] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1232] <... clone3 resumed> => {parent_tid=[1237]}, 88) = 1237 [pid 1231] rt_sigprocmask(SIG_SETMASK, [], [pid 1232] rt_sigprocmask(SIG_SETMASK, [], [pid 1234] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1232] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1231] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1234] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1232] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1231] <... futex resumed>) = 0 [pid 1234] <... mmap resumed>) = 0x7f8965398000 [pid 1232] <... futex resumed>) = 0 [pid 1234] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 1231] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1234] <... mprotect resumed>) = 0 [pid 1232] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1234] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1233] <... write resumed>) = 524288 [pid 1235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1235] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1235] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1234] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1233] munmap(0x7f895cf98000, 138412032 [pid 1234] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1235] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1235] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1239]}, 88) = 1239 [pid 1234] <... clone3 resumed> => {parent_tid=[1238]}, 88) = 1238 [pid 1235] rt_sigprocmask(SIG_SETMASK, [], [pid 1234] rt_sigprocmask(SIG_SETMASK, [], [pid 1233] <... munmap resumed>) = 0 [pid 1234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1235] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1234] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1233] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1234] <... futex resumed>) = 0 [pid 1235] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1234] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1235] <... futex resumed>) = 0 [pid 1233] <... openat resumed>) = 4 [pid 1235] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1239 attached [pid 1239] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1239] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1239] memfd_create("syzkaller", 0) = 3 ./strace-static-x86_64: Process 1237 attached [pid 1237] set_robust_list(0x7f89653b89a0, 24 [pid 1239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1237] <... set_robust_list resumed>) = 0 [pid 1237] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1233] ioctl(4, LOOP_SET_FD, 3 [pid 1237] memfd_create("syzkaller", 0) = 3 [pid 1237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1233] <... ioctl resumed>) = 0 [pid 1233] close(3./strace-static-x86_64: Process 1236 attached [pid 1236] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1236] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1236] memfd_create("syzkaller", 0) = 3 [pid 1233] <... close resumed>) = 0 [pid 1236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1233] close(4./strace-static-x86_64: Process 1238 attached [pid 1238] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1238] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1238] memfd_create("syzkaller", 0 [pid 1233] <... close resumed>) = 0 [pid 1238] <... memfd_create resumed>) = 3 [pid 1238] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1233] mkdir("./file1", 0777) = 0 [pid 1233] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1236] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1238] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1237] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1239] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1237] <... write resumed>) = 524288 [pid 1239] <... write resumed>) = 524288 [pid 1236] <... write resumed>) = 524288 [pid 1239] munmap(0x7f895cf98000, 138412032 [pid 1238] <... write resumed>) = 524288 [pid 1237] munmap(0x7f895cf98000, 138412032 [pid 1239] <... munmap resumed>) = 0 [pid 1237] <... munmap resumed>) = 0 [pid 1239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1237] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 1239] ioctl(4, LOOP_SET_FD, 3 [pid 1237] ioctl(4, LOOP_SET_FD, 3 [pid 1236] munmap(0x7f895cf98000, 138412032) = 0 [pid 1236] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1238] munmap(0x7f895cf98000, 138412032) = 0 [pid 1238] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1239] <... ioctl resumed>) = 0 [pid 1239] close(3) = 0 [pid 1239] close(4 [pid 1237] <... ioctl resumed>) = 0 [pid 1236] <... openat resumed>) = 4 [pid 1238] <... openat resumed>) = 4 [pid 1236] ioctl(4, LOOP_SET_FD, 3 [pid 1238] ioctl(4, LOOP_SET_FD, 3 [pid 1237] close(3) = 0 [pid 1237] close(4 [pid 1233] <... mount resumed>) = 0 [pid 1233] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1233] chdir("./file1") = 0 [pid 1233] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1239] <... close resumed>) = 0 [pid 1239] mkdir("./file1", 0777 [pid 1238] <... ioctl resumed>) = 0 [pid 1236] <... ioctl resumed>) = 0 [pid 1239] <... mkdir resumed>) = 0 [pid 1236] close(3 [pid 1238] close(3 [pid 1236] <... close resumed>) = 0 [pid 1238] <... close resumed>) = 0 [pid 1236] close(4 [pid 1238] close(4 [ 48.460929][ T1233] EXT4-fs (loop1): Ignoring removed nobh option [ 48.468165][ T1233] EXT4-fs (loop1): Ignoring removed bh option [ 48.474327][ T1233] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1239] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1237] <... close resumed>) = 0 [pid 1237] mkdir("./file1", 0777 [pid 1233] <... openat resumed>) = 4 [pid 1237] <... mkdir resumed>) = 0 [pid 1233] ioctl(4, LOOP_CLR_FD [pid 1237] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1236] <... close resumed>) = 0 [pid 1236] mkdir("./file1", 0777) = 0 [pid 1236] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1238] <... close resumed>) = 0 [pid 1233] <... ioctl resumed>) = 0 [pid 1233] close(4 [ 48.653490][ T1237] EXT4-fs (loop4): Ignoring removed nobh option [ 48.659994][ T1237] EXT4-fs (loop4): Ignoring removed bh option [ 48.664041][ T1236] EXT4-fs (loop2): Ignoring removed nobh option [ 48.666470][ T1237] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 48.675305][ T1236] EXT4-fs (loop2): Ignoring removed bh option [ 48.685565][ T1239] EXT4-fs (loop0): Ignoring removed nobh option [ 48.697791][ T1239] EXT4-fs (loop0): Ignoring removed bh option [pid 1238] mkdir("./file1", 0777) = 0 [pid 1238] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1233] <... close resumed>) = 0 [pid 1233] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1230] <... futex resumed>) = 0 [pid 1233] openat(AT_FDCWD, "./file1", O_RDWR [pid 1230] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1233] <... openat resumed>) = 4 [pid 1230] <... futex resumed>) = 0 [pid 1233] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1230] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1233] <... futex resumed>) = 0 [pid 1230] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1233] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1230] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1233] <... pwrite64 resumed>) = 87490 [pid 1230] <... futex resumed>) = 0 [pid 1230] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1233] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1230] <... futex resumed>) = 0 [pid 1230] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1230] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1233] <... futex resumed>) = 1 [pid 1233] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1233] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1230] <... futex resumed>) = 0 [pid 1230] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1230] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1233] <... futex resumed>) = 1 [pid 1237] <... mount resumed>) = 0 [pid 1233] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1237] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1237] chdir("./file1") = 0 [pid 1237] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 1237] ioctl(4, LOOP_CLR_FD) = 0 [ 48.698358][ T1236] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 48.704293][ T1239] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 48.731170][ T1238] EXT4-fs (loop3): Ignoring removed nobh option [ 48.748024][ T1238] EXT4-fs (loop3): Ignoring removed bh option [pid 1237] close(4) = 0 [pid 1237] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1232] <... futex resumed>) = 0 [pid 1237] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1232] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1237] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1232] <... futex resumed>) = 0 [pid 1237] openat(AT_FDCWD, "./file1", O_RDWR [pid 1232] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1230] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1230] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 1230] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965377000 [pid 1230] mprotect(0x7f8965378000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1237] <... openat resumed>) = 4 [pid 1230] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1237] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1230] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1237] <... futex resumed>) = 1 [pid 1232] <... futex resumed>) = 0 [pid 1230] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8965397990, parent_tid=0x7f8965397990, exit_signal=0, stack=0x7f8965377000, stack_size=0x20300, tls=0x7f89653976c0} [pid 1237] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1232] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1237] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1232] <... futex resumed>) = 0 [pid 1230] <... clone3 resumed> => {parent_tid=[1251]}, 88) = 1251 [pid 1237] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1232] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1230] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 1251 attached NULL, 8) = 0 [pid 1237] <... pwrite64 resumed>) = 87490 [pid 1251] set_robust_list(0x7f89653979a0, 24 [pid 1230] futex(0x7f89654836d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1251] <... set_robust_list resumed>) = 0 [pid 1237] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1230] <... futex resumed>) = 0 [pid 1251] rt_sigprocmask(SIG_SETMASK, [], [pid 1230] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1251] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1251] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1237] <... futex resumed>) = 1 [pid 1232] <... futex resumed>) = 0 [pid 1232] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1232] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1237] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1237] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1232] <... futex resumed>) = 0 [pid 1232] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1232] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 48.752617][ T1233] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 48.754371][ T1238] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1237] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1239] <... mount resumed>) = 0 [pid 1238] <... mount resumed>) = 0 [pid 1236] <... mount resumed>) = 0 [pid 1233] <... pwrite64 resumed>) = 176128 [pid 1239] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1238] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1236] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1233] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1239] <... openat resumed>) = 3 [pid 1238] <... openat resumed>) = 3 [pid 1236] <... openat resumed>) = 3 [pid 1233] <... futex resumed>) = 0 [pid 1239] chdir("./file1" [pid 1238] chdir("./file1" [pid 1236] chdir("./file1" [pid 1233] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1239] <... chdir resumed>) = 0 [pid 1238] <... chdir resumed>) = 0 [pid 1236] <... chdir resumed>) = 0 [pid 1239] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1238] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1236] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1239] <... openat resumed>) = 4 [pid 1238] <... openat resumed>) = 4 [pid 1236] <... openat resumed>) = 4 [pid 1239] ioctl(4, LOOP_CLR_FD [pid 1238] ioctl(4, LOOP_CLR_FD [pid 1236] ioctl(4, LOOP_CLR_FD [pid 1239] <... ioctl resumed>) = 0 [pid 1238] <... ioctl resumed>) = 0 [pid 1236] <... ioctl resumed>) = 0 [pid 1239] close(4 [pid 1238] close(4 [pid 1236] close(4 [pid 1239] <... close resumed>) = 0 [pid 1238] <... close resumed>) = 0 [pid 1236] <... close resumed>) = 0 [pid 1239] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1238] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1236] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1239] <... futex resumed>) = 1 [pid 1238] <... futex resumed>) = 1 [pid 1236] <... futex resumed>) = 1 [pid 1235] <... futex resumed>) = 0 [pid 1239] openat(AT_FDCWD, "./file1", O_RDWR [pid 1238] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1236] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1235] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1239] <... openat resumed>) = 4 [pid 1235] <... futex resumed>) = 0 [pid 1239] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1235] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1239] <... futex resumed>) = 0 [pid 1235] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1239] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1235] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1239] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1235] <... futex resumed>) = 0 [pid 1239] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1235] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1239] <... pwrite64 resumed>) = 87490 [pid 1234] <... futex resumed>) = 0 [pid 1231] <... futex resumed>) = 0 [pid 1239] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1235] <... futex resumed>) = 0 [pid 1235] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1235] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1239] <... futex resumed>) = 1 [pid 1239] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1239] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1235] <... futex resumed>) = 0 [pid 1235] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1235] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1239] <... futex resumed>) = 1 [pid 1239] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1237] <... pwrite64 resumed>) = 176128 [pid 1234] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1231] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1237] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1236] <... futex resumed>) = 0 [pid 1234] <... futex resumed>) = 1 [pid 1231] <... futex resumed>) = 1 [pid 1237] <... futex resumed>) = 1 [pid 1236] openat(AT_FDCWD, "./file1", O_RDWR [pid 1234] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1232] <... futex resumed>) = 0 [pid 1231] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1237] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1232] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1230] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1237] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1232] <... futex resumed>) = 0 [pid 1230] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [ 48.795271][ T1251] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 48.795560][ T1237] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 48.833175][ T1239] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1237] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1232] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1230] <... futex resumed>) = 1 [pid 1251] <... pwrite64 resumed>) = 176128 [pid 1239] <... pwrite64 resumed>) = 176128 [pid 1238] <... futex resumed>) = 0 [pid 1233] <... futex resumed>) = 0 [pid 1239] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1238] openat(AT_FDCWD, "./file1", O_RDWR [pid 1233] truncate("./file1", 1 [pid 1239] <... futex resumed>) = 1 [pid 1238] <... openat resumed>) = 4 [pid 1235] <... futex resumed>) = 0 [pid 1233] <... truncate resumed>) = 0 [pid 1239] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1238] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1235] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1233] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1239] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1238] <... futex resumed>) = 1 [pid 1235] <... futex resumed>) = 0 [pid 1233] <... futex resumed>) = 0 [pid 1239] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1238] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1235] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1233] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1251] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1236] <... openat resumed>) = 4 [pid 1234] <... futex resumed>) = 0 [pid 1230] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1251] <... futex resumed>) = 0 [pid 1236] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1234] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1230] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1251] futex(0x7f89654836d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1237] <... pwrite64 resumed>) = 176128 [pid 1236] <... futex resumed>) = 1 [pid 1234] <... futex resumed>) = 0 [pid 1231] <... futex resumed>) = 0 [pid 1230] exit_group(0 [pid 1251] <... futex resumed>) = ? [pid 1238] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1237] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1236] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1234] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1233] <... futex resumed>) = ? [pid 1231] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1230] <... exit_group resumed>) = ? [pid 1251] +++ exited with 0 +++ [pid 1238] <... pwrite64 resumed>) = 87490 [pid 1237] <... futex resumed>) = 1 [pid 1236] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1233] +++ exited with 0 +++ [pid 1232] <... futex resumed>) = 0 [pid 1231] <... futex resumed>) = 0 [pid 1230] +++ exited with 0 +++ [pid 1238] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1237] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1236] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1232] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1231] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1239] <... pwrite64 resumed>) = 176128 [pid 1238] <... futex resumed>) = 1 [pid 1237] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1234] <... futex resumed>) = 0 [pid 1239] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1230, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 1239] <... futex resumed>) = 1 [pid 1235] <... futex resumed>) = 0 [pid 1234] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1232] <... futex resumed>) = 0 [pid 1239] truncate("./file1", 1 [pid 1238] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1235] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1234] <... futex resumed>) = 0 [pid 1232] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1238] <... openat resumed>) = 5 [pid 1237] truncate("./file1", 1 [pid 1236] <... pwrite64 resumed>) = 87490 [pid 1235] <... futex resumed>) = 0 [pid 1234] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1239] <... truncate resumed>) = 0 [pid 1238] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1236] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1235] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1234] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1239] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1238] <... futex resumed>) = 0 [pid 1236] <... futex resumed>) = 1 [pid 1234] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1231] <... futex resumed>) = 0 [pid 284] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1239] <... futex resumed>) = 1 [pid 1238] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1236] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1235] <... futex resumed>) = 0 [pid 1234] <... futex resumed>) = 0 [pid 1231] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... openat resumed>) = 3 [pid 1239] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1237] <... truncate resumed>) = 0 [pid 1237] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1232] <... futex resumed>) = 0 [pid 1234] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1231] <... futex resumed>) = 0 [pid 1235] exit_group(0 [pid 1232] exit_group(0 [pid 1231] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1236] <... openat resumed>) = 5 [pid 1235] <... exit_group resumed>) = ? [pid 1232] <... exit_group resumed>) = ? [pid 1239] <... futex resumed>) = ? [pid 1239] +++ exited with 0 +++ [pid 1236] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1235] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1235, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 283] restart_syscall(<... resuming interrupted clone ...> [pid 1237] +++ exited with 0 +++ [pid 1232] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1232, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 1236] <... futex resumed>) = 1 [pid 1231] <... futex resumed>) = 0 [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 1236] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1231] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1238] <... pwrite64 resumed>) = 176128 [pid 1231] <... futex resumed>) = 0 [pid 287] <... restart_syscall resumed>) = 0 [pid 283] <... restart_syscall resumed>) = 0 [pid 1238] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1231] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1238] <... futex resumed>) = 1 [pid 1234] <... futex resumed>) = 0 [pid 1238] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1234] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1234] <... futex resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 48.841358][ T1237] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 48.854918][ T1239] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 48.887553][ T1238] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1238] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1234] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 283] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] <... openat resumed>) = 3 [pid 283] <... openat resumed>) = 3 [pid 287] newfstatat(3, "", [pid 283] newfstatat(3, "", [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, [pid 283] getdents64(3, [pid 287] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1238] <... pwrite64 resumed>) = 176128 [pid 1238] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1238] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1234] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1234] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1234] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1238] <... futex resumed>) = 0 [pid 1238] truncate("./file1", 1) = 0 [pid 1238] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1234] <... futex resumed>) = 0 [pid 1234] exit_group(0) = ? [pid 1238] <... futex resumed>) = ? [pid 1238] +++ exited with 0 +++ [pid 1234] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1234, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 286] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 286] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 286] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1236] <... pwrite64 resumed>) = 176128 [pid 1236] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1231] <... futex resumed>) = 0 [pid 1236] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1231] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1236] <... futex resumed>) = 0 [pid 1231] <... futex resumed>) = 1 [pid 1231] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1236] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 284] <... umount2 resumed>) = 0 [pid 284] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1236] <... pwrite64 resumed>) = 176128 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1236] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1236] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 284] newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 284] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 1231] <... futex resumed>) = 0 [pid 284] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] close(4 [pid 1231] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... close resumed>) = 0 [pid 284] rmdir("./36/file1" [pid 1236] <... futex resumed>) = 0 [pid 1231] <... futex resumed>) = 1 [pid 1231] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] <... rmdir resumed>) = 0 [pid 1236] truncate("./file1", 1 [pid 284] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] unlink("./36/binderfs") = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] close(3) = 0 [pid 284] rmdir("./36") = 0 [pid 284] mkdir("./37", 0777) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1236] <... truncate resumed>) = 0 [pid 1236] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1231] <... futex resumed>) = 0 [pid 1231] exit_group(0) = ? [pid 1236] <... futex resumed>) = ? [pid 1236] +++ exited with 0 +++ [pid 1231] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1231, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 285] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 285] umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 48.906635][ T1238] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 48.908491][ T1236] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 48.939059][ T1236] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 285] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./36/file1") = 0 [pid 287] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./36/binderfs") = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./36") = 0 [pid 287] mkdir("./37", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 286] <... umount2 resumed>) = 0 [pid 284] <... openat resumed>) = 3 [pid 283] <... umount2 resumed>) = 0 [pid 287] ioctl(3, LOOP_CLR_FD [pid 283] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] close(3 [pid 283] newfstatat(AT_FDCWD, "./36/file1", [pid 287] <... close resumed>) = 0 [pid 286] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 283] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1256 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] close(4) = 0 [pid 283] rmdir("./36/file1") = 0 [pid 283] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] unlink("./36/binderfs") = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] close(3) = 0 [pid 283] rmdir("./36" [pid 286] newfstatat(AT_FDCWD, "./37/file1", [pid 285] <... umount2 resumed>) = 0 [pid 284] ioctl(3, LOOP_CLR_FD [pid 283] <... rmdir resumed>) = 0 [pid 283] mkdir("./37", 0777 [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 283] <... mkdir resumed>) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 283] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 283] close(3) = 0 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 286] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] close(3 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] <... close resumed>) = 0 [pid 283] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1257 ./strace-static-x86_64: Process 1256 attached [pid 1256] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1256] chdir("./37" [pid 286] openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 286] <... openat resumed>) = 4 [pid 285] newfstatat(AT_FDCWD, "./36/file1", [pid 1256] <... chdir resumed>) = 0 [pid 1256] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 286] newfstatat(4, "", [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1258 [pid 286] getdents64(4, [pid 285] umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 286] close(4) = 0 [pid 285] <... openat resumed>) = 4 [pid 286] rmdir("./37/file1" [pid 285] newfstatat(4, "", [pid 1256] <... prctl resumed>) = 0 [pid 286] <... rmdir resumed>) = 0 [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] getdents64(4, [pid 286] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 286] unlink("./37/binderfs" [pid 285] getdents64(4, [pid 286] <... unlink resumed>) = 0 [pid 285] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] getdents64(3, [pid 285] close(4 [pid 286] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] <... close resumed>) = 0 [pid 286] close(3 [pid 285] rmdir("./36/file1" [pid 286] <... close resumed>) = 0 [pid 285] <... rmdir resumed>) = 0 [pid 286] rmdir("./37" [pid 285] umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1256] setpgid(0, 0 [pid 286] <... rmdir resumed>) = 0 [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] mkdir("./38", 0777 [pid 285] newfstatat(AT_FDCWD, "./36/binderfs", [pid 1256] <... setpgid resumed>) = 0 [pid 1256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 286] <... mkdir resumed>) = 0 [pid 285] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 1257 attached [pid 1256] <... openat resumed>) = 3 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 285] unlink("./36/binderfs" [pid 1257] set_robust_list(0x55557fe8a6a0, 24 [pid 1256] write(3, "1000", 4 [pid 286] <... openat resumed>) = 3 [pid 285] <... unlink resumed>) = 0 [pid 286] ioctl(3, LOOP_CLR_FD [pid 285] getdents64(3, [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 285] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] close(3 [pid 285] close(3 [pid 286] <... close resumed>) = 0 [pid 285] <... close resumed>) = 0 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 285] rmdir("./36" [pid 1257] <... set_robust_list resumed>) = 0 [pid 1256] <... write resumed>) = 4 [pid 1257] chdir("./37" [pid 1256] close(3 [pid 285] <... rmdir resumed>) = 0 [pid 286] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1259 [pid 285] mkdir("./37", 0777 [pid 1257] <... chdir resumed>) = 0 [pid 1256] <... close resumed>) = 0 [pid 1257] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1256] symlink("/dev/binderfs", "./binderfs" [pid 285] <... mkdir resumed>) = 0 [pid 1257] <... prctl resumed>) = 0 [pid 1256] <... symlink resumed>) = 0 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 1258 attached executing program [pid 1257] setpgid(0, 0 [pid 1256] write(1, "executing program\n", 18 [pid 285] <... openat resumed>) = 3 [pid 1258] set_robust_list(0x55557fe8a6a0, 24 [pid 1257] <... setpgid resumed>) = 0 [pid 1256] <... write resumed>) = 18 [pid 285] ioctl(3, LOOP_CLR_FD [pid 1257] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1256] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1257] <... openat resumed>) = 3 [pid 1256] <... futex resumed>) = 0 [pid 1257] write(3, "1000", 4 [pid 1256] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1257] <... write resumed>) = 4 [pid 1256] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1257] close(3 [pid 1256] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1258] <... set_robust_list resumed>) = 0 [pid 1257] <... close resumed>) = 0 [pid 1256] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 285] close(3 [pid 1258] chdir("./37" [pid 1257] symlink("/dev/binderfs", "./binderfs" [pid 1256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 285] <... close resumed>) = 0 [pid 1258] <... chdir resumed>) = 0 [pid 1257] <... symlink resumed>) = 0 [pid 1256] <... mmap resumed>) = 0x7f8965398000 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program [pid 1257] write(1, "executing program\n", 18 [pid 1256] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 1258] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1257] <... write resumed>) = 18 [pid 1256] <... mprotect resumed>) = 0 [pid 1258] <... prctl resumed>) = 0 [pid 1257] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1256] rt_sigprocmask(SIG_BLOCK, ~[], [pid 285] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1260 ./strace-static-x86_64: Process 1259 attached [pid 1258] setpgid(0, 0 [pid 1257] <... futex resumed>) = 0 [pid 1256] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1259] set_robust_list(0x55557fe8a6a0, 24 [pid 1258] <... setpgid resumed>) = 0 [pid 1257] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1259] <... set_robust_list resumed>) = 0 [pid 1258] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1257] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1257] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1256] <... clone3 resumed> => {parent_tid=[1261]}, 88) = 1261 [pid 1257] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1256] rt_sigprocmask(SIG_SETMASK, [], [pid 1257] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1256] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1257] <... mmap resumed>) = 0x7f8965398000 [pid 1256] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1258] <... openat resumed>) = 3 [pid 1257] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 1256] <... futex resumed>) = 0 [pid 1259] chdir("./38" [pid 1258] write(3, "1000", 4 [pid 1257] <... mprotect resumed>) = 0 [pid 1256] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1259] <... chdir resumed>) = 0 [pid 1258] <... write resumed>) = 4 [pid 1257] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1259] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1258] close(3 [pid 1257] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1259] <... prctl resumed>) = 0 [pid 1258] <... close resumed>) = 0 [pid 1257] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1259] setpgid(0, 0 [pid 1258] symlink("/dev/binderfs", "./binderfs" [pid 1259] <... setpgid resumed>) = 0 [pid 1258] <... symlink resumed>) = 0 [pid 1257] <... clone3 resumed> => {parent_tid=[1262]}, 88) = 1262 ./strace-static-x86_64: Process 1260 attached [pid 1259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1258] write(1, "executing program\n", 18 [pid 1257] rt_sigprocmask(SIG_SETMASK, [], [pid 1260] set_robust_list(0x55557fe8a6a0, 24 [pid 1257] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1260] <... set_robust_list resumed>) = 0 [pid 1257] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1260] chdir("./37" [pid 1257] <... futex resumed>) = 0 [pid 1260] <... chdir resumed>) = 0 [pid 1257] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1260] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 executing program [pid 1260] setpgid(0, 0 [pid 1259] <... openat resumed>) = 3 [pid 1258] <... write resumed>) = 18 [pid 1260] <... setpgid resumed>) = 0 [pid 1259] write(3, "1000", 4 [pid 1258] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1260] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1258] <... futex resumed>) = 0 [pid 1260] <... openat resumed>) = 3 [pid 1260] write(3, "1000", 4) = 4 [pid 1260] close(3) = 0 [pid 1260] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 1261 attached ) = 0 [pid 1259] <... write resumed>) = 4 [pid 1258] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1259] close(3 [pid 1258] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1259] <... close resumed>) = 0 [pid 1258] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1259] symlink("/dev/binderfs", "./binderfs" [pid 1258] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 1262 attached [pid 1261] set_robust_list(0x7f89653b89a0, 24 [pid 1260] write(1, "executing program\n", 18 [pid 1259] <... symlink resumed>) = 0 [pid 1258] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1261] <... set_robust_list resumed>) = 0 [pid 1259] write(1, "executing program\n", 18 [pid 1258] <... mmap resumed>) = 0x7f8965398000 executing program [pid 1261] rt_sigprocmask(SIG_SETMASK, [], executing program [pid 1259] <... write resumed>) = 18 [pid 1258] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 1259] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1258] <... mprotect resumed>) = 0 [pid 1259] <... futex resumed>) = 0 [pid 1260] <... write resumed>) = 18 [pid 1260] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1259] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1261] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1258] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1262] set_robust_list(0x7f89653b89a0, 24 [pid 1259] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1258] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1261] memfd_create("syzkaller", 0 [pid 1259] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1262] <... set_robust_list resumed>) = 0 [pid 1259] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1258] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1262] rt_sigprocmask(SIG_SETMASK, [], [pid 1261] <... memfd_create resumed>) = 3 [pid 1260] <... futex resumed>) = 0 [pid 1259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 1263 attached [pid 1262] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1261] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1259] <... mmap resumed>) = 0x7f8965398000 [pid 1263] set_robust_list(0x7f89653b89a0, 24 [pid 1262] memfd_create("syzkaller", 0 [pid 1261] <... mmap resumed>) = 0x7f895cf98000 [pid 1259] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 1258] <... clone3 resumed> => {parent_tid=[1263]}, 88) = 1263 [pid 1262] <... memfd_create resumed>) = 3 [pid 1260] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1260] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1260] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1260] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1260] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1260] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1264]}, 88) = 1264 [pid 1260] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1260] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1260] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1264 attached [pid 1264] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1264] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1264] memfd_create("syzkaller", 0) = 3 [pid 1264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1261] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1262] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1259] <... mprotect resumed>) = 0 [pid 1258] rt_sigprocmask(SIG_SETMASK, [], [pid 1262] <... mmap resumed>) = 0x7f895cf98000 [pid 1259] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1258] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1264] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1262] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1259] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1258] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1259] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1258] <... futex resumed>) = 0 [pid 1258] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1259] <... clone3 resumed> => {parent_tid=[1265]}, 88) = 1265 [pid 1259] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1259] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1259] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1261] <... write resumed>) = 524288 [pid 1264] <... write resumed>) = 524288 ./strace-static-x86_64: Process 1265 attached [pid 1265] set_robust_list(0x7f89653b89a0, 24 [pid 1262] <... write resumed>) = 524288 [pid 1261] munmap(0x7f895cf98000, 138412032 [pid 1263] <... set_robust_list resumed>) = 0 [pid 1264] munmap(0x7f895cf98000, 138412032 [pid 1265] <... set_robust_list resumed>) = 0 [pid 1265] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1261] <... munmap resumed>) = 0 [pid 1262] munmap(0x7f895cf98000, 138412032 [pid 1265] memfd_create("syzkaller", 0) = 3 [pid 1262] <... munmap resumed>) = 0 [pid 1261] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1265] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1261] <... openat resumed>) = 4 [pid 1262] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1265] <... mmap resumed>) = 0x7f895cf98000 [pid 1263] rt_sigprocmask(SIG_SETMASK, [], [pid 1262] <... openat resumed>) = 4 [pid 1261] ioctl(4, LOOP_SET_FD, 3 [pid 1262] ioctl(4, LOOP_SET_FD, 3 [pid 1263] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1264] <... munmap resumed>) = 0 [pid 1263] memfd_create("syzkaller", 0 [pid 1264] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1261] <... ioctl resumed>) = 0 [pid 1261] close(3) = 0 [pid 1263] <... memfd_create resumed>) = 3 [pid 1261] close(4 [pid 1263] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1265] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1263] <... mmap resumed>) = 0x7f895cf98000 [pid 1265] <... write resumed>) = 524288 [pid 1265] munmap(0x7f895cf98000, 138412032 [pid 1262] <... ioctl resumed>) = 0 [pid 1265] <... munmap resumed>) = 0 [pid 1265] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 1265] ioctl(4, LOOP_SET_FD, 3 [pid 1262] close(3) = 0 [pid 1262] close(4 [pid 1261] <... close resumed>) = 0 [pid 1261] mkdir("./file1", 0777 [pid 1265] <... ioctl resumed>) = 0 [pid 1265] close(3) = 0 [pid 1265] close(4 [pid 1261] <... mkdir resumed>) = 0 [pid 1263] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1261] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1264] <... openat resumed>) = 4 [pid 1264] ioctl(4, LOOP_SET_FD, 3 [pid 1263] <... write resumed>) = 524288 [pid 1263] munmap(0x7f895cf98000, 138412032) = 0 [pid 1263] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1265] <... close resumed>) = 0 [pid 1262] <... close resumed>) = 0 [pid 1262] mkdir("./file1", 0777) = 0 [pid 1265] mkdir("./file1", 0777 [pid 1262] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1265] <... mkdir resumed>) = 0 [pid 1265] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1264] <... ioctl resumed>) = 0 [pid 1264] close(3) = 0 [ 49.349729][ T1262] EXT4-fs (loop0): Ignoring removed nobh option [ 49.357937][ T1261] EXT4-fs (loop4): Ignoring removed nobh option [ 49.359946][ T1262] EXT4-fs (loop0): Ignoring removed bh option [ 49.366322][ T1261] EXT4-fs (loop4): Ignoring removed bh option [ 49.371082][ T1265] EXT4-fs (loop3): Ignoring removed nobh option [ 49.376718][ T1261] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1264] close(4) = 0 [pid 1261] <... mount resumed>) = 0 [pid 1264] mkdir("./file1", 0777) = 0 [pid 1264] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1261] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1261] chdir("./file1") = 0 [pid 1261] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1263] <... openat resumed>) = 4 [pid 1263] ioctl(4, LOOP_SET_FD, 3 [pid 1262] <... mount resumed>) = 0 [pid 1262] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1262] chdir("./file1") = 0 [pid 1262] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1265] <... mount resumed>) = 0 [pid 1265] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1265] chdir("./file1") = 0 [pid 1265] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1261] <... openat resumed>) = 4 [pid 1261] ioctl(4, LOOP_CLR_FD) = 0 [pid 1261] close(4) = 0 [pid 1261] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1256] <... futex resumed>) = 0 [pid 1261] openat(AT_FDCWD, "./file1", O_RDWR [pid 1256] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1256] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1261] <... openat resumed>) = 4 [pid 1261] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1256] <... futex resumed>) = 0 [ 49.382708][ T1265] EXT4-fs (loop3): Ignoring removed bh option [ 49.400879][ T1262] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 49.401020][ T1265] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1261] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1256] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1263] <... ioctl resumed>) = 0 [pid 1261] <... pwrite64 resumed>) = 87490 [pid 1256] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1262] <... openat resumed>) = 4 [pid 1263] close(3 [pid 1262] ioctl(4, LOOP_CLR_FD [pid 1261] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1263] <... close resumed>) = 0 [pid 1262] <... ioctl resumed>) = 0 [pid 1263] close(4 [pid 1262] close(4) = 0 [pid 1263] <... close resumed>) = 0 [pid 1262] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1263] mkdir("./file1", 0777 [pid 1262] <... futex resumed>) = 1 [pid 1257] <... futex resumed>) = 0 [pid 1263] <... mkdir resumed>) = 0 [pid 1262] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1261] <... futex resumed>) = 1 [pid 1257] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1256] <... futex resumed>) = 0 [pid 1263] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1257] <... futex resumed>) = 0 [pid 1256] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1262] openat(AT_FDCWD, "./file1", O_RDWR [pid 1257] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1256] <... futex resumed>) = 0 [pid 1262] <... openat resumed>) = 4 [pid 1261] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1256] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1265] <... openat resumed>) = 4 [pid 1262] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1265] ioctl(4, LOOP_CLR_FD [pid 1262] <... futex resumed>) = 1 [pid 1257] <... futex resumed>) = 0 [pid 1265] <... ioctl resumed>) = 0 [pid 1262] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1257] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1265] close(4 [pid 1262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1257] <... futex resumed>) = 0 [pid 1265] <... close resumed>) = 0 [pid 1262] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1257] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1265] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1262] <... pwrite64 resumed>) = 87490 [pid 1265] <... futex resumed>) = 1 [pid 1259] <... futex resumed>) = 0 [pid 1265] openat(AT_FDCWD, "./file1", O_RDWR [pid 1259] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1265] <... openat resumed>) = 4 [pid 1262] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1259] <... futex resumed>) = 0 [pid 1265] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1262] <... futex resumed>) = 1 [pid 1259] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1257] <... futex resumed>) = 0 [pid 1265] <... futex resumed>) = 0 [pid 1262] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1259] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1257] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1265] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1259] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1257] <... futex resumed>) = 0 [pid 1262] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1259] <... futex resumed>) = 0 [pid 1257] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1262] <... openat resumed>) = 5 [pid 1259] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1262] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1261] <... openat resumed>) = 5 [pid 1265] <... pwrite64 resumed>) = 87490 [pid 1262] <... futex resumed>) = 1 [pid 1261] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1257] <... futex resumed>) = 0 [pid 1262] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1261] <... futex resumed>) = 1 [pid 1257] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1256] <... futex resumed>) = 0 [pid 1262] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1261] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1257] <... futex resumed>) = 0 [pid 1256] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1262] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1261] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1257] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1256] <... futex resumed>) = 0 [pid 1261] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [ 49.465251][ T1264] EXT4-fs (loop2): Ignoring removed nobh option [ 49.491466][ T1264] EXT4-fs (loop2): Ignoring removed bh option [ 49.491506][ T1263] EXT4-fs (loop1): Ignoring removed nobh option [pid 1256] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1265] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1259] <... futex resumed>) = 0 [pid 1259] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1259] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1265] <... futex resumed>) = 1 [pid 1265] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1265] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1259] <... futex resumed>) = 0 [pid 1259] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1259] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1265] <... futex resumed>) = 1 [pid 1265] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1261] <... pwrite64 resumed>) = 176128 [pid 1257] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1256] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1257] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1256] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1257] <... futex resumed>) = 0 [pid 1256] <... futex resumed>) = 0 [pid 1257] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1257] <... mmap resumed>) = 0x7f8965377000 [pid 1256] <... mmap resumed>) = 0x7f8965377000 [pid 1257] mprotect(0x7f8965378000, 131072, PROT_READ|PROT_WRITE [pid 1256] mprotect(0x7f8965378000, 131072, PROT_READ|PROT_WRITE [pid 1257] <... mprotect resumed>) = 0 [pid 1256] <... mprotect resumed>) = 0 [pid 1257] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1256] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1257] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1256] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1257] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8965397990, parent_tid=0x7f8965397990, exit_signal=0, stack=0x7f8965377000, stack_size=0x20300, tls=0x7f89653976c0} [pid 1256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8965397990, parent_tid=0x7f8965397990, exit_signal=0, stack=0x7f8965377000, stack_size=0x20300, tls=0x7f89653976c0} [pid 1257] <... clone3 resumed> => {parent_tid=[1277]}, 88) = 1277 [pid 1256] <... clone3 resumed> => {parent_tid=[1278]}, 88) = 1278 [pid 1257] rt_sigprocmask(SIG_SETMASK, [], [pid 1256] rt_sigprocmask(SIG_SETMASK, [], [pid 1257] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1256] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1257] futex(0x7f89654836d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1256] futex(0x7f89654836d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1257] <... futex resumed>) = 0 [pid 1256] <... futex resumed>) = 0 [pid 1257] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1256] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1278 attached [pid 1278] set_robust_list(0x7f89653979a0, 24) = 0 [pid 1278] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1278] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [ 49.498158][ T1264] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 49.508779][ T1262] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 49.520225][ T1261] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 49.537703][ T1265] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 49.545473][ T1263] EXT4-fs (loop1): Ignoring removed bh option [pid 1261] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1277 attached [pid 1265] <... pwrite64 resumed>) = 176128 [pid 1262] <... pwrite64 resumed>) = 176128 [pid 1261] <... futex resumed>) = 0 [pid 1262] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1261] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1262] <... futex resumed>) = 0 [pid 1262] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1265] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1277] set_robust_list(0x7f89653979a0, 24 [pid 1265] <... futex resumed>) = 1 [pid 1277] <... set_robust_list resumed>) = 0 [pid 1265] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1277] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1277] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1259] <... futex resumed>) = 0 [pid 1259] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1259] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1264] <... mount resumed>) = 0 [pid 1264] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1264] chdir("./file1") = 0 [pid 1264] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 1264] ioctl(4, LOOP_CLR_FD) = 0 [pid 1264] close(4) = 0 [pid 1264] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1260] <... futex resumed>) = 0 [pid 1264] openat(AT_FDCWD, "./file1", O_RDWR [pid 1260] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1264] <... openat resumed>) = 4 [pid 1260] <... futex resumed>) = 0 [pid 1264] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1260] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1264] <... futex resumed>) = 0 [pid 1260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1264] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1260] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1278] <... pwrite64 resumed>) = 176128 [pid 1277] <... pwrite64 resumed>) = 176128 [pid 1265] <... futex resumed>) = 0 [pid 1260] <... futex resumed>) = 0 [pid 1278] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1265] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1278] <... futex resumed>) = 1 [pid 1256] <... futex resumed>) = 0 [pid 1260] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1264] <... pwrite64 resumed>) = 87490 [pid 1264] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1260] <... futex resumed>) = 0 [pid 1260] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1260] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1264] <... futex resumed>) = 1 [pid 1264] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1264] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1260] <... futex resumed>) = 0 [pid 1260] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1260] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1264] <... futex resumed>) = 1 [pid 1264] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1257] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1257] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 1257] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 1257] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 1257] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 1257] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 1257] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 49.565842][ T1263] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 49.566655][ T1278] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 49.580106][ T1277] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1257] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1278] futex(0x7f89654836d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1277] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1265] <... pwrite64 resumed>) = 176128 [pid 1262] <... futex resumed>) = 0 [pid 1256] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1277] <... futex resumed>) = 0 [pid 1262] truncate("./file1", 1 [pid 1261] <... futex resumed>) = 0 [pid 1256] <... futex resumed>) = 1 [pid 1277] futex(0x7f89654836d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1262] <... truncate resumed>) = 0 [pid 1261] truncate("./file1", 1 [pid 1256] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1261] <... truncate resumed>) = 0 [pid 1261] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1256] <... futex resumed>) = 0 [pid 1256] exit_group(0 [pid 1278] <... futex resumed>) = ? [pid 1256] <... exit_group resumed>) = ? [pid 1278] +++ exited with 0 +++ [pid 1261] <... futex resumed>) = ? [pid 1261] +++ exited with 0 +++ [pid 1256] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1256, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 1262] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1262] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1265] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1265] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1257] <... futex resumed>) = 0 [pid 1257] exit_group(0 [pid 1277] <... futex resumed>) = ? [pid 1257] <... exit_group resumed>) = ? [pid 1277] +++ exited with 0 +++ [pid 1262] <... futex resumed>) = ? [pid 1262] +++ exited with 0 +++ [pid 1257] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1257, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 1259] <... futex resumed>) = 0 [pid 283] restart_syscall(<... resuming interrupted clone ...> [pid 1263] <... mount resumed>) = 0 [pid 1259] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1264] <... pwrite64 resumed>) = 176128 [pid 1263] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1263] chdir("./file1") = 0 [pid 1263] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1263] ioctl(4, LOOP_CLR_FD) = 0 [pid 1263] close(4 [pid 1264] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1263] <... close resumed>) = 0 [pid 1259] <... futex resumed>) = 1 [pid 1259] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1260] <... futex resumed>) = 0 [pid 1260] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1260] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1264] <... futex resumed>) = 1 [pid 1264] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1265] <... futex resumed>) = 0 [pid 1263] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... restart_syscall resumed>) = 0 [pid 283] <... restart_syscall resumed>) = 0 [pid 1265] truncate("./file1", 1) = 0 [pid 287] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 283] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] <... openat resumed>) = 3 [pid 283] <... openat resumed>) = 3 [pid 287] newfstatat(3, "", [pid 283] newfstatat(3, "", [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, [pid 283] getdents64(3, [pid 287] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 1263] <... futex resumed>) = 1 [pid 1258] <... futex resumed>) = 0 [pid 287] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1263] openat(AT_FDCWD, "./file1", O_RDWR [pid 1258] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1258] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1265] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1265] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1263] <... openat resumed>) = 4 [pid 1263] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1258] <... futex resumed>) = 0 [pid 1263] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1258] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1263] <... pwrite64 resumed>) = 87490 [pid 1258] <... futex resumed>) = 0 [pid 1258] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1263] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1258] <... futex resumed>) = 0 [pid 1258] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1258] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1264] <... pwrite64 resumed>) = 176128 [pid 1263] <... futex resumed>) = 1 [pid 1259] <... futex resumed>) = 0 [pid 1263] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1259] exit_group(0 [pid 1263] <... openat resumed>) = 5 [pid 1259] <... exit_group resumed>) = ? [pid 1263] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1258] <... futex resumed>) = 0 [pid 1263] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1258] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1265] <... futex resumed>) = ? [pid 1258] <... futex resumed>) = 0 [pid 1265] +++ exited with 0 +++ [pid 1264] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1259] +++ exited with 0 +++ [pid 1258] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1264] <... futex resumed>) = 1 [pid 1260] <... futex resumed>) = 0 [pid 1260] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1260] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1264] truncate("./file1", 1 [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1259, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- [pid 286] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 286] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1264] <... truncate resumed>) = 0 [ 49.608258][ T1265] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 49.618152][ T1264] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 49.640667][ T1264] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1264] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1264] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1260] <... futex resumed>) = 0 [pid 1260] exit_group(0) = ? [pid 1264] <... futex resumed>) = ? [pid 1264] +++ exited with 0 +++ [pid 1260] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1260, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 285] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 285] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1263] <... pwrite64 resumed>) = 176128 [pid 1263] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1258] <... futex resumed>) = 0 [pid 1258] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1258] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1263] <... futex resumed>) = 1 [pid 1263] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./37/file1") = 0 [pid 287] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./37/binderfs") = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./37") = 0 [pid 287] mkdir("./38", 0777 [pid 1263] <... pwrite64 resumed>) = 176128 [pid 1263] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... mkdir resumed>) = 0 [pid 1263] <... futex resumed>) = 1 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1258] <... futex resumed>) = 0 [pid 1258] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1258] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1263] truncate("./file1", 1) = 0 [pid 1263] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1263] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1258] <... futex resumed>) = 0 [pid 1258] exit_group(0) = ? [pid 1263] <... futex resumed>) = ? [pid 1263] +++ exited with 0 +++ [pid 1258] +++ exited with 0 +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1258, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 284] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 284] umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 49.665548][ T1263] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 49.682154][ T1263] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 284] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 [pid 283] <... umount2 resumed>) = 0 [pid 284] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 284] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] close(4) = 0 [pid 284] rmdir("./37/file1" [pid 286] <... umount2 resumed>) = 0 [pid 284] <... rmdir resumed>) = 0 [pid 284] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] unlink("./37/binderfs") = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] close(3) = 0 [pid 284] rmdir("./37") = 0 [pid 284] mkdir("./38", 0777) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 284] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 284] close(3) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1283 ./strace-static-x86_64: Process 1283 attached [pid 1283] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1283] chdir("./38") = 0 [pid 1283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1283] setpgid(0, 0) = 0 [pid 1283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1283] write(3, "1000", 4) = 4 [pid 1283] close(3) = 0 [pid 1283] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1283] write(1, "executing program\n", 18) = 18 [pid 1283] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1283] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1283] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1283] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1284]}, 88) = 1284 [pid 1283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1283] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1283] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1284 attached [pid 1284] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1284] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1284] memfd_create("syzkaller", 0) = 3 [pid 1284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 286] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./38/file1", [pid 283] newfstatat(AT_FDCWD, "./37/file1", [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 283] openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 286] newfstatat(4, "", [pid 283] <... openat resumed>) = 4 [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] newfstatat(4, "", [pid 286] getdents64(4, [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, [pid 286] getdents64(4, [pid 283] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 286] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] getdents64(4, [pid 286] close(4 [pid 283] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] <... close resumed>) = 0 [pid 283] close(4 [pid 286] rmdir("./38/file1" [pid 283] <... close resumed>) = 0 [pid 286] <... rmdir resumed>) = 0 [pid 283] rmdir("./37/file1" [pid 286] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] <... rmdir resumed>) = 0 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] newfstatat(AT_FDCWD, "./38/binderfs", [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] newfstatat(AT_FDCWD, "./37/binderfs", [pid 286] unlink("./38/binderfs" [pid 283] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] <... unlink resumed>) = 0 [pid 283] unlink("./37/binderfs") = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] getdents64(3, [pid 1284] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 286] close(3 [pid 283] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] <... close resumed>) = 0 [pid 283] close(3 [pid 286] rmdir("./38" [pid 283] <... close resumed>) = 0 [pid 286] <... rmdir resumed>) = 0 [pid 283] rmdir("./37" [pid 286] mkdir("./39", 0777 [pid 283] <... rmdir resumed>) = 0 [pid 286] <... mkdir resumed>) = 0 [pid 283] mkdir("./38", 0777) = 0 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1284] <... write resumed>) = 524288 [pid 1284] munmap(0x7f895cf98000, 138412032) = 0 [pid 1284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 287] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 286] <... openat resumed>) = 3 [pid 283] <... openat resumed>) = 3 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1285 [pid 285] <... umount2 resumed>) = 0 [pid 1284] <... openat resumed>) = 4 [pid 1284] ioctl(4, LOOP_SET_FD, 3 [pid 285] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 286] ioctl(3, LOOP_CLR_FD [pid 283] ioctl(3, LOOP_CLR_FD [pid 285] <... openat resumed>) = 4 [pid 285] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] close(4) = 0 [pid 285] rmdir("./37/file1") = 0 [pid 285] umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] unlink("./37/binderfs") = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] close(3) = 0 [pid 285] rmdir("./37"./strace-static-x86_64: Process 1285 attached [pid 1285] set_robust_list(0x55557fe8a6a0, 24 [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 283] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 283] close(3 [pid 286] close(3 [pid 283] <... close resumed>) = 0 [pid 286] <... close resumed>) = 0 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1285] <... set_robust_list resumed>) = 0 [pid 1285] chdir("./38" [pid 286] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1288 [pid 1285] <... chdir resumed>) = 0 [pid 283] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1287 [pid 1285] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1285] setpgid(0, 0 [pid 1284] <... ioctl resumed>) = 0 [pid 1284] close(3) = 0 [pid 1284] close(4) = 0 [pid 1284] mkdir("./file1", 0777) = 0 [pid 1285] <... setpgid resumed>) = 0 [pid 1284] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1285] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 285] <... rmdir resumed>) = 0 [pid 1285] write(3, "1000", 4) = 4 [pid 285] mkdir("./38", 0777 [pid 1285] close(3./strace-static-x86_64: Process 1288 attached ./strace-static-x86_64: Process 1287 attached ) = 0 [pid 285] <... mkdir resumed>) = 0 [pid 1285] symlink("/dev/binderfs", "./binderfs") = 0 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1287] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1288] set_robust_list(0x55557fe8a6a0, 24 [pid 1285] write(1, "executing program\n", 18executing program ) = 18 [pid 1285] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1287] chdir("./38" [pid 1285] <... futex resumed>) = 0 [pid 1288] <... set_robust_list resumed>) = 0 [pid 1287] <... chdir resumed>) = 0 [pid 1285] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1287] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1288] chdir("./39" [pid 1285] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1285] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1287] <... prctl resumed>) = 0 [pid 1285] <... mmap resumed>) = 0x7f8965398000 [pid 1287] setpgid(0, 0 [pid 1285] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1287] <... setpgid resumed>) = 0 [pid 1285] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1285] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1285] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1289]}, 88) = 1289 [pid 1285] rt_sigprocmask(SIG_SETMASK, [], [pid 1287] <... openat resumed>) = 3 ./strace-static-x86_64: Process 1289 attached [pid 1288] <... chdir resumed>) = 0 [pid 1285] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1287] write(3, "1000", 4 [pid 1285] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1287] <... write resumed>) = 4 [pid 1285] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1287] close(3 [pid 1288] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1287] <... close resumed>) = 0 [pid 1289] set_robust_list(0x7f89653b89a0, 24 [pid 1287] symlink("/dev/binderfs", "./binderfs" [pid 1289] <... set_robust_list resumed>) = 0 [pid 1288] <... prctl resumed>) = 0 [pid 1287] <... symlink resumed>) = 0 [pid 1288] setpgid(0, 0) = 0 executing program [pid 1289] rt_sigprocmask(SIG_SETMASK, [], [pid 1287] write(1, "executing program\n", 18) = 18 [pid 1288] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1287] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1287] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1287] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1287] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1287] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1287] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1290]}, 88) = 1290 [pid 1287] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1287] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1287] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1289] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1289] memfd_create("syzkaller", 0) = 3 [pid 1289] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 ./strace-static-x86_64: Process 1290 attached [pid 1288] <... openat resumed>) = 3 [pid 1288] write(3, "1000", 4 [pid 1290] set_robust_list(0x7f89653b89a0, 24 [pid 1288] <... write resumed>) = 4 [pid 1290] <... set_robust_list resumed>) = 0 [pid 1288] close(3 [pid 1290] rt_sigprocmask(SIG_SETMASK, [], [pid 1288] <... close resumed>) = 0 [pid 1290] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1288] symlink("/dev/binderfs", "./binderfs" [pid 1290] memfd_create("syzkaller", 0executing program [pid 1288] <... symlink resumed>) = 0 [pid 1288] write(1, "executing program\n", 18 [pid 1290] <... memfd_create resumed>) = 3 [pid 1288] <... write resumed>) = 18 [pid 1290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1288] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1290] <... mmap resumed>) = 0x7f895cf98000 [pid 1288] <... futex resumed>) = 0 [pid 1288] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1288] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1288] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1288] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1288] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1291]}, 88) = 1291 [pid 1288] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1288] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1289] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1288] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1291 attached [pid 1288] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1290] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1289] <... write resumed>) = 524288 [pid 1291] set_robust_list(0x7f89653b89a0, 24 [pid 1289] munmap(0x7f895cf98000, 138412032 [pid 1291] <... set_robust_list resumed>) = 0 [pid 1289] <... munmap resumed>) = 0 [pid 1291] rt_sigprocmask(SIG_SETMASK, [], [pid 1289] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1291] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1291] memfd_create("syzkaller", 0 [pid 1290] <... write resumed>) = 524288 [pid 1291] <... memfd_create resumed>) = 3 [pid 1290] munmap(0x7f895cf98000, 138412032) = 0 [pid 1290] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1291] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1291] munmap(0x7f895cf98000, 138412032) = 0 [pid 1291] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 285] <... openat resumed>) = 3 [pid 285] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 285] close(3) = 0 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1292 [pid 1291] <... openat resumed>) = 4 [pid 1291] ioctl(4, LOOP_SET_FD, 3executing program ./strace-static-x86_64: Process 1292 attached [pid 1292] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1292] chdir("./38") = 0 [pid 1292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1292] setpgid(0, 0) = 0 [pid 1292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1292] write(3, "1000", 4) = 4 [pid 1292] close(3) = 0 [pid 1292] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1292] write(1, "executing program\n", 18) = 18 [pid 1292] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1292] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1292] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1292] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1292] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1292] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1294]}, 88) = 1294 [pid 1292] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1292] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1292] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1294 attached [pid 1294] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1294] memfd_create("syzkaller", 0) = 3 [pid 1294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1294] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1294] munmap(0x7f895cf98000, 138412032) = 0 [pid 1294] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1291] <... ioctl resumed>) = 0 [pid 1291] close(3) = 0 [pid 1291] close(4 [pid 1289] <... openat resumed>) = 4 [pid 1289] ioctl(4, LOOP_SET_FD, 3 [pid 1290] <... openat resumed>) = 4 [pid 1289] <... ioctl resumed>) = 0 [pid 1294] <... openat resumed>) = 4 [pid 1290] ioctl(4, LOOP_SET_FD, 3 [pid 1289] close(3 [pid 1294] ioctl(4, LOOP_SET_FD, 3 [pid 1289] <... close resumed>) = 0 [pid 1289] close(4 [pid 1291] <... close resumed>) = 0 [pid 1291] mkdir("./file1", 0777 [pid 1294] <... ioctl resumed>) = 0 [pid 1291] <... mkdir resumed>) = 0 [pid 1291] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1294] close(3) = 0 [pid 1294] close(4 [pid 1290] <... ioctl resumed>) = 0 [pid 1290] close(3) = 0 [pid 1290] close(4 [pid 1284] <... mount resumed>) = 0 [pid 1284] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1284] chdir("./file1") = 0 [pid 1284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1294] <... close resumed>) = 0 [pid 1294] mkdir("./file1", 0777) = 0 [ 49.996961][ T1284] EXT4-fs (loop1): Ignoring removed nobh option [ 50.003287][ T1284] EXT4-fs (loop1): Ignoring removed bh option [ 50.010226][ T1284] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1294] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1289] <... close resumed>) = 0 [pid 1289] mkdir("./file1", 0777) = 0 [pid 1289] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1290] <... close resumed>) = 0 [pid 1284] <... openat resumed>) = 4 [pid 1290] mkdir("./file1", 0777) = 0 [pid 1290] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [ 50.088836][ T1289] EXT4-fs (loop4): Ignoring removed nobh option [ 50.095989][ T1289] EXT4-fs (loop4): Ignoring removed bh option [ 50.097445][ T1291] EXT4-fs (loop3): Ignoring removed nobh option [ 50.102339][ T1289] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 50.108636][ T1291] EXT4-fs (loop3): Ignoring removed bh option [ 50.128640][ T1290] EXT4-fs (loop0): Ignoring removed nobh option [pid 1284] ioctl(4, LOOP_CLR_FD) = 0 [pid 1284] close(4) = 0 [pid 1284] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1283] <... futex resumed>) = 0 [pid 1284] openat(AT_FDCWD, "./file1", O_RDWR [pid 1283] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1284] <... openat resumed>) = 4 [pid 1283] <... futex resumed>) = 0 [pid 1284] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1283] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1284] <... futex resumed>) = 0 [pid 1283] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1284] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1283] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1284] <... pwrite64 resumed>) = 87490 [pid 1283] <... futex resumed>) = 0 [pid 1283] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1284] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1283] <... futex resumed>) = 0 [pid 1283] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1283] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1284] <... futex resumed>) = 1 [pid 1284] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1284] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1283] <... futex resumed>) = 0 [pid 1283] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1283] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1284] <... futex resumed>) = 1 [ 50.133725][ T1294] EXT4-fs (loop2): Ignoring removed nobh option [ 50.135878][ T1290] EXT4-fs (loop0): Ignoring removed bh option [ 50.147663][ T1290] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 50.154905][ T1284] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 50.160531][ T1291] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1284] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1283] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1283] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 1283] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965377000 [pid 1283] mprotect(0x7f8965378000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8965397990, parent_tid=0x7f8965397990, exit_signal=0, stack=0x7f8965377000, stack_size=0x20300, tls=0x7f89653976c0} => {parent_tid=[1303]}, 88) = 1303 [pid 1283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1283] futex(0x7f89654836d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1283] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1291] <... mount resumed>) = 0 [pid 1291] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1291] chdir("./file1") = 0 [pid 1291] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 1291] ioctl(4, LOOP_CLR_FD) = 0 [pid 1291] close(4) = 0 [pid 1291] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1288] <... futex resumed>) = 0 [pid 1288] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1288] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1291] <... futex resumed>) = 1 [pid 1291] openat(AT_FDCWD, "./file1", O_RDWR) = 4 [pid 1291] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1288] <... futex resumed>) = 0 [pid 1288] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1288] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1291] <... futex resumed>) = 1 [pid 1291] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900) = 87490 [pid 1291] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1288] <... futex resumed>) = 0 [pid 1288] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1288] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1291] <... futex resumed>) = 1 [pid 1291] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1291] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1288] <... futex resumed>) = 0 [pid 1288] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1288] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1291] <... futex resumed>) = 1 [pid 1291] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1290] <... mount resumed>) = 0 [pid 1289] <... mount resumed>) = 0 [pid 1289] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1290] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 1303 attached ) = 3 [pid 1289] <... openat resumed>) = 3 [pid 1303] set_robust_list(0x7f89653979a0, 24 [pid 1290] chdir("./file1" [pid 1289] chdir("./file1" [pid 1303] <... set_robust_list resumed>) = 0 [pid 1290] <... chdir resumed>) = 0 [pid 1289] <... chdir resumed>) = 0 [pid 1303] rt_sigprocmask(SIG_SETMASK, [], [pid 1290] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1289] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1290] <... openat resumed>) = 4 [pid 1289] <... openat resumed>) = 4 [pid 1303] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1290] ioctl(4, LOOP_CLR_FD [pid 1289] ioctl(4, LOOP_CLR_FD [pid 1290] <... ioctl resumed>) = 0 [pid 1289] <... ioctl resumed>) = 0 [pid 1290] close(4 [pid 1289] close(4 [pid 1291] <... pwrite64 resumed>) = 176128 [pid 1290] <... close resumed>) = 0 [pid 1289] <... close resumed>) = 0 [pid 1289] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1290] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1289] <... futex resumed>) = 1 [pid 1285] <... futex resumed>) = 0 [pid 1289] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1290] <... futex resumed>) = 1 [pid 1287] <... futex resumed>) = 0 [pid 1285] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1290] openat(AT_FDCWD, "./file1", O_RDWR [pid 1289] <... futex resumed>) = 0 [pid 1287] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1285] <... futex resumed>) = 1 [pid 1289] openat(AT_FDCWD, "./file1", O_RDWR [pid 1290] <... openat resumed>) = 4 [pid 1289] <... openat resumed>) = 4 [pid 1287] <... futex resumed>) = 0 [pid 1285] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1289] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1290] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1289] <... futex resumed>) = 0 [pid 1287] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1285] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1289] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1290] <... futex resumed>) = 0 [pid 1287] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1285] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1290] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1289] <... futex resumed>) = 0 [pid 1287] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1285] <... futex resumed>) = 1 [pid 1289] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1290] <... pwrite64 resumed>) = 87490 [pid 1289] <... pwrite64 resumed>) = 87490 [pid 1287] <... futex resumed>) = 0 [pid 1285] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1287] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1290] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1287] <... futex resumed>) = 0 [pid 1287] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1287] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1290] <... futex resumed>) = 1 [pid 1290] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1290] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1287] <... futex resumed>) = 0 [pid 1287] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1287] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1284] <... pwrite64 resumed>) = 176128 [pid 1284] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1284] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1289] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1285] <... futex resumed>) = 0 [pid 1285] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1285] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1289] <... futex resumed>) = 1 [ 50.191826][ T1294] EXT4-fs (loop2): Ignoring removed bh option [ 50.204228][ T1294] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 50.221483][ T1291] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1289] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1289] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1285] <... futex resumed>) = 0 [pid 1285] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1285] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1289] <... futex resumed>) = 1 [pid 1289] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1283] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1283] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1283] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1284] <... futex resumed>) = 0 [pid 1290] <... futex resumed>) = 1 [pid 1291] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1290] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1284] truncate("./file1", 1 [pid 1291] <... futex resumed>) = 1 [pid 1288] <... futex resumed>) = 0 [pid 1288] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1288] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1289] <... pwrite64 resumed>) = 176128 [pid 1289] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1285] <... futex resumed>) = 0 [pid 1289] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [ 50.246204][ T1303] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 50.261541][ T1289] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 50.272281][ T1290] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1285] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1303] <... pwrite64 resumed>) = 176128 [pid 1294] <... mount resumed>) = 0 [pid 1291] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1285] <... futex resumed>) = 0 [pid 1303] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1294] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1289] <... pwrite64 resumed>) = 176128 [pid 1287] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1285] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1284] <... truncate resumed>) = 0 [pid 1283] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1287] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1284] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1283] exit_group(0 [pid 1287] <... futex resumed>) = 0 [pid 1284] <... futex resumed>) = ? [pid 1283] <... exit_group resumed>) = ? [pid 1287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1284] +++ exited with 0 +++ [pid 1287] <... mmap resumed>) = 0x7f8965377000 [pid 1287] mprotect(0x7f8965378000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1287] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1287] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8965397990, parent_tid=0x7f8965397990, exit_signal=0, stack=0x7f8965377000, stack_size=0x20300, tls=0x7f89653976c0} => {parent_tid=[1309]}, 88) = 1309 [pid 1287] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1287] futex(0x7f89654836d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1287] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1289] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1285] <... futex resumed>) = 0 [pid 1285] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1285] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1289] <... futex resumed>) = 1 [pid 1289] truncate("./file1", 1) = 0 [pid 1289] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1285] <... futex resumed>) = 0 [pid 1285] exit_group(0) = ? [pid 1289] <... futex resumed>) = ? [pid 1289] +++ exited with 0 +++ [pid 1285] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1285, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 1290] <... pwrite64 resumed>) = 176128 [pid 1290] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1290] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1303] <... futex resumed>) = ? [pid 1303] +++ exited with 0 +++ [pid 1283] +++ exited with 0 +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1283, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 284] restart_syscall(<... resuming interrupted clone ...> [pid 1294] <... openat resumed>) = 3 [pid 1294] chdir("./file1") = 0 [pid 1294] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 1294] ioctl(4, LOOP_CLR_FD) = 0 [pid 1294] close(4) = 0 [pid 1294] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1294] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1309 attached [pid 1309] set_robust_list(0x7f89653979a0, 24) = 0 [pid 1309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1309] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1292] <... futex resumed>) = 0 [pid 287] <... restart_syscall resumed>) = 0 [pid 284] <... restart_syscall resumed>) = 0 [pid 1292] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1294] <... futex resumed>) = 0 [pid 1292] <... futex resumed>) = 1 [pid 1294] openat(AT_FDCWD, "./file1", O_RDWR [pid 1292] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1294] <... openat resumed>) = 4 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1294] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 284] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1294] <... futex resumed>) = 1 [pid 1292] <... futex resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 284] <... openat resumed>) = 3 [pid 1294] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1292] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] newfstatat(3, "", [pid 284] newfstatat(3, "", [pid 1294] <... pwrite64 resumed>) = 87490 [pid 1292] <... futex resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1292] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] getdents64(3, [pid 284] getdents64(3, [pid 287] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1294] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1292] <... futex resumed>) = 0 [pid 1292] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1292] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1294] <... futex resumed>) = 1 [pid 1294] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1294] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1292] <... futex resumed>) = 0 [pid 1292] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1292] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1294] <... futex resumed>) = 1 [pid 1294] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1309] <... pwrite64 resumed>) = 176128 [pid 1288] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1309] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1288] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1309] <... futex resumed>) = 1 [pid 1287] <... futex resumed>) = 0 [pid 1309] futex(0x7f89654836d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1288] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1287] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1291] <... pwrite64 resumed>) = 176128 [pid 1288] <... mmap resumed>) = 0x7f8965377000 [pid 1290] <... futex resumed>) = 0 [pid 1287] <... futex resumed>) = 1 [pid 1288] mprotect(0x7f8965378000, 131072, PROT_READ|PROT_WRITE [pid 1291] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1291] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1290] truncate("./file1", 1 [pid 1287] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1288] <... mprotect resumed>) = 0 [pid 1288] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1290] <... truncate resumed>) = 0 [pid 1288] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1288] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8965397990, parent_tid=0x7f8965397990, exit_signal=0, stack=0x7f8965377000, stack_size=0x20300, tls=0x7f89653976c0} => {parent_tid=[1310]}, 88) = 1310 [pid 1288] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1288] futex(0x7f89654836d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1288] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1290] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1287] <... futex resumed>) = 0 [pid 1287] exit_group(0) = ? [pid 1290] <... futex resumed>) = ? [pid 1290] +++ exited with 0 +++ [pid 1309] <... futex resumed>) = ? [pid 1309] +++ exited with 0 +++ [pid 1287] +++ exited with 0 +++ ./strace-static-x86_64: Process 1310 attached [pid 1310] set_robust_list(0x7f89653979a0, 24) = 0 [pid 1310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 50.278632][ T1289] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 50.292013][ T1291] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 50.318467][ T1309] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1310] truncate("./file1", 1) = 0 [pid 1310] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1288] <... futex resumed>) = 0 [pid 1288] exit_group(0) = ? [pid 1310] <... futex resumed>) = ? [pid 1310] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1287, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 283] restart_syscall(<... resuming interrupted clone ...> [pid 1291] <... futex resumed>) = ? [pid 1291] +++ exited with 0 +++ [pid 1288] +++ exited with 0 +++ [pid 283] <... restart_syscall resumed>) = 0 [pid 283] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1288, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- [pid 286] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 286] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 286] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1294] <... pwrite64 resumed>) = 176128 [pid 1294] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1292] <... futex resumed>) = 0 [pid 1292] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1292] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1294] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 284] <... umount2 resumed>) = 0 [pid 284] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 284] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] close(4) = 0 [pid 284] rmdir("./38/file1") = 0 [pid 284] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] unlink("./38/binderfs") = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] close(3) = 0 [pid 284] rmdir("./38") = 0 [pid 284] mkdir("./39", 0777) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1294] <... pwrite64 resumed>) = 176128 [pid 1294] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1294] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1292] <... futex resumed>) = 0 [pid 1292] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1292] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1294] <... futex resumed>) = 0 [pid 1294] truncate("./file1", 1) = 0 [pid 1294] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1292] <... futex resumed>) = 0 [pid 1292] exit_group(0) = ? [pid 1294] <... futex resumed>) = ? [pid 1294] +++ exited with 0 +++ [pid 1292] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1292, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 285] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 285] umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 50.340381][ T1294] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 50.358625][ T1294] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 285] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./38/file1") = 0 [pid 287] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./38/binderfs") = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./38") = 0 [pid 287] mkdir("./39", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1311 ./strace-static-x86_64: Process 1311 attached [pid 1311] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1311] chdir("./39") = 0 [pid 1311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1311] setpgid(0, 0) = 0 [pid 1311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1311] write(3, "1000", 4) = 4 [pid 1311] close(3) = 0 [pid 1311] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1311] write(1, "executing program\n", 18) = 18 [pid 1311] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1311] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1311] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1311] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1311] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1311] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1312]}, 88) = 1312 [pid 1311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1311] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1311] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1312 attached [pid 1312] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1312] memfd_create("syzkaller", 0) = 3 [pid 1312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 283] <... umount2 resumed>) = 0 [pid 1312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 283] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1312] <... write resumed>) = 524288 [pid 1312] munmap(0x7f895cf98000, 138412032) = 0 [pid 1312] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 286] <... umount2 resumed>) = 0 [pid 1312] <... openat resumed>) = 4 [pid 1312] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1312] close(3) = 0 [pid 1312] close(4 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] newfstatat(4, "", [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] close(4) = 0 [pid 283] rmdir("./38/file1" [pid 286] newfstatat(AT_FDCWD, "./39/file1", [pid 283] <... rmdir resumed>) = 0 [pid 283] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] unlink("./38/binderfs") = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] close(3) = 0 [pid 283] rmdir("./38" [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] <... rmdir resumed>) = 0 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] mkdir("./39", 0777 [pid 286] openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] <... mkdir resumed>) = 0 [pid 286] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] close(4) = 0 [pid 286] rmdir("./39/file1" [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 286] <... rmdir resumed>) = 0 [pid 286] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./39/binderfs") = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] close(3) = 0 [pid 286] rmdir("./39") = 0 [pid 286] mkdir("./40", 0777) = 0 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1312] <... close resumed>) = 0 [pid 284] <... openat resumed>) = 3 [pid 1312] mkdir("./file1", 0777 [pid 284] ioctl(3, LOOP_CLR_FD [pid 1312] <... mkdir resumed>) = 0 [pid 1312] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 286] <... openat resumed>) = 3 [pid 285] <... umount2 resumed>) = 0 [pid 283] <... openat resumed>) = 3 [pid 285] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] ioctl(3, LOOP_CLR_FD [pid 286] ioctl(3, LOOP_CLR_FD [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 285] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] close(4) = 0 [pid 285] rmdir("./38/file1") = 0 [pid 285] umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] unlink("./38/binderfs") = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] close(3) = 0 [pid 285] rmdir("./38") = 0 [pid 285] mkdir("./39", 0777) = 0 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 284] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 284] close(3) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1314 ./strace-static-x86_64: Process 1314 attached [pid 1314] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1314] chdir("./39") = 0 [pid 1314] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program executing program ) = 0 [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 283] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 283] close(3) = 0 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1315 [pid 286] close(3 [pid 285] <... openat resumed>) = 3 [pid 285] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 285] close(3) = 0 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1316 ./strace-static-x86_64: Process 1316 attached [pid 1316] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1316] chdir("./39") = 0 [pid 1316] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1316] setpgid(0, 0) = 0 [pid 1316] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1316] write(3, "1000", 4) = 4 [pid 1316] close(3) = 0 [pid 1316] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1316] write(1, "executing program\n", 18) = 18 [pid 1316] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1316] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1316] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1316] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1316] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1316] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1316] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1317]}, 88) = 1317 [pid 1316] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1316] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1316] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1315 attached [pid 1315] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1315] chdir("./39") = 0 [pid 1315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1315] setpgid(0, 0) = 0 [pid 1315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1315] write(3, "1000", 4) = 4 [pid 1315] close(3) = 0 [pid 1315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1315] write(1, "executing program\n", 18) = 18 [pid 1315] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1315] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1315] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1315] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1315] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1315] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1318]}, 88) = 1318 [pid 1315] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1315] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1315] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1318 attached [pid 1318] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1318] memfd_create("syzkaller", 0) = 3 [pid 1318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 286] <... close resumed>) = 0 [pid 1318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1318] <... write resumed>) = 524288 [pid 1318] munmap(0x7f895cf98000, 138412032) = 0 [pid 1318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1318] ioctl(4, LOOP_SET_FD, 3 [pid 1314] setpgid(0, 0) = 0 [pid 1314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1314] write(3, "1000", 4) = 4 [pid 1314] close(3) = 0 [pid 1314] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1314] write(1, "executing program\n", 18) = 18 [pid 1314] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1314] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1314] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1314] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 286] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1320 [pid 1314] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1314] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1321]}, 88) = 1321 [pid 1314] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1314] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1314] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1321 attached [pid 1321] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1321] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1321] memfd_create("syzkaller", 0) = 3 [pid 1321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1321] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1321] munmap(0x7f895cf98000, 138412032) = 0 [pid 1321] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 1317 attached [pid 1317] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1317] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1317] memfd_create("syzkaller", 0) = 3 [pid 1317] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 ./strace-static-x86_64: Process 1320 attached [pid 1318] <... ioctl resumed>) = 0 [pid 1320] set_robust_list(0x55557fe8a6a0, 24 [pid 1318] close(3) = 0 [pid 1318] close(4 [pid 1317] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1320] <... set_robust_list resumed>) = 0 [pid 1320] chdir("./40") = 0 [pid 1317] <... write resumed>) = 524288 [pid 1317] munmap(0x7f895cf98000, 138412032) = 0 [pid 1317] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1320] setpgid(0, 0) = 0 [pid 1320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1320] write(3, "1000", 4) = 4 [pid 1320] close(3) = 0 [pid 1320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1320] write(1, "executing program\n", 18executing program ) = 18 [pid 1320] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1320] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1320] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1320] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1320] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1320] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1322]}, 88) = 1322 [pid 1320] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1320] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1320] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1322 attached [pid 1322] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1322] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1322] memfd_create("syzkaller", 0) = 3 [pid 1322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1322] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1322] munmap(0x7f895cf98000, 138412032) = 0 [pid 1322] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1318] <... close resumed>) = 0 [pid 1318] mkdir("./file1", 0777) = 0 [pid 1318] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1312] <... mount resumed>) = 0 [pid 1312] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1312] chdir("./file1") = 0 [ 50.683908][ T1312] EXT4-fs (loop4): Ignoring removed nobh option [ 50.699112][ T1312] EXT4-fs (loop4): Ignoring removed bh option [ 50.707383][ T1312] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1312] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1322] <... openat resumed>) = 4 [pid 1321] <... openat resumed>) = 4 [pid 1317] <... openat resumed>) = 4 [pid 1312] <... openat resumed>) = 4 [pid 1312] ioctl(4, LOOP_CLR_FD) = 0 [pid 1312] close(4) = 0 [pid 1312] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1311] <... futex resumed>) = 0 [pid 1311] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1311] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1312] <... futex resumed>) = 1 [pid 1312] openat(AT_FDCWD, "./file1", O_RDWR) = 4 [pid 1312] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1311] <... futex resumed>) = 0 [pid 1322] ioctl(4, LOOP_SET_FD, 3 [pid 1317] ioctl(4, LOOP_SET_FD, 3 [pid 1321] ioctl(4, LOOP_SET_FD, 3 [pid 1311] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1311] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1312] <... futex resumed>) = 1 [pid 1312] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900) = 87490 [pid 1312] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1311] <... futex resumed>) = 0 [pid 1311] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1311] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1312] <... futex resumed>) = 1 [pid 1312] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1312] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1311] <... futex resumed>) = 0 [pid 1311] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1311] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1312] <... futex resumed>) = 1 [pid 1312] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1312] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1311] <... futex resumed>) = 0 [pid 1311] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1311] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1312] <... futex resumed>) = 1 [pid 1312] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1322] <... ioctl resumed>) = 0 [pid 1312] <... pwrite64 resumed>) = 176128 [pid 1312] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1311] <... futex resumed>) = 0 [pid 1311] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1311] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1312] <... futex resumed>) = 1 [pid 1312] truncate("./file1", 1) = 0 [pid 1312] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1311] <... futex resumed>) = 0 [pid 1311] exit_group(0) = ? [pid 1312] <... futex resumed>) = ? [pid 1312] +++ exited with 0 +++ [pid 1311] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1311, si_uid=0, si_status=0, si_utime=1, si_stime=4} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 1322] close(3) = 0 [pid 1322] close(4 [pid 1317] <... ioctl resumed>) = 0 [pid 1317] close(3) = 0 [ 50.765197][ T1318] EXT4-fs (loop0): Ignoring removed nobh option [ 50.773551][ T1312] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 50.774474][ T1318] EXT4-fs (loop0): Ignoring removed bh option [ 50.789725][ T1312] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1317] close(4 [pid 287] <... restart_syscall resumed>) = 0 [pid 287] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1318] <... mount resumed>) = 0 [pid 1318] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1318] chdir("./file1") = 0 [pid 1318] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1317] <... close resumed>) = 0 [pid 1317] mkdir("./file1", 0777) = 0 [ 50.794445][ T1318] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1321] <... ioctl resumed>) = 0 [pid 1317] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1321] close(3) = 0 [pid 1322] <... close resumed>) = 0 [pid 1321] close(4 [pid 1318] <... openat resumed>) = 4 [pid 1322] mkdir("./file1", 0777) = 0 [pid 1322] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1318] ioctl(4, LOOP_CLR_FD [pid 1317] <... mount resumed>) = 0 [pid 1317] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1317] chdir("./file1") = 0 [pid 1317] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./39/file1") = 0 [pid 287] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./39/binderfs") = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./39") = 0 [pid 287] mkdir("./40", 0777) = 0 [ 50.841813][ T1317] EXT4-fs (loop2): Ignoring removed nobh option [ 50.848639][ T1317] EXT4-fs (loop2): Ignoring removed bh option [ 50.855281][ T1317] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1321] <... close resumed>) = 0 [pid 1318] <... ioctl resumed>) = 0 [pid 1321] mkdir("./file1", 0777 [pid 1318] close(4 [pid 287] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1332 [pid 1321] <... mkdir resumed>) = 0 [pid 1318] <... close resumed>) = 0 [pid 1318] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1321] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1318] <... futex resumed>) = 1 [pid 1315] <... futex resumed>) = 0 [pid 1315] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1318] openat(AT_FDCWD, "./file1", O_RDWR [pid 1315] <... futex resumed>) = 0 [pid 1315] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1318] <... openat resumed>) = 4 ./strace-static-x86_64: Process 1332 attached [pid 1332] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1332] chdir("./40") = 0 [pid 1332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1332] setpgid(0, 0) = 0 [pid 1332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1332] write(3, "1000", 4) = 4 [pid 1318] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1315] <... futex resumed>) = 0 [pid 1332] close(3 [pid 1318] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1315] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1318] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1315] <... futex resumed>) = 0 [pid 1315] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1318] <... pwrite64 resumed>) = 87490 [pid 1332] <... close resumed>) = 0 [pid 1318] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1315] <... futex resumed>) = 0 [pid 1318] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1315] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1318] <... openat resumed>) = 5 [pid 1315] <... futex resumed>) = 0 [pid 1318] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1315] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1318] <... futex resumed>) = 0 [pid 1315] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1315] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1318] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1315] <... futex resumed>) = 0 [pid 1315] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1317] <... openat resumed>) = 4 [pid 1317] ioctl(4, LOOP_CLR_FD) = 0 [pid 1317] close(4) = 0 [pid 1317] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1316] <... futex resumed>) = 0 [pid 1316] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1316] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1317] openat(AT_FDCWD, "./file1", O_RDWR) = 4 [pid 1317] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1316] <... futex resumed>) = 0 [pid 1332] symlink("/dev/binderfs", "./binderfs" [pid 1316] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1332] <... symlink resumed>) = 0 [pid 1316] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1332] write(1, "executing program\n", 18 [pid 1317] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900executing program [pid 1332] <... write resumed>) = 18 [pid 1332] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1317] <... pwrite64 resumed>) = 87490 [ 50.923883][ T1322] EXT4-fs (loop3): Ignoring removed nobh option [ 50.935320][ T1321] EXT4-fs (loop1): Ignoring removed nobh option [ 50.948746][ T1321] EXT4-fs (loop1): Ignoring removed bh option [ 50.965353][ T1322] EXT4-fs (loop3): Ignoring removed bh option [pid 1317] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1317] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1316] <... futex resumed>) = 0 [pid 1316] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1316] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1332] <... futex resumed>) = 0 [pid 1332] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1332] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1332] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1332] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1332] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1333]}, 88) = 1333 [pid 1332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1332] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1332] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1317] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1317] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1317] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1316] <... futex resumed>) = 0 [pid 1316] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1316] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1317] <... futex resumed>) = 1 [pid 1317] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864./strace-static-x86_64: Process 1333 attached [pid 1318] <... pwrite64 resumed>) = 176128 [pid 1333] set_robust_list(0x7f89653b89a0, 24 [pid 1318] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1317] <... pwrite64 resumed>) = 176128 [pid 1315] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1333] <... set_robust_list resumed>) = 0 [pid 1318] <... futex resumed>) = 0 [pid 1315] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1333] rt_sigprocmask(SIG_SETMASK, [], [pid 1318] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1315] <... futex resumed>) = 0 [ 50.967023][ T1318] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 50.985882][ T1317] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 50.986384][ T1321] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 51.001314][ T1322] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1333] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1317] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1315] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1333] memfd_create("syzkaller", 0) = 3 [pid 1333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1333] munmap(0x7f895cf98000, 138412032) = 0 [pid 1316] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1316] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1316] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1333] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 1333] ioctl(4, LOOP_SET_FD, 3 [pid 1316] <... futex resumed>) = 0 [pid 1316] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 1317] <... futex resumed>) = 1 [pid 1317] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1318] <... pwrite64 resumed>) = 176128 [pid 1318] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1315] <... futex resumed>) = 0 [pid 1315] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1315] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1318] <... futex resumed>) = 1 [pid 1318] truncate("./file1", 1) = 0 [pid 1318] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1315] <... futex resumed>) = 0 [pid 1315] exit_group(0) = ? [pid 1318] <... futex resumed>) = ? [pid 1318] +++ exited with 0 +++ [pid 1315] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1315, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 283] restart_syscall(<... resuming interrupted clone ...> [pid 1333] <... ioctl resumed>) = 0 [pid 1333] close(3) = 0 [pid 1333] close(4 [pid 1321] <... mount resumed>) = 0 [pid 1321] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1321] chdir("./file1") = 0 [pid 1321] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 283] <... restart_syscall resumed>) = 0 [pid 283] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1317] <... pwrite64 resumed>) = 176128 [pid 1317] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1316] <... futex resumed>) = 0 [pid 1316] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1317] truncate("./file1", 1 [pid 1316] <... futex resumed>) = 0 [pid 1316] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1322] <... mount resumed>) = 0 [pid 1322] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1322] chdir("./file1") = 0 [pid 1322] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1317] <... truncate resumed>) = 0 [pid 1317] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1317] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1316] <... futex resumed>) = 0 [pid 1316] exit_group(0) = ? [pid 1317] <... futex resumed>) = ? [pid 1317] +++ exited with 0 +++ [pid 1316] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1316, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 285] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 285] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1333] <... close resumed>) = 0 [pid 1321] <... openat resumed>) = 4 [pid 1333] mkdir("./file1", 0777 [pid 1321] ioctl(4, LOOP_CLR_FD [pid 1333] <... mkdir resumed>) = 0 [ 51.014046][ T1318] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 51.033159][ T1317] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1333] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1322] <... openat resumed>) = 4 [pid 1322] ioctl(4, LOOP_CLR_FD [pid 1321] <... ioctl resumed>) = 0 [pid 1321] close(4) = 0 [pid 1321] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1314] <... futex resumed>) = 0 [pid 1321] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1314] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1314] <... futex resumed>) = 0 [pid 1321] openat(AT_FDCWD, "./file1", O_RDWR [pid 1314] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1321] <... openat resumed>) = 4 [pid 1321] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1314] <... futex resumed>) = 0 [pid 1321] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1314] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1314] <... futex resumed>) = 0 [pid 1321] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1314] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1322] <... ioctl resumed>) = 0 [pid 1321] <... pwrite64 resumed>) = 87490 [pid 283] <... umount2 resumed>) = 0 [pid 1321] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1314] <... futex resumed>) = 0 [pid 1321] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1314] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1314] <... futex resumed>) = 0 [pid 1321] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1314] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1322] close(4 [pid 1321] <... openat resumed>) = 5 [pid 1321] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1314] <... futex resumed>) = 0 [pid 1321] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1314] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1314] <... futex resumed>) = 0 [pid 1321] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1314] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1322] <... close resumed>) = 0 [pid 1321] <... pwrite64 resumed>) = 176128 [pid 285] <... umount2 resumed>) = 0 [pid 283] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1322] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1322] <... futex resumed>) = 1 [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./39/file1", [pid 1322] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 285] newfstatat(AT_FDCWD, "./39/file1", [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 285] openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 283] <... openat resumed>) = 4 [pid 285] <... openat resumed>) = 4 [pid 283] newfstatat(4, "", [pid 285] newfstatat(4, "", [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, [pid 285] getdents64(4, [pid 283] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, [pid 285] getdents64(4, [pid 283] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] close(4 [pid 285] close(4 [pid 283] <... close resumed>) = 0 [pid 285] <... close resumed>) = 0 [pid 283] rmdir("./39/file1" [pid 285] rmdir("./39/file1" [pid 283] <... rmdir resumed>) = 0 [pid 285] <... rmdir resumed>) = 0 [pid 283] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./39/binderfs", [pid 285] newfstatat(AT_FDCWD, "./39/binderfs", [pid 283] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] unlink("./39/binderfs" [pid 285] unlink("./39/binderfs" [pid 283] <... unlink resumed>) = 0 [pid 285] <... unlink resumed>) = 0 [pid 283] getdents64(3, [pid 285] getdents64(3, [pid 283] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] close(3 [pid 285] close(3 [pid 283] <... close resumed>) = 0 [pid 285] <... close resumed>) = 0 [pid 283] rmdir("./39" [pid 285] rmdir("./39" [pid 283] <... rmdir resumed>) = 0 [pid 285] <... rmdir resumed>) = 0 [pid 283] mkdir("./40", 0777 [pid 285] mkdir("./40", 0777 [pid 283] <... mkdir resumed>) = 0 [pid 285] <... mkdir resumed>) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 283] <... openat resumed>) = 3 [pid 285] <... openat resumed>) = 3 [pid 283] ioctl(3, LOOP_CLR_FD [pid 285] ioctl(3, LOOP_CLR_FD [pid 283] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 285] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 283] close(3 [pid 1321] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1320] <... futex resumed>) = 0 [pid 285] close(3 [pid 283] <... close resumed>) = 0 [pid 1321] <... futex resumed>) = 1 [pid 1320] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1314] <... futex resumed>) = 0 [pid 285] <... close resumed>) = 0 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1322] <... futex resumed>) = 0 [pid 1321] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1320] <... futex resumed>) = 1 [pid 1314] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1322] openat(AT_FDCWD, "./file1", O_RDWR [pid 1321] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1320] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1314] <... futex resumed>) = 0 [pid 1322] <... openat resumed>) = 4 [ 51.235305][ T1333] EXT4-fs (loop4): Ignoring removed nobh option [ 51.240585][ T1321] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 51.242079][ T1333] EXT4-fs (loop4): Ignoring removed bh option [ 51.270243][ T1333] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1321] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864executing program executing program [pid 1314] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 283] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1339 ./strace-static-x86_64: Process 1340 attached ./strace-static-x86_64: Process 1339 attached [pid 1322] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1340 [pid 1340] set_robust_list(0x55557fe8a6a0, 24 [pid 1339] set_robust_list(0x55557fe8a6a0, 24 [pid 1322] <... futex resumed>) = 1 [pid 1340] <... set_robust_list resumed>) = 0 [pid 1339] <... set_robust_list resumed>) = 0 [pid 1322] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1340] chdir("./40" [pid 1339] chdir("./40" [pid 1340] <... chdir resumed>) = 0 [pid 1339] <... chdir resumed>) = 0 [pid 1340] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1339] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1340] <... prctl resumed>) = 0 [pid 1339] <... prctl resumed>) = 0 [pid 1340] setpgid(0, 0 [pid 1339] setpgid(0, 0 [pid 1340] <... setpgid resumed>) = 0 [pid 1339] <... setpgid resumed>) = 0 [pid 1340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1340] <... openat resumed>) = 3 [pid 1339] <... openat resumed>) = 3 [pid 1340] write(3, "1000", 4 [pid 1339] write(3, "1000", 4 [pid 1340] <... write resumed>) = 4 [pid 1339] <... write resumed>) = 4 [pid 1340] close(3 [pid 1339] close(3 [pid 1340] <... close resumed>) = 0 [pid 1339] <... close resumed>) = 0 [pid 1340] symlink("/dev/binderfs", "./binderfs" [pid 1339] symlink("/dev/binderfs", "./binderfs" [pid 1340] <... symlink resumed>) = 0 [pid 1339] <... symlink resumed>) = 0 [pid 1340] write(1, "executing program\n", 18 [pid 1339] write(1, "executing program\n", 18 [pid 1340] <... write resumed>) = 18 [pid 1339] <... write resumed>) = 18 [pid 1340] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1339] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1340] <... futex resumed>) = 0 [pid 1339] <... futex resumed>) = 0 [pid 1340] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1339] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1340] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1339] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1340] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1339] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1340] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1339] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1340] <... mmap resumed>) = 0x7f8965398000 [pid 1339] <... mmap resumed>) = 0x7f8965398000 [pid 1340] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 1339] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 1340] <... mprotect resumed>) = 0 [pid 1339] <... mprotect resumed>) = 0 [pid 1340] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1339] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1340] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1339] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1340] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1340] <... clone3 resumed> => {parent_tid=[1342]}, 88) = 1342 [pid 1339] <... clone3 resumed> => {parent_tid=[1343]}, 88) = 1343 [pid 1340] rt_sigprocmask(SIG_SETMASK, [], [pid 1339] rt_sigprocmask(SIG_SETMASK, [], [pid 1340] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1339] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1340] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1339] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1340] <... futex resumed>) = 0 [pid 1339] <... futex resumed>) = 0 [pid 1340] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1339] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1343 attached [pid 1343] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1343] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1343] memfd_create("syzkaller", 0) = 3 [pid 1343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1343] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1343] munmap(0x7f895cf98000, 138412032) = 0 [pid 1343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1343] ioctl(4, LOOP_SET_FD, 3 [pid 1320] <... futex resumed>) = 0 [pid 1320] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1320] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1322] <... futex resumed>) = 0 [pid 1322] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900./strace-static-x86_64: Process 1342 attached [pid 1343] <... ioctl resumed>) = 0 [pid 1321] <... pwrite64 resumed>) = 176128 [pid 1343] close(3) = 0 [pid 1343] close(4) = 0 [pid 1343] mkdir("./file1", 0777) = 0 [pid 1343] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1342] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1342] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1342] memfd_create("syzkaller", 0 [pid 1333] <... mount resumed>) = 0 [pid 1333] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1333] chdir("./file1" [pid 1342] <... memfd_create resumed>) = 3 [pid 1333] <... chdir resumed>) = 0 [pid 1333] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1333] <... openat resumed>) = 4 [pid 1342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1333] ioctl(4, LOOP_CLR_FD [pid 1322] <... pwrite64 resumed>) = 87490 [pid 1321] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1342] <... write resumed>) = 524288 [pid 1342] munmap(0x7f895cf98000, 138412032) = 0 [pid 1342] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 1342] ioctl(4, LOOP_SET_FD, 3 [pid 1322] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1320] <... futex resumed>) = 0 [pid 1320] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1320] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1322] <... futex resumed>) = 1 [pid 1322] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1322] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1320] <... futex resumed>) = 0 [pid 1320] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1320] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1322] <... futex resumed>) = 1 [pid 1322] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1314] <... futex resumed>) = 0 [pid 1314] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1314] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1321] <... futex resumed>) = 1 [pid 1321] truncate("./file1", 1) = 0 [pid 1321] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1314] <... futex resumed>) = 0 [pid 1314] exit_group(0) = ? [pid 1321] <... futex resumed>) = ? [pid 1321] +++ exited with 0 +++ [pid 1314] +++ exited with 0 +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1314, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 284] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 284] umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 51.287568][ T1321] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 51.308846][ T1343] EXT4-fs (loop0): Ignoring removed nobh option [ 51.320864][ T1343] EXT4-fs (loop0): Ignoring removed bh option [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1342] <... ioctl resumed>) = 0 [pid 1333] <... ioctl resumed>) = 0 [pid 1322] <... pwrite64 resumed>) = 176128 [pid 1342] close(3 [pid 1333] close(4 [pid 1342] <... close resumed>) = 0 [pid 1333] <... close resumed>) = 0 [pid 1342] close(4 [pid 1333] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1332] <... futex resumed>) = 0 [pid 1333] openat(AT_FDCWD, "./file1", O_RDWR [pid 1332] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1332] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1322] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1320] <... futex resumed>) = 0 [pid 1322] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1333] <... openat resumed>) = 4 [pid 1320] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1322] <... futex resumed>) = 0 [pid 1333] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1320] <... futex resumed>) = 1 [pid 1333] <... futex resumed>) = 1 [pid 1332] <... futex resumed>) = 0 [pid 1322] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1320] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1333] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1332] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1333] <... pwrite64 resumed>) = 87490 [pid 1332] <... futex resumed>) = 0 [pid 1332] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1333] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1333] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1332] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1333] <... openat resumed>) = 5 [pid 1332] <... futex resumed>) = 0 [pid 1322] <... pwrite64 resumed>) = 176128 [pid 1322] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1333] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1332] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1322] <... futex resumed>) = 1 [pid 1322] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1333] <... futex resumed>) = 0 [pid 1332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1320] <... futex resumed>) = 0 [pid 1333] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1332] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1320] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1332] <... futex resumed>) = 1 [pid 1320] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1332] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1333] <... futex resumed>) = 0 [pid 1333] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1322] <... futex resumed>) = 0 [pid 1322] truncate("./file1", 1 [pid 1342] <... close resumed>) = 0 [pid 1322] <... truncate resumed>) = 0 [pid 1322] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1320] <... futex resumed>) = 0 [pid 1320] exit_group(0) = ? [pid 1322] <... futex resumed>) = ? [pid 1342] mkdir("./file1", 0777) = 0 [pid 1342] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1322] +++ exited with 0 +++ [pid 1320] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1320, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 286] restart_syscall(<... resuming interrupted clone ...> [pid 1343] <... mount resumed>) = 0 [pid 1343] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1343] chdir("./file1" [pid 286] <... restart_syscall resumed>) = 0 [pid 1343] <... chdir resumed>) = 0 [pid 286] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 1343] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 51.322093][ T1322] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 51.328938][ T1343] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 51.355874][ T1322] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 286] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1333] <... pwrite64 resumed>) = 176128 [pid 1333] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1332] <... futex resumed>) = 0 [pid 1332] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1332] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1333] <... futex resumed>) = 1 [pid 1333] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1333] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1332] <... futex resumed>) = 0 [pid 1332] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1332] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1333] <... futex resumed>) = 1 [pid 1333] truncate("./file1", 1) = 0 [pid 1333] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1332] <... futex resumed>) = 0 [pid 1333] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1332] exit_group(0) = ? [pid 1333] <... futex resumed>) = ? [pid 1333] +++ exited with 0 +++ [pid 1332] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1332, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1343] <... openat resumed>) = 4 [ 51.385801][ T1333] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 51.401484][ T1333] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1343] ioctl(4, LOOP_CLR_FD) = 0 [pid 1343] close(4) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 286] <... umount2 resumed>) = 0 [pid 284] <... umount2 resumed>) = 0 [pid 1343] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1343] <... futex resumed>) = 1 [pid 1343] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./40/file1") = 0 [pid 287] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./40/binderfs") = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./40") = 0 [pid 287] mkdir("./41", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1349 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 286] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] close(4) = 0 [pid 286] rmdir("./40/file1") = 0 [pid 286] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./40/binderfs") = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] close(3) = 0 [pid 1339] <... futex resumed>) = 0 [pid 286] rmdir("./40" [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] <... rmdir resumed>) = 0 [pid 286] mkdir("./41", 0777 [pid 1339] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] newfstatat(AT_FDCWD, "./39/file1", ./strace-static-x86_64: Process 1349 attached [pid 1343] <... futex resumed>) = 0 [pid 1339] <... futex resumed>) = 1 [pid 286] <... mkdir resumed>) = 0 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1349] set_robust_list(0x55557fe8a6a0, 24 [pid 1343] openat(AT_FDCWD, "./file1", O_RDWR [pid 1339] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 284] umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1349] <... set_robust_list resumed>) = 0 [pid 286] <... openat resumed>) = 3 [pid 286] ioctl(3, LOOP_CLR_FD [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1349] chdir("./41" [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1349] <... chdir resumed>) = 0 [pid 1343] <... openat resumed>) = 4 [pid 286] close(3 [pid 284] openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1349] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1343] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... close resumed>) = 0 [pid 284] <... openat resumed>) = 4 [pid 1349] <... prctl resumed>) = 0 [pid 1343] <... futex resumed>) = 1 [pid 1339] <... futex resumed>) = 0 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 284] newfstatat(4, "", [pid 1349] setpgid(0, 0 [pid 1343] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1339] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1349] <... setpgid resumed>) = 0 [pid 1343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1339] <... futex resumed>) = 0 [pid 284] getdents64(4, [pid 1349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1343] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1339] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 1349] <... openat resumed>) = 3 [pid 1343] <... pwrite64 resumed>) = 87490 [pid 286] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1350 [pid 284] getdents64(4, [pid 1349] write(3, "1000", 4 [pid 1343] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 1349] <... write resumed>) = 4 [pid 1343] <... futex resumed>) = 1 [pid 1339] <... futex resumed>) = 0 [pid 284] close(4 [pid 1349] close(3 [pid 1343] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1339] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... close resumed>) = 0 [pid 1349] <... close resumed>) = 0 [pid 1343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1339] <... futex resumed>) = 0 [pid 284] rmdir("./39/file1"./strace-static-x86_64: Process 1350 attached [pid 1349] symlink("/dev/binderfs", "./binderfs" [pid 1343] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1339] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] <... rmdir resumed>) = 0 [pid 1350] set_robust_list(0x55557fe8a6a0, 24 [pid 1349] <... symlink resumed>) = 0 [pid 1343] <... openat resumed>) = 5 [pid 284] umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1349] write(1, "executing program\n", 18executing program [pid 1343] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1350] <... set_robust_list resumed>) = 0 [pid 1349] <... write resumed>) = 18 [pid 1343] <... futex resumed>) = 1 [pid 1339] <... futex resumed>) = 0 [pid 284] newfstatat(AT_FDCWD, "./39/binderfs", [pid 1350] chdir("./41" [pid 1349] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1343] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1339] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1349] <... futex resumed>) = 0 [pid 1343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1339] <... futex resumed>) = 0 [pid 284] unlink("./39/binderfs" [pid 1350] <... chdir resumed>) = 0 [pid 1349] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1343] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1339] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] <... unlink resumed>) = 0 [pid 1350] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1349] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1342] <... mount resumed>) = 0 [pid 1350] <... prctl resumed>) = 0 [pid 1342] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1350] setpgid(0, 0 [pid 1342] <... openat resumed>) = 3 [pid 1350] <... setpgid resumed>) = 0 [pid 1342] chdir("./file1" [pid 1350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1342] <... chdir resumed>) = 0 [pid 1350] <... openat resumed>) = 3 [pid 1342] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1350] write(3, "1000", 4 [pid 1342] <... openat resumed>) = 4 [pid 1350] <... write resumed>) = 4 [pid 1342] ioctl(4, LOOP_CLR_FD [pid 1350] close(3 [pid 1342] <... ioctl resumed>) = 0 [pid 1350] <... close resumed>) = 0 [pid 1350] symlink("/dev/binderfs", "./binderfs" [pid 1342] close(4 [pid 1350] <... symlink resumed>) = 0 [pid 1349] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 284] getdents64(3, [pid 1349] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 284] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 1349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 284] close(3 [pid 1349] <... mmap resumed>) = 0x7f8965398000 [pid 1349] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 284] <... close resumed>) = 0 [pid 1349] <... mprotect resumed>) = 0 [pid 284] rmdir("./39" [pid 1349] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 284] <... rmdir resumed>) = 0 [pid 1349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 284] mkdir("./40", 0777./strace-static-x86_64: Process 1353 attached [pid 1353] set_robust_list(0x7f89653b89a0, 24 [pid 1349] <... clone3 resumed> => {parent_tid=[1353]}, 88) = 1353 [pid 284] <... mkdir resumed>) = 0 [pid 1349] rt_sigprocmask(SIG_SETMASK, [], [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1349] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1349] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... openat resumed>) = 3 [pid 1349] <... futex resumed>) = 0 [pid 284] ioctl(3, LOOP_CLR_FD [pid 1349] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 284] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 284] close(3) = 0 [pid 1353] <... set_robust_list resumed>) = 0 [pid 1353] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1353] memfd_create("syzkaller", 0 [pid 284] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1354 [pid 1353] <... memfd_create resumed>) = 3 [pid 1353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1353] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1353] munmap(0x7f895cf98000, 138412032) = 0 [pid 1353] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 51.541339][ T1342] EXT4-fs (loop2): Ignoring removed nobh option [ 51.551313][ T1342] EXT4-fs (loop2): Ignoring removed bh option [ 51.557823][ T1342] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1353] ioctl(4, LOOP_SET_FD, 3 [pid 1350] write(1, "executing program\n", 18executing program ) = 18 [pid 1350] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1350] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1350] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1350] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1350] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1350] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1356]}, 88) = 1356 [pid 1350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1350] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1350] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1356 attached [pid 1356] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1356] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1356] memfd_create("syzkaller", 0) = 3 [pid 1356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1356] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1356] munmap(0x7f895cf98000, 138412032) = 0 [pid 1356] openat(AT_FDCWD, "/dev/loop3", O_RDWR./strace-static-x86_64: Process 1354 attached [pid 1354] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1354] chdir("./40") = 0 [pid 1354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1354] setpgid(0, 0) = 0 [pid 1354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 1354] write(3, "1000", 4 [pid 1343] <... pwrite64 resumed>) = 176128 [pid 1353] <... ioctl resumed>) = 0 [pid 1342] <... close resumed>) = 0 [pid 1343] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1354] <... write resumed>) = 4 [pid 1343] <... futex resumed>) = 1 [pid 1354] close(3 [pid 1343] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1354] <... close resumed>) = 0 [pid 1354] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1354] write(1, "executing program\n", 18) = 18 [pid 1354] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1354] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1354] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1354] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1354] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1354] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1357]}, 88) = 1357 [pid 1354] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1354] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1354] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1357 attached [pid 1357] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1339] <... futex resumed>) = 0 [pid 1342] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1353] close(3) = 0 [pid 1342] <... futex resumed>) = 1 [pid 1340] <... futex resumed>) = 0 [pid 1339] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1353] close(4 [pid 1342] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1340] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1353] <... close resumed>) = 0 [pid 1343] <... futex resumed>) = 0 [pid 1342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1340] <... futex resumed>) = 0 [pid 1339] <... futex resumed>) = 1 [pid 1353] mkdir("./file1", 0777 [pid 1343] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1357] rt_sigprocmask(SIG_SETMASK, [], [pid 1356] <... openat resumed>) = 4 [pid 1353] <... mkdir resumed>) = 0 [pid 1342] openat(AT_FDCWD, "./file1", O_RDWR [pid 1340] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1339] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1353] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1357] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1356] ioctl(4, LOOP_SET_FD, 3 [pid 1343] <... pwrite64 resumed>) = 176128 [pid 1342] <... openat resumed>) = 4 [pid 1357] memfd_create("syzkaller", 0 [pid 1342] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1343] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1357] <... memfd_create resumed>) = 3 [pid 1343] <... futex resumed>) = 1 [pid 1342] <... futex resumed>) = 1 [pid 1340] <... futex resumed>) = 0 [pid 1339] <... futex resumed>) = 0 [pid 1342] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1340] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1339] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1342] <... pwrite64 resumed>) = 87490 [pid 1340] <... futex resumed>) = 0 [pid 1339] <... futex resumed>) = 0 [pid 1340] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1339] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1342] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1340] <... futex resumed>) = 0 [pid 1340] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1340] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1342] <... futex resumed>) = 1 [pid 1342] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1342] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1340] <... futex resumed>) = 0 [pid 1340] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1343] truncate("./file1", 1 [pid 1357] <... mmap resumed>) = 0x7f895cf98000 [pid 1343] <... truncate resumed>) = 0 [pid 1340] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1357] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1343] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1357] <... write resumed>) = 524288 [pid 1343] <... futex resumed>) = 1 [pid 1339] <... futex resumed>) = 0 [pid 1343] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1339] exit_group(0 [pid 1343] <... futex resumed>) = ? [pid 1339] <... exit_group resumed>) = ? [pid 1343] +++ exited with 0 +++ [pid 1339] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1339, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 283] restart_syscall(<... resuming interrupted clone ...> [pid 1342] <... futex resumed>) = 1 [ 51.593715][ T1343] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 51.614770][ T1343] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 51.630109][ T1353] EXT4-fs (loop4): Ignoring removed nobh option [ 51.636637][ T1353] EXT4-fs (loop4): Ignoring removed bh option [pid 1342] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 283] <... restart_syscall resumed>) = 0 [pid 283] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, [pid 1357] munmap(0x7f895cf98000, 138412032 [pid 283] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 1357] <... munmap resumed>) = 0 [pid 283] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1357] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1356] <... ioctl resumed>) = 0 [pid 1357] ioctl(4, LOOP_SET_FD, 3 [pid 1356] close(3) = 0 [pid 1356] close(4 [pid 1357] <... ioctl resumed>) = 0 [pid 1357] close(3) = 0 [pid 1357] close(4 [pid 1342] <... pwrite64 resumed>) = 176128 [pid 1342] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1340] <... futex resumed>) = 0 [pid 1340] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1340] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1342] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1342] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1340] <... futex resumed>) = 0 [pid 1340] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1340] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1342] <... futex resumed>) = 1 [pid 1342] truncate("./file1", 1 [pid 1353] <... mount resumed>) = 0 [pid 1353] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1353] chdir("./file1") = 0 [pid 1353] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1342] <... truncate resumed>) = 0 [pid 1342] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1342] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1340] <... futex resumed>) = 0 [pid 1340] exit_group(0) = ? [pid 1342] <... futex resumed>) = ? [pid 1342] +++ exited with 0 +++ [pid 1340] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1340, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 285] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 285] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1357] <... close resumed>) = 0 [pid 1357] mkdir("./file1", 0777) = 0 [ 51.642793][ T1353] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 51.650485][ T1342] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 51.672229][ T1342] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1357] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1356] <... close resumed>) = 0 [pid 1356] mkdir("./file1", 0777) = 0 [pid 1356] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1353] <... openat resumed>) = 4 [pid 1353] ioctl(4, LOOP_CLR_FD) = 0 [pid 285] <... umount2 resumed>) = 0 [pid 283] <... umount2 resumed>) = 0 [pid 1353] close(4 [pid 285] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1353] <... close resumed>) = 0 [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1353] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] newfstatat(AT_FDCWD, "./40/file1", [pid 283] newfstatat(AT_FDCWD, "./40/file1", [pid 1353] <... futex resumed>) = 1 [pid 1349] <... futex resumed>) = 0 [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1353] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1349] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1353] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1349] <... futex resumed>) = 0 [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1353] openat(AT_FDCWD, "./file1", O_RDWR [pid 1349] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 51.854448][ T1357] EXT4-fs (loop1): Ignoring removed nobh option [ 51.860939][ T1356] EXT4-fs (loop3): Ignoring removed nobh option [ 51.874124][ T1356] EXT4-fs (loop3): Ignoring removed bh option [ 51.880336][ T1357] EXT4-fs (loop1): Ignoring removed bh option [ 51.881510][ T1356] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 283] openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 285] <... openat resumed>) = 4 [pid 283] <... openat resumed>) = 4 [pid 1353] <... openat resumed>) = 4 [pid 1353] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1349] <... futex resumed>) = 0 [pid 1353] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1349] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1353] <... pwrite64 resumed>) = 87490 [pid 1349] <... futex resumed>) = 0 [pid 1349] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1353] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1349] <... futex resumed>) = 0 [pid 1349] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1349] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1353] <... futex resumed>) = 1 [pid 1353] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1353] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1349] <... futex resumed>) = 0 [pid 1349] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1349] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1353] <... futex resumed>) = 1 [pid 1353] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 285] newfstatat(4, "", [pid 283] newfstatat(4, "", [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(4, [pid 283] getdents64(4, [pid 285] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] getdents64(4, [pid 283] getdents64(4, [pid 285] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] close(4 [pid 283] close(4 [pid 285] <... close resumed>) = 0 [pid 283] <... close resumed>) = 0 [pid 285] rmdir("./40/file1" [pid 283] rmdir("./40/file1" [pid 285] <... rmdir resumed>) = 0 [pid 283] <... rmdir resumed>) = 0 [pid 285] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./40/binderfs", [pid 283] newfstatat(AT_FDCWD, "./40/binderfs", [pid 285] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] unlink("./40/binderfs" [pid 283] unlink("./40/binderfs" [pid 285] <... unlink resumed>) = 0 [pid 283] <... unlink resumed>) = 0 [pid 285] getdents64(3, [pid 283] getdents64(3, [pid 285] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] close(3 [pid 283] close(3 [pid 285] <... close resumed>) = 0 [pid 283] <... close resumed>) = 0 [pid 285] rmdir("./40" [pid 283] rmdir("./40" [pid 285] <... rmdir resumed>) = 0 [pid 283] <... rmdir resumed>) = 0 [pid 285] mkdir("./41", 0777 [pid 283] mkdir("./41", 0777 [pid 285] <... mkdir resumed>) = 0 [pid 283] <... mkdir resumed>) = 0 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 285] <... openat resumed>) = 3 [pid 283] <... openat resumed>) = 3 [pid 285] ioctl(3, LOOP_CLR_FD [pid 283] ioctl(3, LOOP_CLR_FD [pid 285] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 283] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 285] close(3 [pid 283] close(3 [pid 285] <... close resumed>) = 0 [pid 283] <... close resumed>) = 0 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 285] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1363 [pid 283] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1364 [pid 1353] <... pwrite64 resumed>) = 176128 [pid 1353] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1353] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1363 attached [pid 1363] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1363] chdir("./41") = 0 [pid 1363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1363] setpgid(0, 0) = 0 [pid 1363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1363] write(3, "1000", 4) = 4 [pid 1363] close(3) = 0 [pid 1363] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1349] <... futex resumed>) = 0 [pid 1363] write(1, "executing program\n", 18 [pid 1349] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000executing program ./strace-static-x86_64: Process 1364 attached [pid 1353] <... futex resumed>) = 0 [pid 1349] <... futex resumed>) = 1 [pid 1353] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1364] set_robust_list(0x55557fe8a6a0, 24 [pid 1363] <... write resumed>) = 18 [pid 1349] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1357] <... mount resumed>) = 0 [pid 1357] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1357] chdir("./file1") = 0 [pid 1357] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1357] ioctl(4, LOOP_CLR_FD) = 0 [pid 1357] close(4) = 0 [pid 1357] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1354] <... futex resumed>) = 0 [pid 1357] openat(AT_FDCWD, "./file1", O_RDWR [pid 1354] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1354] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1357] <... openat resumed>) = 4 [pid 1357] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1354] <... futex resumed>) = 0 [pid 1357] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1354] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1357] <... pwrite64 resumed>) = 87490 [pid 1354] <... futex resumed>) = 0 [pid 1354] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1357] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1354] <... futex resumed>) = 0 [pid 1354] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1354] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1357] <... futex resumed>) = 1 [pid 1357] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1357] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1354] <... futex resumed>) = 0 [pid 1354] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1354] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1357] <... futex resumed>) = 1 [pid 1357] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1364] <... set_robust_list resumed>) = 0 [pid 1363] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1364] chdir("./41" [pid 1363] <... futex resumed>) = 0 [pid 1364] <... chdir resumed>) = 0 [ 51.886917][ T1357] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 51.907443][ T1353] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 51.932481][ T1353] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1363] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1364] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1363] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1364] <... prctl resumed>) = 0 [pid 1363] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1364] setpgid(0, 0 [pid 1363] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1364] <... setpgid resumed>) = 0 [pid 1363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1364] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1363] <... mmap resumed>) = 0x7f8965398000 [pid 1364] <... openat resumed>) = 3 [pid 1363] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 1364] write(3, "1000", 4 [pid 1363] <... mprotect resumed>) = 0 [pid 1364] <... write resumed>) = 4 [pid 1363] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1364] close(3 [pid 1363] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1364] <... close resumed>) = 0 [pid 1363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1364] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1363] <... clone3 resumed> => {parent_tid=[1367]}, 88) = 1367 executing program [pid 1364] write(1, "executing program\n", 18 [pid 1363] rt_sigprocmask(SIG_SETMASK, [], [pid 1364] <... write resumed>) = 18 [pid 1363] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1364] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1363] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1364] <... futex resumed>) = 0 [pid 1363] <... futex resumed>) = 0 [pid 1364] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1363] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1364] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1364] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1364] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1364] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1364] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1364] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1368]}, 88) = 1368 [pid 1364] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1364] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1364] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1367 attached ./strace-static-x86_64: Process 1368 attached [pid 1367] set_robust_list(0x7f89653b89a0, 24 [pid 1357] <... pwrite64 resumed>) = 176128 [pid 1353] <... pwrite64 resumed>) = 176128 [pid 1357] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1353] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1357] <... futex resumed>) = 1 [pid 1354] <... futex resumed>) = 0 [pid 1353] <... futex resumed>) = 1 [pid 1349] <... futex resumed>) = 0 [pid 1357] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1354] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1353] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1368] set_robust_list(0x7f89653b89a0, 24 [pid 1367] <... set_robust_list resumed>) = 0 [pid 1356] <... mount resumed>) = 0 [pid 1354] <... futex resumed>) = 0 [pid 1353] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1349] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1353] truncate("./file1", 1 [pid 1349] <... futex resumed>) = 0 [pid 1356] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1353] <... truncate resumed>) = 0 [pid 1349] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1356] <... openat resumed>) = 3 [pid 1356] chdir("./file1") = 0 [pid 1356] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 1356] ioctl(4, LOOP_CLR_FD) = 0 [pid 1356] close(4) = 0 [pid 1356] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1350] <... futex resumed>) = 0 [pid 1356] openat(AT_FDCWD, "./file1", O_RDWR [pid 1350] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1350] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1353] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1349] <... futex resumed>) = 0 [pid 1349] exit_group(0) = ? [pid 1353] <... futex resumed>) = ? [pid 1356] <... openat resumed>) = 4 [pid 1354] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1368] <... set_robust_list resumed>) = 0 [pid 1367] rt_sigprocmask(SIG_SETMASK, [], [pid 1357] <... pwrite64 resumed>) = 176128 [pid 1368] rt_sigprocmask(SIG_SETMASK, [], [pid 1367] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1357] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1356] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1353] +++ exited with 0 +++ [pid 1349] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1349, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 1356] <... futex resumed>) = 1 [pid 1350] <... futex resumed>) = 0 [pid 1368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1350] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1356] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1350] <... futex resumed>) = 0 [pid 1354] <... futex resumed>) = 0 [pid 1350] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1354] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1354] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1368] memfd_create("syzkaller", 0 [pid 1367] memfd_create("syzkaller", 0 [pid 1357] <... futex resumed>) = 1 [pid 1357] truncate("./file1", 1 [pid 1356] <... pwrite64 resumed>) = 87490 [pid 1367] <... memfd_create resumed>) = 3 [pid 1368] <... memfd_create resumed>) = 3 [pid 1368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1368] <... mmap resumed>) = 0x7f895cf98000 [pid 1367] <... mmap resumed>) = 0x7f895cf98000 [pid 1356] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1350] <... futex resumed>) = 0 [pid 1350] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1356] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1350] <... futex resumed>) = 0 [pid 1356] <... openat resumed>) = 5 [pid 1350] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1356] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1356] <... futex resumed>) = 0 [pid 1350] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1356] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1350] <... futex resumed>) = 0 [pid 1350] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1368] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1368] munmap(0x7f895cf98000, 138412032) = 0 [pid 1368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1368] ioctl(4, LOOP_SET_FD, 3 [pid 1357] <... truncate resumed>) = 0 [pid 1357] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1354] <... futex resumed>) = 0 [pid 1354] exit_group(0) = ? [pid 1357] <... futex resumed>) = ? [pid 287] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 1357] +++ exited with 0 +++ [pid 1354] +++ exited with 0 +++ [pid 287] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1354, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 287] <... openat resumed>) = 3 [pid 284] restart_syscall(<... resuming interrupted clone ...> [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1367] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1367] munmap(0x7f895cf98000, 138412032) = 0 [pid 1367] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1368] <... ioctl resumed>) = 0 [pid 1368] close(3) = 0 [ 51.942286][ T1357] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 51.963038][ T1357] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1368] close(4 [pid 284] <... restart_syscall resumed>) = 0 [pid 284] umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1356] <... pwrite64 resumed>) = 176128 [pid 1356] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1350] <... futex resumed>) = 0 [pid 1350] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1350] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1356] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1356] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1356] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1350] <... futex resumed>) = 0 [pid 1350] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1356] <... futex resumed>) = 0 [pid 1350] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1356] truncate("./file1", 1) = 0 [pid 1368] <... close resumed>) = 0 [pid 1356] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1368] mkdir("./file1", 0777 [pid 1356] <... futex resumed>) = 1 [pid 1350] <... futex resumed>) = 0 [pid 1368] <... mkdir resumed>) = 0 [pid 1356] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1350] exit_group(0 [pid 1368] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1350] <... exit_group resumed>) = ? [pid 1356] <... futex resumed>) = ? [pid 1356] +++ exited with 0 +++ [pid 1350] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1350, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- [pid 286] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 286] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 286] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1367] <... openat resumed>) = 4 [ 51.995431][ T1356] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 52.011111][ T1356] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1367] ioctl(4, LOOP_SET_FD, 3 [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./41/file1") = 0 [pid 287] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./41/binderfs") = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./41") = 0 [pid 287] mkdir("./42", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWRexecuting program executing program [pid 1367] <... ioctl resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 1367] close(3 [pid 287] ioctl(3, LOOP_CLR_FD [pid 284] <... umount2 resumed>) = 0 [pid 284] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 284] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(4, [pid 1367] <... close resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 284] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] close(4) = 0 [pid 284] rmdir("./40/file1") = 0 [pid 284] umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] unlink("./40/binderfs") = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] close(3) = 0 [pid 284] rmdir("./40") = 0 [pid 284] mkdir("./41", 0777) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 287] close(3 [pid 284] <... openat resumed>) = 3 [pid 284] ioctl(3, LOOP_CLR_FD [pid 287] <... close resumed>) = 0 [pid 284] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 284] close(3) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1372 ./strace-static-x86_64: Process 1372 attached [pid 1372] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1372] chdir("./41") = 0 [pid 1372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1372] setpgid(0, 0) = 0 [pid 1372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1372] write(3, "1000", 4) = 4 [pid 1372] close(3) = 0 [pid 1372] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1372] write(1, "executing program\n", 18) = 18 [pid 1372] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1372] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1372] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1372] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1372] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1372] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1373]}, 88) = 1373 [pid 1372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1372] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1372] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1373 attached [pid 1373] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1373] memfd_create("syzkaller", 0) = 3 [pid 1373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 287] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1374 [pid 286] <... umount2 resumed>) = 0 [pid 1373] <... write resumed>) = 524288 ./strace-static-x86_64: Process 1374 attached [pid 1374] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1374] chdir("./42") = 0 [pid 1374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1374] setpgid(0, 0) = 0 [pid 1374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1373] munmap(0x7f895cf98000, 138412032) = 0 [pid 1374] write(3, "1000", 4) = 4 [pid 1374] close(3) = 0 [pid 1374] symlink("/dev/binderfs", "./binderfs" [pid 1373] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1374] <... symlink resumed>) = 0 [pid 1373] <... openat resumed>) = 4 [pid 1373] ioctl(4, LOOP_SET_FD, 3 [pid 1374] write(1, "executing program\n", 18) = 18 [pid 1374] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1374] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1374] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1374] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1374] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1374] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1375]}, 88) = 1375 [pid 1374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1374] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1374] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1375 attached [pid 1375] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1375] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1375] memfd_create("syzkaller", 0) = 3 [pid 1375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 286] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1367] close(4 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 286] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] close(4) = 0 [pid 286] rmdir("./41/file1") = 0 [pid 286] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./41/binderfs") = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] close(3) = 0 [pid 286] rmdir("./41" [pid 1373] <... ioctl resumed>) = 0 [pid 286] <... rmdir resumed>) = 0 [pid 1373] close(3) = 0 [pid 1373] close(4 [pid 1375] <... write resumed>) = 524288 [pid 1375] munmap(0x7f895cf98000, 138412032 [pid 286] mkdir("./42", 0777 [pid 1375] <... munmap resumed>) = 0 [pid 1375] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 286] <... mkdir resumed>) = 0 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1368] <... mount resumed>) = 0 [pid 1368] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1368] chdir("./file1") = 0 [pid 1368] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1373] <... close resumed>) = 0 [pid 1373] mkdir("./file1", 0777) = 0 [ 52.177809][ T1368] EXT4-fs (loop0): Ignoring removed nobh option [ 52.194738][ T1368] EXT4-fs (loop0): Ignoring removed bh option [ 52.206079][ T1368] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1373] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1367] <... close resumed>) = 0 [pid 1367] mkdir("./file1", 0777) = 0 [pid 1367] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1375] <... openat resumed>) = 4 [pid 286] <... openat resumed>) = 3 [pid 1375] ioctl(4, LOOP_SET_FD, 3 [pid 1368] <... openat resumed>) = 4 [pid 286] ioctl(3, LOOP_CLR_FD [pid 1368] ioctl(4, LOOP_CLR_FD) = 0 [pid 1368] close(4) = 0 [pid 1368] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1364] <... futex resumed>) = 0 [pid 1368] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1364] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1368] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1364] <... futex resumed>) = 0 [pid 1368] openat(AT_FDCWD, "./file1", O_RDWR [pid 1364] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1368] <... openat resumed>) = 4 [pid 1368] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1364] <... futex resumed>) = 0 [pid 1368] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1364] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1368] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1364] <... futex resumed>) = 0 [pid 1368] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1364] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1368] <... pwrite64 resumed>) = 87490 [pid 1368] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1364] <... futex resumed>) = 0 [pid 1368] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1364] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1368] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1364] <... futex resumed>) = 0 [pid 1368] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1364] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1368] <... openat resumed>) = 5 [pid 1368] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1364] <... futex resumed>) = 0 [pid 1368] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1364] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1368] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1364] <... futex resumed>) = 0 [pid 1368] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [ 52.323159][ T1373] EXT4-fs (loop1): Ignoring removed nobh option [ 52.330543][ T1367] EXT4-fs (loop2): Ignoring removed nobh option [ 52.334730][ T1373] EXT4-fs (loop1): Ignoring removed bh option [ 52.345156][ T1373] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 52.353310][ T1367] EXT4-fs (loop2): Ignoring removed bh option [pid 1364] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1375] <... ioctl resumed>) = 0 [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1375] close(3 [pid 286] close(3 [pid 1375] <... close resumed>) = 0 [pid 286] <... close resumed>) = 0 [pid 1375] close(4 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1375] <... close resumed>) = 0 [pid 1375] mkdir("./file1", 0777) = 0 [pid 286] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1381 [pid 1375] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"..../strace-static-x86_64: Process 1381 attached [pid 1368] <... pwrite64 resumed>) = 176128 [pid 1373] <... mount resumed>) = 0 [pid 1373] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1373] chdir("./file1") = 0 [pid 1381] set_robust_list(0x55557fe8a6a0, 24 [pid 1368] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1381] <... set_robust_list resumed>) = 0 [pid 1373] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1373] ioctl(4, LOOP_CLR_FD) = 0 [pid 1373] close(4 [pid 1381] chdir("./42" [pid 1373] <... close resumed>) = 0 [pid 1368] <... futex resumed>) = 1 [pid 1364] <... futex resumed>) = 0 [pid 1381] <... chdir resumed>) = 0 [pid 1364] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1368] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864executing program [pid 1381] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1373] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1364] <... futex resumed>) = 0 [pid 1381] <... prctl resumed>) = 0 [pid 1373] <... futex resumed>) = 1 [pid 1372] <... futex resumed>) = 0 [pid 1364] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1381] setpgid(0, 0 [pid 1373] openat(AT_FDCWD, "./file1", O_RDWR [pid 1372] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1381] <... setpgid resumed>) = 0 [pid 1373] <... openat resumed>) = 4 [pid 1372] <... futex resumed>) = 0 [pid 1381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1373] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1372] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1381] <... openat resumed>) = 3 [pid 1373] <... futex resumed>) = 0 [pid 1372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1381] write(3, "1000", 4 [pid 1373] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1372] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1381] <... write resumed>) = 4 [pid 1373] <... pwrite64 resumed>) = 87490 [pid 1372] <... futex resumed>) = 0 [pid 1381] close(3 [pid 1372] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1381] <... close resumed>) = 0 [pid 1381] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1381] write(1, "executing program\n", 18) = 18 [pid 1381] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1381] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1381] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1381] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1381] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1381] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1384]}, 88) = 1384 [pid 1381] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1381] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1381] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1373] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1372] <... futex resumed>) = 0 [pid 1372] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1372] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1373] <... futex resumed>) = 1 [pid 1373] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1373] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1372] <... futex resumed>) = 0 [pid 1372] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1372] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1373] <... futex resumed>) = 1 [ 52.358856][ T1368] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 52.370711][ T1367] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 52.381156][ T1375] EXT4-fs (loop4): Ignoring removed nobh option [ 52.398808][ T1375] EXT4-fs (loop4): Ignoring removed bh option [ 52.406501][ T1368] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1373] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1368] <... pwrite64 resumed>) = 176128 ./strace-static-x86_64: Process 1384 attached [pid 1384] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1384] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1384] memfd_create("syzkaller", 0) = 3 [pid 1384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1384] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1367] <... mount resumed>) = 0 [pid 1367] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1367] chdir("./file1") = 0 [pid 1367] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 1367] ioctl(4, LOOP_CLR_FD) = 0 [pid 1367] close(4) = 0 [pid 1367] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1363] <... futex resumed>) = 0 [pid 1363] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1363] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1367] openat(AT_FDCWD, "./file1", O_RDWR) = 4 [pid 1367] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1363] <... futex resumed>) = 0 [pid 1363] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1363] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1367] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1368] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1364] <... futex resumed>) = 0 [pid 1364] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1364] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1368] truncate("./file1", 1 [pid 1367] <... pwrite64 resumed>) = 87490 [pid 1367] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1363] <... futex resumed>) = 0 [pid 1363] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1363] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1367] <... futex resumed>) = 1 [pid 1367] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1367] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1363] <... futex resumed>) = 0 [pid 1363] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1363] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1367] <... futex resumed>) = 1 [pid 1367] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1368] <... truncate resumed>) = 0 [pid 1368] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1364] <... futex resumed>) = 0 [pid 1364] exit_group(0) = ? [pid 1368] +++ exited with 0 +++ [pid 1364] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1364, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 283] restart_syscall(<... resuming interrupted clone ...> [pid 1384] <... write resumed>) = 524288 [pid 1373] <... pwrite64 resumed>) = 176128 [pid 1384] munmap(0x7f895cf98000, 138412032 [pid 1373] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1384] <... munmap resumed>) = 0 [pid 1373] <... futex resumed>) = 1 [pid 1372] <... futex resumed>) = 0 [pid 1372] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] <... restart_syscall resumed>) = 0 [pid 1372] <... futex resumed>) = 0 [pid 1372] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 283] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", [pid 1375] <... mount resumed>) = 0 [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, [pid 1384] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1375] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1373] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 283] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1384] <... openat resumed>) = 4 [pid 1375] <... openat resumed>) = 3 [pid 1384] ioctl(4, LOOP_SET_FD, 3 [pid 1375] chdir("./file1" [pid 1373] <... pwrite64 resumed>) = 176128 [pid 1375] <... chdir resumed>) = 0 [pid 1375] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 1375] ioctl(4, LOOP_CLR_FD) = 0 [pid 1375] close(4) = 0 [pid 1375] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1375] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 52.417105][ T1373] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 52.421950][ T1375] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 52.458682][ T1373] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1373] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1373] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1374] <... futex resumed>) = 0 [pid 1374] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1375] <... futex resumed>) = 0 [pid 1374] <... futex resumed>) = 1 [pid 1375] openat(AT_FDCWD, "./file1", O_RDWR [pid 1374] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1375] <... openat resumed>) = 4 [pid 1375] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1374] <... futex resumed>) = 0 [pid 1375] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1374] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1375] <... pwrite64 resumed>) = 87490 [pid 1374] <... futex resumed>) = 0 [pid 1374] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1375] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1374] <... futex resumed>) = 0 [pid 1374] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1374] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1375] <... futex resumed>) = 1 [pid 1375] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1375] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1374] <... futex resumed>) = 0 [pid 1374] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1374] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1375] <... futex resumed>) = 1 [pid 1375] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1372] <... futex resumed>) = 0 [pid 1367] <... pwrite64 resumed>) = 176128 [pid 1372] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1372] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1373] <... futex resumed>) = 0 [pid 1373] truncate("./file1", 1) = 0 [pid 1373] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1372] <... futex resumed>) = 0 [pid 1372] exit_group(0) = ? [pid 1373] <... futex resumed>) = ? [pid 1373] +++ exited with 0 +++ [pid 1372] +++ exited with 0 +++ [pid 1367] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1363] <... futex resumed>) = 0 [pid 1363] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1363] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1367] <... futex resumed>) = 1 [pid 1367] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1384] <... ioctl resumed>) = 0 [pid 1375] <... pwrite64 resumed>) = 176128 [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1372, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 1384] close(3) = 0 [pid 1384] close(4 [pid 284] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1384] <... close resumed>) = 0 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1384] mkdir("./file1", 0777 [pid 284] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1384] <... mkdir resumed>) = 0 [pid 284] <... openat resumed>) = 3 [pid 1384] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1375] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1374] <... futex resumed>) = 0 [pid 1374] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1374] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1375] <... futex resumed>) = 1 [ 52.460865][ T1367] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 52.486080][ T1375] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 52.492956][ T1367] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1375] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1375] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1374] <... futex resumed>) = 0 [pid 1374] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1374] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1375] <... futex resumed>) = 1 [pid 1375] truncate("./file1", 1) = 0 [pid 1375] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1374] <... futex resumed>) = 0 [pid 1374] exit_group(0) = ? [pid 1375] <... futex resumed>) = ? [pid 1375] +++ exited with 0 +++ [pid 1374] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1374, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 1363] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1363] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965377000 [pid 1363] mprotect(0x7f8965378000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1363] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8965397990, parent_tid=0x7f8965397990, exit_signal=0, stack=0x7f8965377000, stack_size=0x20300, tls=0x7f89653976c0} => {parent_tid=[1389]}, 88) = 1389 [pid 1363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1363] futex(0x7f89654836d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1363] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1389 attached [pid 1389] set_robust_list(0x7f89653979a0, 24) = 0 [pid 1389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1389] truncate("./file1", 1 [pid 1367] <... pwrite64 resumed>) = 176128 [pid 1367] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1367] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 287] <... restart_syscall resumed>) = 0 [pid 287] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1389] <... truncate resumed>) = 0 [pid 1389] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1363] <... futex resumed>) = 0 [pid 1363] exit_group(0 [pid 1367] <... futex resumed>) = ? [pid 1363] <... exit_group resumed>) = ? [pid 1367] +++ exited with 0 +++ [pid 1389] <... futex resumed>) = ? [pid 1389] +++ exited with 0 +++ [pid 1363] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1363, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 285] restart_syscall(<... resuming interrupted clone ...> [pid 1384] <... mount resumed>) = 0 [pid 1384] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1384] chdir("./file1") = 0 [pid 1384] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 285] <... restart_syscall resumed>) = 0 [pid 285] umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] <... umount2 resumed>) = 0 [pid 283] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] close(4) = 0 [pid 283] rmdir("./41/file1") = 0 [pid 283] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] unlink("./41/binderfs") = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] close(3) = 0 [pid 283] rmdir("./41") = 0 [pid 283] mkdir("./42", 0777) = 0 [ 52.520517][ T1384] EXT4-fs (loop3): Ignoring removed nobh option [ 52.526865][ T1384] EXT4-fs (loop3): Ignoring removed bh option [ 52.527254][ T1375] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 52.533010][ T1384] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1384] <... openat resumed>) = 4 [pid 1384] ioctl(4, LOOP_CLR_FD) = 0 [pid 1384] close(4 [pid 287] <... umount2 resumed>) = 0 [pid 284] <... umount2 resumed>) = 0 [pid 1384] <... close resumed>) = 0 [pid 1384] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1381] <... futex resumed>) = 0 [pid 1381] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1381] <... futex resumed>) = 0 [pid 1381] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1384] <... futex resumed>) = 1 [pid 1384] openat(AT_FDCWD, "./file1", O_RDWR [pid 287] newfstatat(AT_FDCWD, "./42/file1", [pid 284] newfstatat(AT_FDCWD, "./41/file1", [pid 1384] <... openat resumed>) = 4 [pid 1384] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1381] <... futex resumed>) = 0 [pid 1381] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1381] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1384] <... futex resumed>) = 1 [pid 1384] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 284] openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] <... openat resumed>) = 4 [pid 287] newfstatat(4, "", [pid 284] <... openat resumed>) = 4 [pid 1384] <... pwrite64 resumed>) = 87490 [pid 1384] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1381] <... futex resumed>) = 0 [pid 1381] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1381] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1384] <... futex resumed>) = 1 [pid 1384] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1384] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1381] <... futex resumed>) = 0 [pid 1381] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1381] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1384] <... futex resumed>) = 1 [pid 1384] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 284] newfstatat(4, "", [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, [pid 284] getdents64(4, [pid 287] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] <... umount2 resumed>) = 0 [pid 284] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, [pid 284] getdents64(4, [pid 287] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] close(4 [pid 284] close(4 [pid 287] <... close resumed>) = 0 [pid 283] <... openat resumed>) = 3 [pid 287] rmdir("./42/file1" [pid 284] <... close resumed>) = 0 [pid 283] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 283] close(3 [pid 287] <... rmdir resumed>) = 0 [pid 285] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] rmdir("./41/file1" [pid 283] <... close resumed>) = 0 [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 285] newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1392 [pid 285] umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 285] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] close(4) = 0 [pid 285] rmdir("./41/file1") = 0 [pid 285] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] unlink("./41/binderfs") = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] close(3) = 0 [pid 285] rmdir("./41") = 0 [pid 285] mkdir("./42", 0777) = 0 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 285] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 285] close(3) = 0 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1393 [pid 287] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./42/binderfs") = 0 ./strace-static-x86_64: Process 1393 attached ./strace-static-x86_64: Process 1392 attached [pid 287] getdents64(3, [pid 284] <... rmdir resumed>) = 0 [pid 284] umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 1393] set_robust_list(0x55557fe8a6a0, 24 [pid 1392] set_robust_list(0x55557fe8a6a0, 24 [pid 284] newfstatat(AT_FDCWD, "./41/binderfs", [pid 287] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1393] <... set_robust_list resumed>) = 0 [pid 1392] <... set_robust_list resumed>) = 0 [pid 287] close(3 [pid 284] unlink("./41/binderfs" [pid 287] <... close resumed>) = 0 [pid 284] <... unlink resumed>) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] close(3 [pid 1393] chdir("./42" [pid 287] rmdir("./42" [pid 284] <... close resumed>) = 0 [pid 1392] chdir("./42" [pid 284] rmdir("./41" [pid 1393] <... chdir resumed>) = 0 [pid 1392] <... chdir resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 284] <... rmdir resumed>) = 0 [pid 284] mkdir("./42", 0777 [pid 1393] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1392] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1384] <... pwrite64 resumed>) = 176128 [pid 287] mkdir("./43", 0777 [pid 284] <... mkdir resumed>) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 284] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 284] close(3) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x55557fe8a690) = 1394 ./strace-static-x86_64: Process 1394 attached [pid 1394] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1394] chdir("./42") = 0 [pid 1394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1394] setpgid(0, 0) = 0 [pid 1394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1394] write(3, "1000", 4) = 4 [pid 1394] close(3) = 0 [pid 1394] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1394] write(1, "executing program\n", 18) = 18 [pid 1394] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1394] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1394] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1394] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1394] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1394] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1395]}, 88) = 1395 [pid 1394] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1394] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1394] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1395 attached [pid 1395] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1395] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1395] memfd_create("syzkaller", 0) = 3 [pid 1395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1393] <... prctl resumed>) = 0 [pid 1392] <... prctl resumed>) = 0 [pid 287] <... mkdir resumed>) = 0 [pid 1393] setpgid(0, 0 [pid 1392] setpgid(0, 0 [pid 1393] <... setpgid resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1392] <... setpgid resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 1393] <... openat resumed>) = 3 [pid 1392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1393] write(3, "1000", 4 [pid 287] ioctl(3, LOOP_CLR_FD [pid 1392] <... openat resumed>) = 3 [pid 1393] <... write resumed>) = 4 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1392] write(3, "1000", 4 [pid 1393] close(3 [pid 287] close(3 [pid 1392] <... write resumed>) = 4 [pid 1393] <... close resumed>) = 0 [pid 1393] symlink("/dev/binderfs", "./binderfs" [pid 1392] close(3 [pid 287] <... close resumed>) = 0 [pid 1392] <... close resumed>) = 0 [pid 1395] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1393] <... symlink resumed>) = 0 [pid 1392] symlink("/dev/binderfs", "./binderfs" [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program [pid 1392] <... symlink resumed>) = 0 [pid 1393] write(1, "executing program\n", 18 [pid 1392] write(1, "executing program\n", 18 [pid 1393] <... write resumed>) = 18 [pid 287] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1396 executing program [pid 1392] <... write resumed>) = 18 [pid 1393] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1392] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1393] <... futex resumed>) = 0 [pid 1393] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1392] <... futex resumed>) = 0 [pid 1395] <... write resumed>) = 524288 [pid 1395] munmap(0x7f895cf98000, 138412032) = 0 [pid 1395] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1395] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 1396 attached [pid 1396] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1396] chdir("./43") = 0 [pid 1396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1396] setpgid(0, 0) = 0 [pid 1396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1396] write(3, "1000", 4) = 4 [pid 1396] close(3) = 0 [pid 1396] symlink("/dev/binderfs", "./binderfs" [pid 1393] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1392] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1396] <... symlink resumed>) = 0 executing program [pid 1396] write(1, "executing program\n", 18) = 18 [pid 1396] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1396] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1396] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1396] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1396] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1398]}, 88) = 1398 [pid 1396] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1396] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1396] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1395] <... ioctl resumed>) = 0 [pid 1392] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1395] close(3 [pid 1393] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1392] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1395] <... close resumed>) = 0 [pid 1395] close(4./strace-static-x86_64: Process 1398 attached [pid 1398] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1398] memfd_create("syzkaller", 0 [pid 1393] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1392] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1395] <... close resumed>) = 0 [pid 1393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1384] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1393] <... mmap resumed>) = 0x7f8965398000 [pid 1392] <... mmap resumed>) = 0x7f8965398000 [pid 1393] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 1392] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 1393] <... mprotect resumed>) = 0 [pid 1392] <... mprotect resumed>) = 0 [pid 1393] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1395] mkdir("./file1", 0777 [pid 1393] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1392] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1393] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1392] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1395] <... mkdir resumed>) = 0 [pid 1392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1398] <... memfd_create resumed>) = 3 [pid 1393] <... clone3 resumed> => {parent_tid=[1399]}, 88) = 1399 [pid 1395] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1393] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1392] <... clone3 resumed> => {parent_tid=[1400]}, 88) = 1400 [pid 1393] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1392] rt_sigprocmask(SIG_SETMASK, [], [pid 1393] <... futex resumed>) = 0 [pid 1392] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1393] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1392] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1400 attached ) = 0 [pid 1400] set_robust_list(0x7f89653b89a0, 24 [pid 1392] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1400] <... set_robust_list resumed>) = 0 [pid 1400] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1400] memfd_create("syzkaller", 0) = 3 [pid 1381] <... futex resumed>) = 0 [pid 1400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1381] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1400] <... mmap resumed>) = 0x7f895cf98000 [pid 1381] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1384] <... futex resumed>) = 1 [pid 1384] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864./strace-static-x86_64: Process 1399 attached [pid 1398] <... mmap resumed>) = 0x7f895cf98000 [ 52.710821][ T1384] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1400] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1398] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1399] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1399] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1399] memfd_create("syzkaller", 0) = 3 [pid 1399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1399] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1400] <... write resumed>) = 524288 [pid 1398] <... write resumed>) = 524288 [pid 1399] <... write resumed>) = 524288 [pid 1400] munmap(0x7f895cf98000, 138412032) = 0 [pid 1398] munmap(0x7f895cf98000, 138412032) = 0 [pid 1400] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1398] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1399] munmap(0x7f895cf98000, 138412032) = 0 [pid 1399] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1384] <... pwrite64 resumed>) = 176128 [pid 1384] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1381] <... futex resumed>) = 0 [pid 1381] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1381] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1384] <... futex resumed>) = 1 [pid 1384] truncate("./file1", 1) = 0 [pid 1384] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1381] <... futex resumed>) = 0 [pid 1384] <... futex resumed>) = 1 [pid 1381] exit_group(0) = ? [pid 1384] +++ exited with 0 +++ [pid 1381] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1381, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 286] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 286] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 286] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1400] <... openat resumed>) = 4 [pid 1400] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1398] <... openat resumed>) = 4 [pid 1398] ioctl(4, LOOP_SET_FD, 3 [pid 1400] close(3) = 0 [ 52.755307][ T1384] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 52.785664][ T1395] EXT4-fs (loop1): Ignoring removed nobh option [ 52.792399][ T1395] EXT4-fs (loop1): Ignoring removed bh option [pid 1400] close(4 [pid 1399] <... openat resumed>) = 4 [pid 1398] <... ioctl resumed>) = 0 [pid 1399] ioctl(4, LOOP_SET_FD, 3 [pid 1398] close(3) = 0 [pid 1398] close(4 [pid 1395] <... mount resumed>) = 0 [pid 1395] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1395] chdir("./file1") = 0 [ 52.798770][ T1395] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1395] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1400] <... close resumed>) = 0 [pid 1400] mkdir("./file1", 0777) = 0 [pid 1400] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1399] <... ioctl resumed>) = 0 [pid 1399] close(3) = 0 [pid 1399] close(4) = 0 [pid 1399] mkdir("./file1", 0777) = 0 [pid 1399] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1398] <... close resumed>) = 0 [pid 1398] mkdir("./file1", 0777) = 0 [pid 1398] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1395] <... openat resumed>) = 4 [pid 1395] ioctl(4, LOOP_CLR_FD) = 0 [pid 286] <... umount2 resumed>) = 0 [pid 1395] close(4 [pid 286] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 286] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] close(4) = 0 [pid 286] rmdir("./42/file1") = 0 [pid 286] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./42/binderfs") = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] close(3) = 0 [pid 286] rmdir("./42") = 0 [pid 286] mkdir("./43", 0777) = 0 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1395] <... close resumed>) = 0 [pid 1395] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1395] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1394] <... futex resumed>) = 0 [pid 1394] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1395] <... futex resumed>) = 0 [pid 1394] <... futex resumed>) = 1 [pid 1395] openat(AT_FDCWD, "./file1", O_RDWR [pid 1394] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1395] <... openat resumed>) = 4 [pid 1395] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1394] <... futex resumed>) = 0 [pid 1395] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1394] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1394] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1395] <... pwrite64 resumed>) = 87490 [pid 1395] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1394] <... futex resumed>) = 0 [pid 1395] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1394] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1395] <... openat resumed>) = 5 [pid 1394] <... futex resumed>) = 0 [pid 1395] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1394] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1395] <... futex resumed>) = 0 [pid 1394] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1395] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1394] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1394] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1399] <... mount resumed>) = 0 [pid 1399] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1399] chdir("./file1") = 0 [ 52.999509][ T1400] EXT4-fs (loop0): Ignoring removed nobh option [ 52.999682][ T1399] EXT4-fs (loop2): Ignoring removed nobh option [ 53.011227][ T1400] EXT4-fs (loop0): Ignoring removed bh option [ 53.012695][ T1399] EXT4-fs (loop2): Ignoring removed bh option [ 53.018934][ T1400] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 53.024961][ T1399] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1399] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1400] <... mount resumed>) = 0 [pid 1400] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1400] chdir("./file1") = 0 [pid 1400] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1395] <... pwrite64 resumed>) = 176128 [pid 1395] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1394] <... futex resumed>) = 0 [pid 1394] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1394] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1395] <... futex resumed>) = 1 [pid 1395] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1395] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1395] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1394] <... futex resumed>) = 0 [pid 1394] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1394] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1395] <... futex resumed>) = 0 [pid 1395] truncate("./file1", 1) = 0 [pid 1395] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1394] <... futex resumed>) = 0 [pid 1394] exit_group(0) = ? [pid 1395] <... futex resumed>) = ? [pid 1395] +++ exited with 0 +++ [pid 1394] +++ exited with 0 +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1394, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 284] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 284] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1399] <... openat resumed>) = 4 [pid 286] <... openat resumed>) = 3 [ 53.057615][ T1395] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 53.073478][ T1395] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1400] <... openat resumed>) = 4 [pid 1400] ioctl(4, LOOP_CLR_FD) = 0 [pid 1400] close(4) = 0 [pid 1400] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1400] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1399] ioctl(4, LOOP_CLR_FD [pid 286] ioctl(3, LOOP_CLR_FD [pid 1392] <... futex resumed>) = 0 [pid 1392] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1400] <... futex resumed>) = 0 [pid 1392] <... futex resumed>) = 1 [pid 1400] openat(AT_FDCWD, "./file1", O_RDWR [pid 1392] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1400] <... openat resumed>) = 4 [pid 1400] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1392] <... futex resumed>) = 0 [pid 1400] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1392] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1392] <... futex resumed>) = 0 [pid 1400] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1392] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1400] <... pwrite64 resumed>) = 87490 [pid 1400] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1392] <... futex resumed>) = 0 [pid 1400] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1392] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1400] <... openat resumed>) = 5 [pid 1392] <... futex resumed>) = 0 [pid 1400] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1392] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1400] <... futex resumed>) = 0 [pid 1392] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1400] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1392] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1392] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1400] <... pwrite64 resumed>) = 176128 [pid 1400] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1392] <... futex resumed>) = 0 [pid 1392] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1392] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1400] <... futex resumed>) = 1 [pid 1400] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1400] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1392] <... futex resumed>) = 0 [pid 1392] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1392] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1400] <... futex resumed>) = 1 [pid 1400] truncate("./file1", 1) = 0 [pid 1400] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1392] <... futex resumed>) = 0 [pid 1392] exit_group(0) = ? [pid 1400] <... futex resumed>) = ? [pid 1400] +++ exited with 0 +++ [pid 1392] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1392, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [ 53.126186][ T1398] EXT4-fs (loop4): Ignoring removed nobh option [ 53.133026][ T1398] EXT4-fs (loop4): Ignoring removed bh option [ 53.139187][ T1400] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 53.140539][ T1400] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 283] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 283] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1398] <... mount resumed>) = 0 [pid 1398] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1398] chdir("./file1") = 0 [pid 1398] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1399] <... ioctl resumed>) = 0 [pid 284] <... umount2 resumed>) = 0 [pid 1399] close(4) = 0 [pid 1399] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1393] <... futex resumed>) = 0 [pid 1399] openat(AT_FDCWD, "./file1", O_RDWR [pid 1393] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1393] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 284] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1399] <... openat resumed>) = 4 [pid 286] close(3 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 1399] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 284] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1399] <... futex resumed>) = 1 [pid 1393] <... futex resumed>) = 0 [pid 284] getdents64(4, [pid 1393] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 1399] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1393] <... futex resumed>) = 0 [pid 284] getdents64(4, [pid 1393] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] close(4) = 0 [pid 284] rmdir("./42/file1") = 0 [pid 284] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] unlink("./42/binderfs") = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] close(3) = 0 [pid 284] rmdir("./42") = 0 [pid 284] mkdir("./43", 0777) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1399] <... pwrite64 resumed>) = 87490 [pid 1399] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1399] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1393] <... futex resumed>) = 0 [pid 1393] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1393] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1399] <... futex resumed>) = 0 [pid 1399] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1399] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1393] <... futex resumed>) = 0 [pid 1393] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1399] <... futex resumed>) = 1 [pid 1393] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 53.154231][ T1398] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1399] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1399] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1393] <... futex resumed>) = 0 [pid 1399] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1393] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1393] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1398] <... openat resumed>) = 4 [pid 286] <... close resumed>) = 0 [pid 284] <... openat resumed>) = 3 [pid 283] <... umount2 resumed>) = 0 [pid 1399] <... pwrite64 resumed>) = 176128 [pid 1399] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1399] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 283] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1393] <... futex resumed>) = 0 [pid 1393] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1393] <... futex resumed>) = 1 [pid 283] newfstatat(AT_FDCWD, "./42/file1", [pid 1393] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1412 [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1399] <... futex resumed>) = 0 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1399] truncate("./file1", 1 [pid 284] ioctl(3, LOOP_CLR_FD [pid 283] <... openat resumed>) = 4 [pid 283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, [pid 284] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 284] close(3 [pid 283] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, [pid 284] <... close resumed>) = 0 [pid 283] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 283] close(4) = 0 [pid 283] rmdir("./42/file1") = 0 [pid 1398] ioctl(4, LOOP_CLR_FD) = 0 [pid 283] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1398] close(4) = 0 [pid 1398] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1398] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1396] <... futex resumed>) = 0 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1396] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1413 [pid 283] newfstatat(AT_FDCWD, "./42/binderfs", [pid 1396] <... futex resumed>) = 1 [pid 1396] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 283] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] unlink("./42/binderfs") = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] close(3) = 0 [pid 283] rmdir("./42" [pid 1398] <... futex resumed>) = 0 [pid 1398] openat(AT_FDCWD, "./file1", O_RDWR [pid 283] <... rmdir resumed>) = 0 [pid 283] mkdir("./43", 0777) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ./strace-static-x86_64: Process 1413 attached [pid 1413] set_robust_list(0x55557fe8a6a0, 24 [pid 283] ioctl(3, LOOP_CLR_FD [pid 1398] <... openat resumed>) = 4 [pid 1413] <... set_robust_list resumed>) = 0 [pid 283] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1413] chdir("./43" [pid 283] close(3) = 0 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1398] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1413] <... chdir resumed>) = 0 [pid 1413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1413] setpgid(0, 0) = 0 [pid 1413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 283] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1414 [pid 1413] write(3, "1000", 4) = 4 [pid 1413] close(3) = 0 [pid 1413] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1399] <... truncate resumed>) = 0 [pid 1413] write(1, "executing program\n", 18) = 18 [pid 1413] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1413] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1413] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1413] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1399] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1393] <... futex resumed>) = 0 [pid 1393] exit_group(0) = ? [pid 1399] +++ exited with 0 +++ [pid 1413] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1413] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1415]}, 88) = 1415 [pid 1393] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1393, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 285] restart_syscall(<... resuming interrupted clone ...> [pid 1413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1413] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1413] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1415 attached [pid 1415] set_robust_list(0x7f89653b89a0, 24 [pid 1398] <... futex resumed>) = 1 [pid 1396] <... futex resumed>) = 0 [pid 1415] <... set_robust_list resumed>) = 0 [pid 1398] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1396] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1415] rt_sigprocmask(SIG_SETMASK, [], [pid 1396] <... futex resumed>) = 0 [pid 1415] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1396] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1415] memfd_create("syzkaller", 0) = 3 [pid 1415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 285] <... restart_syscall resumed>) = 0 [pid 285] umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1415] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1398] <... pwrite64 resumed>) = 87490 [pid 1415] <... write resumed>) = 524288 [pid 1415] munmap(0x7f895cf98000, 138412032) = 0 [pid 1415] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1415] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 1412 attached [pid 1412] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1412] chdir("./43") = 0 [pid 1412] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1412] setpgid(0, 0) = 0 [pid 1412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 1412] write(3, "1000", 4) = 4 [pid 1412] close(3) = 0 [pid 1412] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1412] write(1, "executing program\n", 18) = 18 [pid 1412] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1412] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1412] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1412] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1412] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 1414 attached [pid 1398] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1396] <... futex resumed>) = 0 [pid 1396] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1415] <... ioctl resumed>) = 0 [pid 1396] <... futex resumed>) = 0 [pid 1396] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1412] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1415] close(3 [pid 1414] set_robust_list(0x55557fe8a6a0, 24 [pid 1412] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1415] <... close resumed>) = 0 [pid 1398] <... futex resumed>) = 1 [pid 1414] <... set_robust_list resumed>) = 0 [pid 1414] chdir("./43") = 0 [pid 1415] close(4 [pid 1414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1414] setpgid(0, 0) = 0 [pid 1414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1412] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1398] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1414] <... openat resumed>) = 3 [pid 1414] write(3, "1000", 4) = 4 [pid 1414] close(3) = 0 [pid 1414] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1414] write(1, "executing program\n", 18) = 18 [pid 1398] <... openat resumed>) = 5 [pid 1398] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1414] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1414] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1414] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1414] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1396] <... futex resumed>) = 0 [pid 1396] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1396] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1414] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1414] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1418]}, 88) = 1418 [pid 1414] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1414] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1414] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1417 attached [pid 1417] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1417] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1417] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1418 attached [pid 1418] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1418] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1418] memfd_create("syzkaller", 0 [pid 1398] <... futex resumed>) = 1 [pid 1412] <... clone3 resumed> => {parent_tid=[1417]}, 88) = 1417 [pid 1418] <... memfd_create resumed>) = 3 [pid 1398] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [ 53.210216][ T1399] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 53.225784][ T1399] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1412] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1412] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1417] <... futex resumed>) = 0 [pid 1417] memfd_create("syzkaller", 0) = 3 [pid 1417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1417] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1412] <... futex resumed>) = 1 [pid 1412] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1418] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1417] munmap(0x7f895cf98000, 138412032) = 0 [pid 1418] <... write resumed>) = 524288 [pid 1417] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1418] munmap(0x7f895cf98000, 138412032) = 0 [pid 1418] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1398] <... pwrite64 resumed>) = 176128 [pid 1398] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1396] <... futex resumed>) = 0 [pid 1396] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1396] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1398] <... futex resumed>) = 1 [pid 1398] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1398] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1396] <... futex resumed>) = 0 [pid 1396] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1396] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1398] truncate("./file1", 1) = 0 [pid 1398] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1396] <... futex resumed>) = 0 [pid 1396] exit_group(0) = ? [pid 1398] <... futex resumed>) = ? [pid 1398] +++ exited with 0 +++ [pid 1396] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1396, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 1418] <... openat resumed>) = 4 [pid 1417] <... openat resumed>) = 4 [pid 287] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... umount2 resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... openat resumed>) = 3 [pid 285] newfstatat(AT_FDCWD, "./42/file1", [pid 287] newfstatat(3, "", [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] getdents64(3, [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1418] ioctl(4, LOOP_SET_FD, 3 [pid 1417] ioctl(4, LOOP_SET_FD, 3 [pid 287] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... openat resumed>) = 4 [pid 285] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] close(4) = 0 [pid 285] rmdir("./42/file1") = 0 [pid 285] umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] unlink("./42/binderfs") = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] close(3) = 0 [pid 285] rmdir("./42") = 0 [pid 285] mkdir("./43", 0777) = 0 [ 53.279176][ T1398] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 53.294567][ T1398] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1415] <... close resumed>) = 0 [pid 1415] mkdir("./file1", 0777 [pid 1417] <... ioctl resumed>) = 0 [pid 1415] <... mkdir resumed>) = 0 [pid 1418] <... ioctl resumed>) = 0 [pid 1415] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1418] close(3 [pid 1417] close(3 [pid 1418] <... close resumed>) = 0 [pid 1418] close(4 [pid 1417] <... close resumed>) = 0 [pid 1417] close(4 [pid 285] <... openat resumed>) = 3 [pid 285] ioctl(3, LOOP_CLR_FD [pid 1418] <... close resumed>) = 0 [pid 1418] mkdir("./file1", 0777) = 0 [pid 1418] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1417] <... close resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1417] mkdir("./file1", 0777 [pid 287] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./43/file1") = 0 [pid 287] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./43/binderfs") = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./43") = 0 [pid 287] mkdir("./44", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1421 [pid 1417] <... mkdir resumed>) = 0 [pid 1417] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 285] <... ioctl resumed>) = -1 ENXIO (No such device or address) ./strace-static-x86_64: Process 1421 attached [pid 285] close(3) = 0 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1421] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 285] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1422 [pid 1421] chdir("./44") = 0 [pid 1421] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1421] setpgid(0, 0) = 0 [pid 1421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1421] write(3, "1000", 4) = 4 [pid 1421] close(3) = 0 [pid 1421] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1421] write(1, "executing program\n", 18) = 18 [pid 1421] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1421] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1421] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1421] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1421] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1421] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 53.460549][ T1415] EXT4-fs (loop1): Ignoring removed nobh option [ 53.468429][ T1417] EXT4-fs (loop3): Ignoring removed nobh option [ 53.479973][ T1415] EXT4-fs (loop1): Ignoring removed bh option [ 53.480035][ T1418] EXT4-fs (loop0): Ignoring removed nobh option [ 53.491834][ T1415] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 53.502711][ T1417] EXT4-fs (loop3): Ignoring removed bh option [pid 1421] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0}./strace-static-x86_64: Process 1422 attached [pid 1422] set_robust_list(0x55557fe8a6a0, 24 [pid 1421] <... clone3 resumed> => {parent_tid=[1423]}, 88) = 1423 [pid 1421] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1421] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1421] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1423 attached [pid 1423] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1423] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1423] memfd_create("syzkaller", 0) = 3 [pid 1422] <... set_robust_list resumed>) = 0 [pid 1422] chdir("./43") = 0 [pid 1422] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1422] setpgid(0, 0) = 0 [pid 1422] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1422] write(3, "1000", 4) = 4 [pid 1422] close(3) = 0 executing program [pid 1422] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1422] write(1, "executing program\n", 18) = 18 [pid 1422] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1422] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1422] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1422] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1422] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1422] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1426]}, 88) = 1426 [pid 1422] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1422] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1422] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1423] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288./strace-static-x86_64: Process 1426 attached [pid 1426] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1426] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1426] memfd_create("syzkaller", 0) = 3 [pid 1426] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1415] <... mount resumed>) = 0 [pid 1415] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1415] chdir("./file1") = 0 [pid 1415] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1415] ioctl(4, LOOP_CLR_FD) = 0 [pid 1415] close(4) = 0 [pid 1415] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1426] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1423] <... write resumed>) = 524288 [pid 1415] <... futex resumed>) = 1 [pid 1413] <... futex resumed>) = 0 [pid 1415] openat(AT_FDCWD, "./file1", O_RDWR [pid 1413] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1423] munmap(0x7f895cf98000, 138412032 [pid 1415] <... openat resumed>) = 4 [pid 1413] <... futex resumed>) = 0 [pid 1415] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1413] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1415] <... futex resumed>) = 0 [pid 1413] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1415] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1413] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1423] <... munmap resumed>) = 0 [pid 1415] <... pwrite64 resumed>) = 87490 [pid 1413] <... futex resumed>) = 0 [pid 1413] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1415] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1413] <... futex resumed>) = 0 [pid 1413] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1413] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1415] <... futex resumed>) = 1 [pid 1415] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1415] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1413] <... futex resumed>) = 0 [pid 1413] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1413] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1415] <... futex resumed>) = 1 [pid 1415] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1423] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 1423] ioctl(4, LOOP_SET_FD, 3 [pid 1426] <... write resumed>) = 524288 [pid 1426] munmap(0x7f895cf98000, 138412032) = 0 [pid 1426] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1423] <... ioctl resumed>) = 0 [pid 1418] <... mount resumed>) = 0 [pid 1423] close(3 [pid 1418] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1423] <... close resumed>) = 0 [pid 1418] <... openat resumed>) = 3 [pid 1417] <... mount resumed>) = 0 [pid 1417] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1417] chdir("./file1") = 0 [pid 1417] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 1417] ioctl(4, LOOP_CLR_FD) = 0 [ 53.506263][ T1418] EXT4-fs (loop0): Ignoring removed bh option [ 53.517579][ T1418] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 53.530881][ T1417] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1417] close(4 [pid 1423] close(4 [pid 1418] chdir("./file1" [pid 1417] <... close resumed>) = 0 [pid 1417] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1412] <... futex resumed>) = 0 [pid 1412] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1412] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1417] openat(AT_FDCWD, "./file1", O_RDWR) = 4 [pid 1417] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1412] <... futex resumed>) = 0 [pid 1412] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1412] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1417] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1426] <... openat resumed>) = 4 [pid 1423] <... close resumed>) = 0 [pid 1418] <... chdir resumed>) = 0 [pid 1415] <... pwrite64 resumed>) = 176128 [pid 1415] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1413] <... futex resumed>) = 0 [pid 1413] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1413] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1415] <... futex resumed>) = 1 [pid 1415] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1423] mkdir("./file1", 0777 [pid 1418] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1426] ioctl(4, LOOP_SET_FD, 3 [pid 1423] <... mkdir resumed>) = 0 [pid 1418] <... openat resumed>) = 4 [pid 1417] <... pwrite64 resumed>) = 87490 [pid 1423] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1418] ioctl(4, LOOP_CLR_FD [pid 1417] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1417] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1426] <... ioctl resumed>) = 0 [pid 1426] close(3 [pid 1418] <... ioctl resumed>) = 0 [pid 1412] <... futex resumed>) = 0 [pid 1426] <... close resumed>) = 0 [pid 1426] close(4) = 0 [pid 1426] mkdir("./file1", 0777) = 0 [pid 1426] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1418] close(4 [pid 1415] <... pwrite64 resumed>) = 176128 [ 53.561243][ T1415] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 53.577578][ T1415] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 53.594161][ T1423] EXT4-fs (loop4): Ignoring removed nobh option [ 53.600764][ T1426] EXT4-fs (loop2): Ignoring removed nobh option [pid 1412] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1418] <... close resumed>) = 0 [pid 1417] <... futex resumed>) = 0 [pid 1415] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1412] <... futex resumed>) = 1 [pid 1418] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1417] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1415] <... futex resumed>) = 1 [pid 1413] <... futex resumed>) = 0 [pid 1412] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1418] <... futex resumed>) = 1 [pid 1417] <... openat resumed>) = 5 [pid 1415] truncate("./file1", 1 [pid 1414] <... futex resumed>) = 0 [pid 1413] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1418] openat(AT_FDCWD, "./file1", O_RDWR [pid 1417] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1415] <... truncate resumed>) = 0 [pid 1414] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1413] <... futex resumed>) = 0 [pid 1417] <... futex resumed>) = 1 [pid 1414] <... futex resumed>) = 0 [pid 1413] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1412] <... futex resumed>) = 0 [pid 1417] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1414] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1412] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1418] <... openat resumed>) = 4 [pid 1412] <... futex resumed>) = 0 [pid 1418] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1412] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1418] <... futex resumed>) = 1 [pid 1414] <... futex resumed>) = 0 [pid 1418] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1414] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1418] <... pwrite64 resumed>) = 87490 [pid 1414] <... futex resumed>) = 0 [pid 1414] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1415] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1413] <... futex resumed>) = 0 [pid 1413] exit_group(0) = ? [pid 1415] <... futex resumed>) = ? [pid 1415] +++ exited with 0 +++ [pid 1413] +++ exited with 0 +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1413, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 284] restart_syscall(<... resuming interrupted clone ...> [pid 1418] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1414] <... futex resumed>) = 0 [pid 1414] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1414] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1418] <... futex resumed>) = 1 [pid 1418] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1418] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1414] <... futex resumed>) = 0 [pid 1414] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1414] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1418] <... futex resumed>) = 1 [ 53.601026][ T1423] EXT4-fs (loop4): Ignoring removed bh option [ 53.608162][ T1426] EXT4-fs (loop2): Ignoring removed bh option [ 53.620031][ T1426] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 53.623876][ T1417] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 53.632284][ T1423] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1418] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 284] <... restart_syscall resumed>) = 0 [pid 284] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1417] <... pwrite64 resumed>) = 176128 [pid 1417] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1412] <... futex resumed>) = 0 [pid 1412] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1412] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1417] <... futex resumed>) = 1 [pid 1417] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1418] <... pwrite64 resumed>) = 176128 [pid 1418] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1418] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1423] <... mount resumed>) = 0 [pid 1423] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1423] chdir("./file1") = 0 [pid 1423] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 1423] ioctl(4, LOOP_CLR_FD) = 0 [pid 1423] close(4) = 0 [pid 1423] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1423] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1414] <... futex resumed>) = 0 [pid 1414] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1418] <... futex resumed>) = 0 [pid 1414] <... futex resumed>) = 1 [pid 1418] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1414] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1421] <... futex resumed>) = 0 [pid 1417] <... pwrite64 resumed>) = 176128 [pid 1421] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1423] <... futex resumed>) = 0 [pid 1421] <... futex resumed>) = 1 [pid 1423] openat(AT_FDCWD, "./file1", O_RDWR [pid 1421] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1417] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1412] <... futex resumed>) = 0 [pid 1412] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1412] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1417] <... futex resumed>) = 1 [pid 1417] truncate("./file1", 1) = 0 [pid 1417] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1412] <... futex resumed>) = 0 [pid 1412] exit_group(0) = ? [pid 1417] <... futex resumed>) = ? [pid 1417] +++ exited with 0 +++ [pid 1412] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1412, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 286] restart_syscall(<... resuming interrupted clone ...> [pid 1423] <... openat resumed>) = 4 [pid 1423] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1421] <... futex resumed>) = 0 [pid 1423] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1421] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1418] <... pwrite64 resumed>) = 176128 [pid 1421] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1423] <... pwrite64 resumed>) = 87490 [pid 1423] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1421] <... futex resumed>) = 0 [pid 1421] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1426] <... mount resumed>) = 0 [pid 1423] <... futex resumed>) = 1 [pid 1421] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1418] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... restart_syscall resumed>) = 0 [pid 1426] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1423] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1418] <... futex resumed>) = 1 [pid 1414] <... futex resumed>) = 0 [pid 1426] <... openat resumed>) = 3 [pid 1414] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 286] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1414] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 286] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1426] chdir("./file1" [pid 1423] <... openat resumed>) = 5 [pid 1418] truncate("./file1", 1 [pid 1426] <... chdir resumed>) = 0 [pid 1426] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1423] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1421] <... futex resumed>) = 0 [pid 1423] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1421] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1423] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1421] <... futex resumed>) = 0 [pid 1423] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1421] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1418] <... truncate resumed>) = 0 [pid 1418] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1414] <... futex resumed>) = 0 [pid 1414] exit_group(0) = ? [pid 1418] <... futex resumed>) = ? [pid 1418] +++ exited with 0 +++ [pid 1414] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1414, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [ 53.660388][ T1418] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 53.666331][ T1417] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 53.681646][ T1418] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 283] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 284] <... umount2 resumed>) = 0 [pid 283] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1423] <... pwrite64 resumed>) = 176128 [pid 1423] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1421] <... futex resumed>) = 0 [pid 1421] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1421] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1423] <... futex resumed>) = 1 [pid 1423] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1426] <... openat resumed>) = 4 [pid 284] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1426] ioctl(4, LOOP_CLR_FD [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 284] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] close(4) = 0 [pid 284] rmdir("./43/file1") = 0 [pid 284] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] unlink("./43/binderfs") = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] close(3) = 0 [pid 284] rmdir("./43") = 0 [pid 284] mkdir("./44", 0777) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1423] <... pwrite64 resumed>) = 176128 [pid 1423] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1421] <... futex resumed>) = 0 [pid 1421] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1421] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1423] <... futex resumed>) = 1 [pid 1423] truncate("./file1", 1) = 0 [pid 1423] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1421] <... futex resumed>) = 0 [pid 1421] exit_group(0) = ? [pid 1423] <... futex resumed>) = ? [pid 1423] +++ exited with 0 +++ [pid 1421] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1421, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 1426] <... ioctl resumed>) = 0 [pid 286] <... umount2 resumed>) = 0 [pid 284] <... openat resumed>) = 3 [pid 1426] close(4 [pid 284] ioctl(3, LOOP_CLR_FD [pid 1426] <... close resumed>) = 0 [pid 284] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1426] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] close(3 [pid 1426] <... futex resumed>) = 1 [pid 1422] <... futex resumed>) = 0 [pid 284] <... close resumed>) = 0 [pid 1426] openat(AT_FDCWD, "./file1", O_RDWR [pid 1422] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1426] <... openat resumed>) = 4 [pid 1422] <... futex resumed>) = 0 [pid 1426] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1422] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1437 [pid 1426] <... futex resumed>) = 0 [pid 1422] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1426] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1422] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] newfstatat(AT_FDCWD, "./43/file1", [pid 1422] <... futex resumed>) = 0 [pid 287] <... restart_syscall resumed>) = 0 [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1422] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] <... openat resumed>) = 4 [pid 287] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 286] newfstatat(4, "", [pid 287] <... openat resumed>) = 3 [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] newfstatat(3, "", [pid 286] getdents64(4, [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(3, ./strace-static-x86_64: Process 1437 attached 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 286] getdents64(4, [pid 287] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 1437] set_robust_list(0x55557fe8a6a0, 24 [pid 1426] <... pwrite64 resumed>) = 87490 [pid 286] close(4) = 0 [pid 286] rmdir("./43/file1" [pid 1437] <... set_robust_list resumed>) = 0 [pid 1426] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... rmdir resumed>) = 0 [pid 1426] <... futex resumed>) = 1 [pid 1426] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1437] chdir("./44" [pid 1422] <... futex resumed>) = 0 [pid 1422] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1437] <... chdir resumed>) = 0 [pid 1422] <... futex resumed>) = 1 [pid 1426] <... futex resumed>) = 0 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1437] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1437] setpgid(0, 0) = 0 [pid 1437] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1422] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1426] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 286] newfstatat(AT_FDCWD, "./43/binderfs", [pid 1437] <... openat resumed>) = 3 [pid 286] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1437] write(3, "1000", 4) = 4 [pid 1437] close(3) = 0 [pid 1437] symlink("/dev/binderfs", "./binderfs"executing program [pid 286] unlink("./43/binderfs" [pid 1437] <... symlink resumed>) = 0 [pid 1426] <... openat resumed>) = 5 [pid 1437] write(1, "executing program\n", 18) = 18 [pid 1437] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... unlink resumed>) = 0 [pid 1437] <... futex resumed>) = 0 [pid 1437] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1437] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1437] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1437] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1437] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1437] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1438]}, 88) = 1438 [pid 1437] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1437] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1437] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1438 attached [pid 1438] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 286] getdents64(3, [pid 1438] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1438] memfd_create("syzkaller", 0) = 3 [pid 1438] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 286] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 1438] <... mmap resumed>) = 0x7f895cf98000 [pid 286] close(3 [pid 1426] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... close resumed>) = 0 [pid 1426] <... futex resumed>) = 1 [pid 1422] <... futex resumed>) = 0 [pid 1426] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1422] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] rmdir("./43" [pid 1422] <... futex resumed>) = 0 [pid 1422] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] <... rmdir resumed>) = 0 [pid 286] mkdir("./44", 0777) = 0 [pid 1438] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1438] <... write resumed>) = 524288 [pid 1438] munmap(0x7f895cf98000, 138412032) = 0 [ 53.715299][ T1423] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 53.737932][ T1423] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1438] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1426] <... pwrite64 resumed>) = 176128 [pid 1426] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1422] <... futex resumed>) = 0 [pid 1426] <... futex resumed>) = 1 [pid 1422] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1426] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1422] <... futex resumed>) = 0 [pid 1422] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1426] <... pwrite64 resumed>) = 176128 [pid 1426] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1422] <... futex resumed>) = 0 [pid 1426] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1422] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] <... umount2 resumed>) = 0 [pid 1422] <... futex resumed>) = 1 [pid 283] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1422] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1426] <... futex resumed>) = 0 [pid 283] newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1426] truncate("./file1", 1 [pid 283] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] close(4) = 0 [pid 283] rmdir("./43/file1") = 0 [pid 283] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] unlink("./43/binderfs") = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] close(3) = 0 [pid 283] rmdir("./43") = 0 [pid 283] mkdir("./44", 0777) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1426] <... truncate resumed>) = 0 [pid 1426] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1422] <... futex resumed>) = 0 [pid 1422] exit_group(0) = ? [pid 1426] <... futex resumed>) = ? [pid 1426] +++ exited with 0 +++ [pid 1422] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1422, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 285] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 285] umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1438] <... openat resumed>) = 4 [pid 1438] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1438] close(3) = 0 [pid 1438] close(4 [pid 286] <... openat resumed>) = 3 [ 53.781209][ T1426] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 53.796599][ T1426] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 286] ioctl(3, LOOP_CLR_FD [pid 1438] <... close resumed>) = 0 [pid 1438] mkdir("./file1", 0777) = 0 [pid 1438] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 287] <... umount2 resumed>) = 0 [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 283] <... openat resumed>) = 3 [pid 287] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] close(3 [pid 285] <... umount2 resumed>) = 0 [pid 283] ioctl(3, LOOP_CLR_FD [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] <... close resumed>) = 0 [pid 283] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] newfstatat(AT_FDCWD, "./44/file1", [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 285] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] close(3 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... close resumed>) = 0 [pid 287] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1440 [pid 285] newfstatat(AT_FDCWD, "./43/file1", [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 285] umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1441 [pid 287] <... openat resumed>) = 4 [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(4, "", [pid 285] openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] <... openat resumed>) = 4 [pid 287] getdents64(4, [pid 285] newfstatat(4, "", [pid 287] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, [pid 285] getdents64(4, [pid 287] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] close(4 [pid 285] getdents64(4, [pid 287] <... close resumed>) = 0 [pid 285] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] rmdir("./44/file1" [pid 285] close(4 [pid 287] <... rmdir resumed>) = 0 [pid 285] <... close resumed>) = 0 [pid 287] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] rmdir("./43/file1" [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] <... rmdir resumed>) = 0 [pid 287] newfstatat(AT_FDCWD, "./44/binderfs", [pid 285] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] unlink("./44/binderfs" [pid 285] newfstatat(AT_FDCWD, "./43/binderfs", [pid 287] <... unlink resumed>) = 0 [pid 285] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] getdents64(3, [pid 285] unlink("./43/binderfs" [pid 287] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] <... unlink resumed>) = 0 [pid 287] close(3 [pid 285] getdents64(3, [pid 287] <... close resumed>) = 0 [pid 285] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] rmdir("./44" [pid 285] close(3 [pid 287] <... rmdir resumed>) = 0 [pid 285] <... close resumed>) = 0 [pid 287] mkdir("./45", 0777 [pid 285] rmdir("./43" [pid 287] <... mkdir resumed>) = 0 [pid 285] <... rmdir resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 285] mkdir("./44", 0777 [pid 287] <... openat resumed>) = 3 [pid 285] <... mkdir resumed>) = 0 [pid 287] ioctl(3, LOOP_CLR_FD [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 285] <... openat resumed>) = 3 [pid 287] close(3 [pid 285] ioctl(3, LOOP_CLR_FD [pid 287] <... close resumed>) = 0 [pid 285] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 285] close(3) = 0 [pid 287] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1442 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1443 ./strace-static-x86_64: Process 1441 attached [pid 1441] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1441] chdir("./44") = 0 [pid 1441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1441] setpgid(0, 0) = 0 [pid 1441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 ./strace-static-x86_64: Process 1440 attached ./strace-static-x86_64: Process 1443 attached [pid 1441] write(3, "1000", 4) = 4 [pid 1443] set_robust_list(0x55557fe8a6a0, 24 [pid 1440] set_robust_list(0x55557fe8a6a0, 24 [pid 1441] close(3) = 0 [pid 1443] <... set_robust_list resumed>) = 0 [pid 1440] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 1442 attached [pid 1443] chdir("./44" [pid 1441] symlink("/dev/binderfs", "./binderfs" [pid 1442] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1442] chdir("./45") = 0 [pid 1440] chdir("./44" [pid 1442] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1442] setpgid(0, 0) = 0 [pid 1442] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1442] write(3, "1000", 4) = 4 [pid 1442] close(3) = 0 [pid 1442] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1441] <... symlink resumed>) = 0 [pid 1442] write(1, "executing program\n", 18executing program ) = 18 [pid 1443] <... chdir resumed>) = 0 [pid 1442] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1443] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1442] <... futex resumed>) = 0 [pid 1443] <... prctl resumed>) = 0 [pid 1443] setpgid(0, 0 [pid 1441] write(1, "executing program\n", 18executing program ) = 18 [pid 1443] <... setpgid resumed>) = 0 [pid 1441] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1443] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1441] <... futex resumed>) = 0 [pid 1441] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1440] <... chdir resumed>) = 0 [pid 1442] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1441] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1442] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1441] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1442] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1441] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1442] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1442] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1441] <... mmap resumed>) = 0x7f8965398000 [pid 1442] <... mmap resumed>) = 0x7f8965398000 [pid 1443] <... openat resumed>) = 3 [pid 1441] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 1442] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 1441] <... mprotect resumed>) = 0 [pid 1442] <... mprotect resumed>) = 0 [pid 1442] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1441] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1443] write(3, "1000", 4) = 4 [pid 1441] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1443] close(3 [pid 1441] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1443] <... close resumed>) = 0 [pid 1440] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1443] symlink("/dev/binderfs", "./binderfs" [pid 1442] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1442] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1443] <... symlink resumed>) = 0 [pid 1441] <... clone3 resumed> => {parent_tid=[1444]}, 88) = 1444 [pid 1441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1441] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1442] <... clone3 resumed> => {parent_tid=[1445]}, 88) = 1445 [pid 1441] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1442] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1442] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1442] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}executing program [pid 1443] write(1, "executing program\n", 18) = 18 [pid 1443] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1443] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1443] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1443] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1443] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1443] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1443] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1446]}, 88) = 1446 [pid 1443] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1443] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1443] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1446 attached [pid 1446] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1446] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1446] memfd_create("syzkaller", 0) = 3 [pid 1446] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1446] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1440] <... prctl resumed>) = 0 [pid 1440] setpgid(0, 0) = 0 [pid 1440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1440] write(3, "1000", 4) = 4 ./strace-static-x86_64: Process 1445 attached ./strace-static-x86_64: Process 1444 attached [pid 1446] <... write resumed>) = 524288 [pid 1440] close(3 [pid 1446] munmap(0x7f895cf98000, 138412032 [pid 1445] set_robust_list(0x7f89653b89a0, 24 [pid 1444] set_robust_list(0x7f89653b89a0, 24 [pid 1440] <... close resumed>) = 0 [pid 1446] <... munmap resumed>) = 0 [pid 1445] <... set_robust_list resumed>) = 0 [pid 1444] <... set_robust_list resumed>) = 0 [pid 1440] symlink("/dev/binderfs", "./binderfs" [pid 1446] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1445] rt_sigprocmask(SIG_SETMASK, [], [pid 1444] rt_sigprocmask(SIG_SETMASK, [], [pid 1446] <... openat resumed>) = 4 [pid 1445] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1444] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1446] ioctl(4, LOOP_SET_FD, 3 [pid 1445] memfd_create("syzkaller", 0 [pid 1444] memfd_create("syzkaller", 0 [pid 1440] <... symlink resumed>) = 0 [pid 1445] <... memfd_create resumed>) = 3 [pid 1444] <... memfd_create resumed>) = 3 [pid 1445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1445] <... mmap resumed>) = 0x7f895cf98000 [pid 1444] <... mmap resumed>) = 0x7f895cf98000 executing program [pid 1444] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1440] write(1, "executing program\n", 18 [pid 1446] <... ioctl resumed>) = 0 [pid 1445] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1440] <... write resumed>) = 18 [pid 1446] close(3) = 0 [pid 1446] close(4 [pid 1444] <... write resumed>) = 524288 [pid 1444] munmap(0x7f895cf98000, 138412032) = 0 [pid 1444] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1440] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1440] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1445] <... write resumed>) = 524288 [pid 1440] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1440] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1440] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1440] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1448]}, 88) = 1448 [pid 1440] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1440] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1440] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1448 attached [pid 1448] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1448] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1448] memfd_create("syzkaller", 0) = 3 [pid 1448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1445] munmap(0x7f895cf98000, 138412032) = 0 [pid 1445] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1438] <... mount resumed>) = 0 [pid 1448] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1438] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1438] chdir("./file1") = 0 [pid 1438] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1448] <... write resumed>) = 524288 [pid 1448] munmap(0x7f895cf98000, 138412032) = 0 [pid 1448] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1446] <... close resumed>) = 0 [pid 1445] <... openat resumed>) = 4 [pid 1444] <... openat resumed>) = 4 [pid 1446] mkdir("./file1", 0777 [pid 1445] ioctl(4, LOOP_SET_FD, 3 [pid 1444] ioctl(4, LOOP_SET_FD, 3 [pid 1438] <... openat resumed>) = 4 [pid 1448] <... openat resumed>) = 4 [pid 1446] <... mkdir resumed>) = 0 [pid 1438] ioctl(4, LOOP_CLR_FD [pid 1448] ioctl(4, LOOP_SET_FD, 3 [pid 1446] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1445] <... ioctl resumed>) = 0 [pid 1445] close(3) = 0 [pid 1445] close(4 [pid 1444] <... ioctl resumed>) = 0 [pid 1438] <... ioctl resumed>) = 0 [pid 1438] close(4) = 0 [pid 1438] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1438] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1444] close(3 [pid 1437] <... futex resumed>) = 0 [pid 1444] <... close resumed>) = 0 [pid 1437] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1444] close(4 [pid 1438] <... futex resumed>) = 0 [pid 1437] <... futex resumed>) = 1 [pid 1438] openat(AT_FDCWD, "./file1", O_RDWR [ 53.938793][ T1438] EXT4-fs (loop1): Ignoring removed nobh option [ 53.946056][ T1438] EXT4-fs (loop1): Ignoring removed bh option [ 53.954697][ T1438] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1437] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1448] <... ioctl resumed>) = 0 [pid 1448] close(3) = 0 [pid 1448] close(4 [pid 1438] <... openat resumed>) = 4 [pid 1438] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1437] <... futex resumed>) = 0 [pid 1438] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1437] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1438] <... pwrite64 resumed>) = 87490 [pid 1437] <... futex resumed>) = 0 [pid 1437] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1438] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1437] <... futex resumed>) = 0 [pid 1437] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1437] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1438] <... futex resumed>) = 1 [pid 1438] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1438] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1437] <... futex resumed>) = 0 [pid 1437] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1437] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1438] <... futex resumed>) = 1 [pid 1438] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1438] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1437] <... futex resumed>) = 0 [pid 1437] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1437] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1438] <... futex resumed>) = 1 [ 54.006070][ T1446] EXT4-fs (loop2): Ignoring removed nobh option [ 54.012959][ T1446] EXT4-fs (loop2): Ignoring removed bh option [ 54.016875][ T1438] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 54.019275][ T1446] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1438] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1446] <... mount resumed>) = 0 [pid 1446] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1446] chdir("./file1") = 0 [pid 1446] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1448] <... close resumed>) = 0 [pid 1438] <... pwrite64 resumed>) = 176128 [pid 1438] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1437] <... futex resumed>) = 0 [pid 1437] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1437] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1438] <... futex resumed>) = 1 [pid 1438] truncate("./file1", 1 [pid 1448] mkdir("./file1", 0777) = 0 [pid 1448] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1438] <... truncate resumed>) = 0 [pid 1438] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1437] <... futex resumed>) = 0 [pid 1437] exit_group(0) = ? [pid 1438] <... futex resumed>) = ? [pid 1438] +++ exited with 0 +++ [pid 1437] +++ exited with 0 +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1437, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 284] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 284] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 54.035113][ T1438] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 284] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1444] <... close resumed>) = 0 [pid 1446] <... openat resumed>) = 4 [pid 1446] ioctl(4, LOOP_CLR_FD [pid 1445] <... close resumed>) = 0 [pid 1444] mkdir("./file1", 0777 [pid 1445] mkdir("./file1", 0777) = 0 [pid 1445] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1444] <... mkdir resumed>) = 0 [pid 1444] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1448] <... mount resumed>) = 0 [pid 1448] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1448] chdir("./file1") = 0 [ 54.130260][ T1448] EXT4-fs (loop3): Ignoring removed nobh option [ 54.136591][ T1448] EXT4-fs (loop3): Ignoring removed bh option [ 54.142847][ T1448] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1448] openat(AT_FDCWD, "/dev/loop3", O_RDWRexecuting program [pid 1446] <... ioctl resumed>) = 0 [pid 284] <... umount2 resumed>) = 0 [pid 284] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 284] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] close(4) = 0 [pid 284] rmdir("./44/file1") = 0 [pid 284] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] unlink("./44/binderfs") = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] close(3) = 0 [pid 284] rmdir("./44") = 0 [pid 284] mkdir("./45", 0777) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 284] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 284] close(3) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1458 ./strace-static-x86_64: Process 1458 attached [pid 1458] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1458] chdir("./45") = 0 [pid 1458] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1458] setpgid(0, 0) = 0 [pid 1458] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1458] write(3, "1000", 4) = 4 [pid 1458] close(3) = 0 [pid 1458] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1458] write(1, "executing program\n", 18) = 18 [pid 1458] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1458] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1458] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1458] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1458] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1458] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1446] close(4 [pid 1458] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1459]}, 88) = 1459 [pid 1446] <... close resumed>) = 0 [pid 1458] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1446] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1443] <... futex resumed>) = 0 [pid 1446] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1458] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1458] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1459 attached [pid 1459] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1459] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1459] memfd_create("syzkaller", 0) = 3 [pid 1459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1459] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1459] munmap(0x7f895cf98000, 138412032) = 0 [pid 1459] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1459] ioctl(4, LOOP_SET_FD, 3 [pid 1446] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1443] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1459] <... ioctl resumed>) = 0 [pid 1446] openat(AT_FDCWD, "./file1", O_RDWR [pid 1443] <... futex resumed>) = 0 [pid 1448] <... openat resumed>) = 4 [pid 1448] ioctl(4, LOOP_CLR_FD) = 0 [pid 1448] close(4) = 0 [pid 1448] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1440] <... futex resumed>) = 0 [pid 1440] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1440] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1448] <... futex resumed>) = 1 [pid 1448] openat(AT_FDCWD, "./file1", O_RDWR [pid 1459] close(3) = 0 [pid 1459] close(4 [pid 1448] <... openat resumed>) = 4 [pid 1448] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1440] <... futex resumed>) = 0 [pid 1440] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1440] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1443] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1448] <... futex resumed>) = 1 [pid 1446] <... openat resumed>) = 4 [pid 1448] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1446] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1443] <... futex resumed>) = 0 [pid 1448] <... pwrite64 resumed>) = 87490 [pid 1448] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1440] <... futex resumed>) = 0 [pid 1440] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1440] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1448] <... futex resumed>) = 1 [pid 1448] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1448] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1440] <... futex resumed>) = 0 [pid 1440] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1440] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1448] <... futex resumed>) = 1 [ 54.183821][ T1444] EXT4-fs (loop0): Ignoring removed nobh option [ 54.190915][ T1445] EXT4-fs (loop4): Ignoring removed nobh option [ 54.195702][ T1444] EXT4-fs (loop0): Ignoring removed bh option [ 54.200778][ T1445] EXT4-fs (loop4): Ignoring removed bh option [ 54.213025][ T1445] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1448] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1446] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1443] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1448] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1440] <... futex resumed>) = 0 [pid 1440] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1440] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1448] <... futex resumed>) = 1 [pid 1448] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1446] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1445] <... mount resumed>) = 0 [pid 1443] <... futex resumed>) = 0 [pid 1446] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1443] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1446] <... pwrite64 resumed>) = 87490 [pid 1445] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1445] chdir("./file1") = 0 [pid 1445] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1446] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1443] <... futex resumed>) = 0 [pid 1443] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1443] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1446] <... futex resumed>) = 1 [pid 1446] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1446] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1443] <... futex resumed>) = 0 [pid 1443] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1443] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1446] <... futex resumed>) = 1 [pid 1446] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1459] <... close resumed>) = 0 [pid 1448] <... pwrite64 resumed>) = 176128 [pid 1459] mkdir("./file1", 0777) = 0 [pid 1459] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1448] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1440] <... futex resumed>) = 0 [pid 1440] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1440] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1448] <... futex resumed>) = 1 [pid 1448] truncate("./file1", 1) = 0 [pid 1448] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1440] <... futex resumed>) = 0 [pid 1440] exit_group(0) = ? [pid 1448] <... futex resumed>) = ? [pid 1448] +++ exited with 0 +++ [pid 1440] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1440, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 286] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 286] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 286] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1444] <... mount resumed>) = 0 [pid 1444] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1444] chdir("./file1") = 0 [pid 1444] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1446] <... pwrite64 resumed>) = 176128 [pid 1446] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1443] <... futex resumed>) = 0 [pid 1443] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1443] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1446] <... futex resumed>) = 1 [ 54.223765][ T1448] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 54.226188][ T1444] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 54.240782][ T1448] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 54.264964][ T1446] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1446] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1446] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1443] <... futex resumed>) = 0 [pid 1443] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1443] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1446] <... futex resumed>) = 1 [pid 1446] truncate("./file1", 1 [pid 1445] <... openat resumed>) = 4 [pid 1444] <... openat resumed>) = 4 [pid 1445] ioctl(4, LOOP_CLR_FD [pid 1444] ioctl(4, LOOP_CLR_FD [pid 1445] <... ioctl resumed>) = 0 [pid 1444] <... ioctl resumed>) = 0 [pid 1445] close(4 [pid 1444] close(4 [pid 1445] <... close resumed>) = 0 [pid 1444] <... close resumed>) = 0 [pid 1445] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1444] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1445] <... futex resumed>) = 1 [pid 1444] <... futex resumed>) = 1 [pid 1442] <... futex resumed>) = 0 [pid 1441] <... futex resumed>) = 0 [pid 1445] openat(AT_FDCWD, "./file1", O_RDWR [pid 1444] openat(AT_FDCWD, "./file1", O_RDWR [pid 1442] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1441] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1445] <... openat resumed>) = 4 [pid 1442] <... futex resumed>) = 0 [pid 1441] <... futex resumed>) = 0 [pid 1445] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1442] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1441] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1445] <... futex resumed>) = 0 [pid 1444] <... openat resumed>) = 4 [pid 1442] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1445] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1444] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1442] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1445] <... pwrite64 resumed>) = 87490 [pid 1444] <... futex resumed>) = 1 [pid 1442] <... futex resumed>) = 0 [pid 1441] <... futex resumed>) = 0 [pid 1444] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1442] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1441] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1444] <... pwrite64 resumed>) = 87490 [pid 1441] <... futex resumed>) = 0 [pid 1441] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1445] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1442] <... futex resumed>) = 0 [pid 1442] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1442] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1445] <... futex resumed>) = 1 [pid 1445] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1444] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1441] <... futex resumed>) = 0 [pid 1441] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1441] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1444] <... futex resumed>) = 1 [pid 1444] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1445] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1442] <... futex resumed>) = 0 [pid 1442] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1442] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1445] <... futex resumed>) = 1 [pid 1445] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1444] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1441] <... futex resumed>) = 0 [pid 1441] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1441] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1444] <... futex resumed>) = 1 [pid 1444] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1446] <... truncate resumed>) = 0 [ 54.282033][ T1446] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 54.303770][ T1459] EXT4-fs (loop1): Ignoring removed nobh option [ 54.310365][ T1459] EXT4-fs (loop1): Ignoring removed bh option [ 54.316624][ T1459] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1446] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1443] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1446] <... futex resumed>) = 0 [pid 1443] exit_group(0) = ? [pid 1446] +++ exited with 0 +++ [pid 1443] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1443, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 285] restart_syscall(<... resuming interrupted clone ...> [pid 1445] <... pwrite64 resumed>) = 176128 [pid 1445] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1445] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1459] <... mount resumed>) = 0 [pid 1459] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1459] chdir("./file1") = 0 [pid 1459] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1442] <... futex resumed>) = 0 [pid 1442] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1445] <... futex resumed>) = 0 [pid 1442] <... futex resumed>) = 1 [pid 1445] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1442] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1444] <... pwrite64 resumed>) = 176128 [pid 285] <... restart_syscall resumed>) = 0 [pid 285] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1444] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1441] <... futex resumed>) = 0 [pid 1441] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1441] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1444] <... futex resumed>) = 1 [ 54.338359][ T1445] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 54.340054][ T1444] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 54.357351][ T1445] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1444] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1445] <... pwrite64 resumed>) = 176128 [pid 286] <... umount2 resumed>) = 0 [pid 286] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 286] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] close(4) = 0 [pid 286] rmdir("./44/file1") = 0 [pid 286] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./44/binderfs") = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] close(3) = 0 [pid 286] rmdir("./44") = 0 [pid 286] mkdir("./45", 0777) = 0 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 286] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 286] close(3 [pid 1459] <... openat resumed>) = 4 [pid 1459] ioctl(4, LOOP_CLR_FD) = 0 [pid 1459] close(4) = 0 [pid 1459] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1458] <... futex resumed>) = 0 [pid 1459] openat(AT_FDCWD, "./file1", O_RDWR [pid 1458] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1459] <... openat resumed>) = 4 [pid 1458] <... futex resumed>) = 0 [pid 1459] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1458] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1459] <... futex resumed>) = 0 [pid 1458] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1459] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1458] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1459] <... pwrite64 resumed>) = 87490 [pid 1458] <... futex resumed>) = 0 [pid 1445] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1444] <... pwrite64 resumed>) = 176128 [pid 286] <... close resumed>) = 0 [pid 1458] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1459] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1458] <... futex resumed>) = 0 [pid 1458] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1458] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1459] <... futex resumed>) = 1 [pid 1459] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1459] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1458] <... futex resumed>) = 0 [pid 1458] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1458] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1459] <... futex resumed>) = 1 [pid 1459] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1445] <... futex resumed>) = 1 [pid 1444] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1442] <... futex resumed>) = 0 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1442] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1442] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1468 [pid 1441] <... futex resumed>) = 0 [pid 1441] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1441] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1444] <... futex resumed>) = 1 [pid 1444] truncate("./file1", 1 [pid 1445] truncate("./file1", 1 [pid 1444] <... truncate resumed>) = 0 [pid 1445] <... truncate resumed>) = 0 [pid 1445] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1442] <... futex resumed>) = 0 [pid 1442] exit_group(0) = ? [pid 1445] <... futex resumed>) = ? [pid 1445] +++ exited with 0 +++ [pid 1442] +++ exited with 0 +++ [pid 1444] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1441] <... futex resumed>) = 0 [pid 1441] exit_group(0) = ? [pid 1444] <... futex resumed>) = ? [pid 1444] +++ exited with 0 +++ [pid 1441] +++ exited with 0 +++ ./strace-static-x86_64: Process 1468 attached [pid 1468] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1468] chdir("./45") = 0 [pid 1468] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1468] setpgid(0, 0) = 0 [pid 1468] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1468] write(3, "1000", 4) = 4 [pid 1468] close(3) = 0 [pid 1468] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1468] write(1, "executing program\n", 18executing program ) = 18 [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1442, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 1468] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1459] <... pwrite64 resumed>) = 176128 [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1441, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 1468] <... futex resumed>) = 0 [pid 1459] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1468] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1468] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1468] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1468] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1468] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1469]}, 88) = 1469 [pid 1468] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 287] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1468] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1468] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1469 attached [pid 287] <... openat resumed>) = 3 [pid 1469] set_robust_list(0x7f89653b89a0, 24 [pid 287] newfstatat(3, "", [pid 1469] <... set_robust_list resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1469] rt_sigprocmask(SIG_SETMASK, [], [pid 287] getdents64(3, [pid 1469] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 287] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 1469] memfd_create("syzkaller", 0) = 3 [pid 1469] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 287] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1458] <... futex resumed>) = 0 [pid 1458] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1458] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1469] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1459] <... futex resumed>) = 1 [pid 1459] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1469] <... write resumed>) = 524288 [pid 1469] munmap(0x7f895cf98000, 138412032) = 0 [pid 1469] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 54.371254][ T1444] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 54.406589][ T1459] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1469] ioctl(4, LOOP_SET_FD, 3 [pid 285] <... umount2 resumed>) = 0 [pid 285] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 285] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] close(4) = 0 [pid 285] rmdir("./44/file1") = 0 [pid 285] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] unlink("./44/binderfs") = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] close(3) = 0 [pid 285] rmdir("./44") = 0 [pid 285] mkdir("./45", 0777) = 0 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1469] <... ioctl resumed>) = 0 [pid 1469] close(3) = 0 [pid 1469] close(4 [pid 1459] <... pwrite64 resumed>) = 176128 [pid 1459] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1458] <... futex resumed>) = 0 [pid 1458] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1458] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1459] <... futex resumed>) = 1 [pid 1459] truncate("./file1", 1) = 0 [pid 1459] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1458] <... futex resumed>) = 0 [pid 1459] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1458] exit_group(0) = ? [pid 1459] <... futex resumed>) = 231 [pid 1459] +++ exited with 0 +++ [pid 1458] +++ exited with 0 +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1458, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 284] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 284] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 54.430648][ T1459] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 284] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = 0 [pid 285] <... openat resumed>) = 3 [pid 283] <... umount2 resumed>) = 0 [pid 285] ioctl(3, LOOP_CLR_FD [pid 284] <... umount2 resumed>) = 0 [pid 285] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] close(3 [pid 284] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... close resumed>) = 0 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 284] newfstatat(AT_FDCWD, "./45/file1", [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./45/file1", [pid 283] newfstatat(AT_FDCWD, "./44/file1", [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1471 [pid 287] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 1471 attached [pid 287] openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 284] openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 283] openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] <... openat resumed>) = 4 [pid 284] <... openat resumed>) = 4 [pid 287] newfstatat(4, "", [pid 284] newfstatat(4, "", [pid 283] <... openat resumed>) = 4 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] newfstatat(4, "", [pid 1471] set_robust_list(0x55557fe8a6a0, 24 [pid 287] getdents64(4, [pid 284] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] getdents64(4, [pid 287] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] close(4 [pid 287] getdents64(4, [pid 284] <... close resumed>) = 0 [pid 283] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] rmdir("./45/file1" [pid 283] getdents64(4, [pid 1471] <... set_robust_list resumed>) = 0 [pid 287] close(4 [pid 283] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] <... close resumed>) = 0 [pid 283] close(4 [pid 287] rmdir("./45/file1" [pid 283] <... close resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 284] <... rmdir resumed>) = 0 [pid 283] rmdir("./44/file1" [pid 1471] chdir("./45" [pid 287] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1471] <... chdir resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... rmdir resumed>) = 0 [pid 287] newfstatat(AT_FDCWD, "./45/binderfs", [pid 284] newfstatat(AT_FDCWD, "./45/binderfs", [pid 283] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1471] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./45/binderfs" [pid 284] unlink("./45/binderfs" [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... unlink resumed>) = 0 [pid 284] <... unlink resumed>) = 0 [pid 283] newfstatat(AT_FDCWD, "./44/binderfs", [pid 287] getdents64(3, [pid 284] getdents64(3, [pid 283] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] unlink("./44/binderfs" [pid 287] close(3 [pid 284] close(3) = 0 [pid 283] <... unlink resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 284] rmdir("./45" [pid 283] getdents64(3, [pid 1471] <... prctl resumed>) = 0 [pid 287] rmdir("./45" [pid 283] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 284] <... rmdir resumed>) = 0 [pid 283] close(3 [pid 287] mkdir("./46", 0777 [pid 284] mkdir("./46", 0777 [pid 283] <... close resumed>) = 0 [pid 1471] setpgid(0, 0 [pid 287] <... mkdir resumed>) = 0 [pid 283] rmdir("./44" [pid 1471] <... setpgid resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 284] <... mkdir resumed>) = 0 [pid 283] <... rmdir resumed>) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 283] mkdir("./45", 0777 [pid 1471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 283] <... mkdir resumed>) = 0 [pid 1471] <... openat resumed>) = 3 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1471] write(3, "1000", 4) = 4 [pid 1471] close(3) = 0 [pid 1471] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1471] write(1, "executing program\n", 18executing program ) = 18 [pid 1471] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1471] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1471] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1471] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1471] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0}./strace-static-x86_64: Process 1472 attached [pid 1472] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1472] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1472] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1471] <... clone3 resumed> => {parent_tid=[1472]}, 88) = 1472 [pid 1471] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1471] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1472] <... futex resumed>) = 0 [pid 1472] memfd_create("syzkaller", 0) = 3 [pid 1472] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1471] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1472] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 284] <... openat resumed>) = 3 [pid 284] ioctl(3, LOOP_CLR_FD [pid 1469] <... close resumed>) = 0 [pid 1469] mkdir("./file1", 0777) = 0 [pid 1469] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1472] <... write resumed>) = 524288 [pid 1472] munmap(0x7f895cf98000, 138412032) = 0 [pid 1472] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 287] <... openat resumed>) = 3 [pid 284] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 283] <... openat resumed>) = 3 [pid 1472] <... openat resumed>) = 4 [pid 1472] ioctl(4, LOOP_SET_FD, 3 [pid 287] ioctl(3, LOOP_CLR_FD [pid 284] close(3 [pid 283] ioctl(3, LOOP_CLR_FD [pid 1472] <... ioctl resumed>) = 0 [pid 1472] close(3) = 0 [pid 1472] close(4) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 284] <... close resumed>) = 0 [pid 283] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1472] mkdir("./file1", 0777) = 0 [pid 283] close(3 [pid 287] close(3 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] <... close resumed>) = 0 [pid 283] <... close resumed>) = 0 [pid 1472] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 284] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1474 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1475 attached ./strace-static-x86_64: Process 1476 attached [pid 1475] set_robust_list(0x55557fe8a6a0, 24 [pid 1476] set_robust_list(0x55557fe8a6a0, 24 [pid 1475] <... set_robust_list resumed>) = 0 [pid 1476] <... set_robust_list resumed>) = 0 [pid 1475] chdir("./46" [pid 1476] chdir("./45" [pid 1475] <... chdir resumed>) = 0 [pid 1476] <... chdir resumed>) = 0 [pid 1476] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1475] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1476] setpgid(0, 0 [pid 1475] <... prctl resumed>) = 0 [pid 1475] setpgid(0, 0 [pid 1476] <... setpgid resumed>) = 0 [pid 1476] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1475] <... setpgid resumed>) = 0 [pid 1475] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1476] <... openat resumed>) = 3 [pid 1475] <... openat resumed>) = 3 [pid 1475] write(3, "1000", 4 [pid 1476] write(3, "1000", 4 [pid 1475] <... write resumed>) = 4 [pid 1476] <... write resumed>) = 4 [pid 1475] close(3 [pid 1476] close(3 [pid 1475] <... close resumed>) = 0 [pid 1476] <... close resumed>) = 0 [pid 1476] symlink("/dev/binderfs", "./binderfs" [pid 1475] symlink("/dev/binderfs", "./binderfs" [pid 1476] <... symlink resumed>) = 0 [pid 1475] <... symlink resumed>) = 0 executing program [pid 1475] write(1, "executing program\n", 18) = 18 [pid 1475] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1476] write(1, "executing program\n", 18 [pid 1475] <... futex resumed>) = 0 executing program [pid 1475] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1476] <... write resumed>) = 18 [pid 1476] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1475] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1475] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1476] <... futex resumed>) = 0 [pid 1475] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 287] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1475 [pid 283] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1476 [pid 1476] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1475] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1476] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1475] <... mmap resumed>) = 0x7f8965398000 [pid 1476] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1475] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 1476] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1476] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1475] <... mprotect resumed>) = 0 [pid 1476] <... mmap resumed>) = 0x7f8965398000 [pid 1475] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1476] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1476] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1475] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1475] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1476] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1476] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1475] <... clone3 resumed> => {parent_tid=[1477]}, 88) = 1477 [pid 1475] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1475] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1475] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1476] <... clone3 resumed> => {parent_tid=[1478]}, 88) = 1478 [pid 1476] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1476] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1476] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1478 attached ./strace-static-x86_64: Process 1477 attached ./strace-static-x86_64: Process 1474 attached [pid 1478] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1478] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1478] memfd_create("syzkaller", 0) = 3 [pid 1478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1478] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1474] set_robust_list(0x55557fe8a6a0, 24 [pid 1477] set_robust_list(0x7f89653b89a0, 24 [pid 1478] <... write resumed>) = 524288 [pid 1478] munmap(0x7f895cf98000, 138412032) = 0 [pid 1478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1478] ioctl(4, LOOP_SET_FD, 3executing program [pid 1474] <... set_robust_list resumed>) = 0 [pid 1474] chdir("./46") = 0 [pid 1474] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1474] setpgid(0, 0) = 0 [pid 1474] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1474] write(3, "1000", 4) = 4 [pid 1474] close(3) = 0 [pid 1474] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1474] write(1, "executing program\n", 18) = 18 [pid 1474] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1474] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1474] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1474] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1474] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1474] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1480]}, 88) = 1480 [pid 1474] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1474] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1474] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1477] <... set_robust_list resumed>) = 0 [pid 1477] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1477] memfd_create("syzkaller", 0) = 3 [ 54.627987][ T1472] EXT4-fs (loop2): Ignoring removed nobh option [ 54.634546][ T1472] EXT4-fs (loop2): Ignoring removed bh option [ 54.636705][ T1469] EXT4-fs (loop3): Ignoring removed nobh option [ 54.653563][ T1472] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 54.664149][ T1469] EXT4-fs (loop3): Ignoring removed bh option [pid 1477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1477] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1477] munmap(0x7f895cf98000, 138412032) = 0 [pid 1477] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 1477] ioctl(4, LOOP_SET_FD, 3 [pid 1478] <... ioctl resumed>) = 0 [pid 1478] close(3) = 0 [pid 1478] close(4 [pid 1477] <... ioctl resumed>) = 0 [pid 1477] close(3) = 0 [pid 1477] close(4./strace-static-x86_64: Process 1480 attached [pid 1480] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1480] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1480] memfd_create("syzkaller", 0) = 3 [pid 1480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1472] <... mount resumed>) = 0 [pid 1472] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1472] chdir("./file1") = 0 [pid 1472] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1480] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1480] munmap(0x7f895cf98000, 138412032) = 0 [pid 1480] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1469] <... mount resumed>) = 0 [pid 1469] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1469] chdir("./file1") = 0 [pid 1469] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1477] <... close resumed>) = 0 [pid 1477] mkdir("./file1", 0777) = 0 [pid 1477] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1480] <... openat resumed>) = 4 [pid 1478] <... close resumed>) = 0 [pid 1472] <... openat resumed>) = 4 [pid 1469] <... openat resumed>) = 4 [pid 1469] ioctl(4, LOOP_CLR_FD) = 0 [pid 1469] close(4) = 0 [pid 1469] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1468] <... futex resumed>) = 0 [pid 1468] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1468] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1469] <... futex resumed>) = 1 [pid 1469] openat(AT_FDCWD, "./file1", O_RDWR) = 4 [pid 1469] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1468] <... futex resumed>) = 0 [pid 1468] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1468] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1480] ioctl(4, LOOP_SET_FD, 3 [pid 1469] <... futex resumed>) = 1 [pid 1478] mkdir("./file1", 0777 [pid 1472] ioctl(4, LOOP_CLR_FD [ 54.672224][ T1469] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1469] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900) = 87490 [pid 1469] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1468] <... futex resumed>) = 0 [pid 1468] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1468] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1469] <... futex resumed>) = 1 [pid 1469] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1469] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1468] <... futex resumed>) = 0 [pid 1468] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1468] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1469] <... futex resumed>) = 1 [pid 1469] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1478] <... mkdir resumed>) = 0 [pid 1478] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1480] <... ioctl resumed>) = 0 [pid 1472] <... ioctl resumed>) = 0 [pid 1469] <... pwrite64 resumed>) = 176128 [pid 1469] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1468] <... futex resumed>) = 0 [pid 1468] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1468] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1469] <... futex resumed>) = 1 [pid 1469] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1480] close(3 [pid 1472] close(4 [pid 1480] <... close resumed>) = 0 [pid 1472] <... close resumed>) = 0 [pid 1480] close(4 [pid 1472] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1480] <... close resumed>) = 0 [pid 1472] <... futex resumed>) = 1 [pid 1480] mkdir("./file1", 0777 [pid 1471] <... futex resumed>) = 0 [pid 1472] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1480] <... mkdir resumed>) = 0 [pid 1471] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1472] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1480] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1471] <... futex resumed>) = 0 [pid 1472] openat(AT_FDCWD, "./file1", O_RDWR [pid 1471] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1469] <... pwrite64 resumed>) = 176128 [pid 1469] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1468] <... futex resumed>) = 0 [pid 1468] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1468] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1469] <... futex resumed>) = 1 [ 54.733902][ T1477] EXT4-fs (loop4): Ignoring removed nobh option [ 54.744041][ T1477] EXT4-fs (loop4): Ignoring removed bh option [ 54.744390][ T1469] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 54.766667][ T1469] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1469] truncate("./file1", 1) = 0 [pid 1469] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1468] <... futex resumed>) = 0 [pid 1468] exit_group(0) = ? [pid 1469] <... futex resumed>) = ? [pid 1469] +++ exited with 0 +++ [pid 1468] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1468, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 286] restart_syscall(<... resuming interrupted clone ...> [pid 1472] <... openat resumed>) = 4 [pid 286] <... restart_syscall resumed>) = 0 [pid 286] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 286] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1472] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1471] <... futex resumed>) = 0 [pid 1472] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1471] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1472] <... futex resumed>) = 0 [pid 1471] <... futex resumed>) = 1 [pid 1472] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1471] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1472] <... pwrite64 resumed>) = 87490 [ 54.782612][ T1480] EXT4-fs (loop1): Ignoring removed nobh option [ 54.787515][ T1477] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 54.795564][ T1478] EXT4-fs (loop0): Ignoring removed nobh option [ 54.803915][ T1480] EXT4-fs (loop1): Ignoring removed bh option [ 54.808682][ T1478] EXT4-fs (loop0): Ignoring removed bh option [ 54.814081][ T1480] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1472] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1471] <... futex resumed>) = 0 [pid 1471] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1471] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1472] <... futex resumed>) = 1 [pid 1472] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1472] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1471] <... futex resumed>) = 0 [pid 1471] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1471] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1472] <... futex resumed>) = 1 [pid 1472] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1477] <... mount resumed>) = 0 [pid 1477] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1477] chdir("./file1") = 0 [pid 1477] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 1477] ioctl(4, LOOP_CLR_FD) = 0 [pid 1477] close(4) = 0 [pid 1477] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1475] <... futex resumed>) = 0 [pid 1477] openat(AT_FDCWD, "./file1", O_RDWR [pid 1475] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1477] <... openat resumed>) = 4 [pid 1475] <... futex resumed>) = 0 [pid 1477] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1475] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1477] <... futex resumed>) = 0 [pid 1475] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1477] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1475] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1477] <... pwrite64 resumed>) = 87490 [pid 1475] <... futex resumed>) = 0 [pid 1475] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1477] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1475] <... futex resumed>) = 0 [pid 1475] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1475] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1477] <... futex resumed>) = 1 [pid 1477] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1477] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1475] <... futex resumed>) = 0 [pid 1475] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1477] <... futex resumed>) = 1 [pid 1475] <... futex resumed>) = 0 [pid 1472] <... pwrite64 resumed>) = 176128 [pid 1477] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1475] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1480] <... mount resumed>) = 0 [pid 1472] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1480] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1480] chdir("./file1") = 0 [pid 1480] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1471] <... futex resumed>) = 0 [pid 1471] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1471] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1472] <... futex resumed>) = 1 [pid 1472] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1472] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1471] <... futex resumed>) = 0 [pid 1471] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1471] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1472] <... futex resumed>) = 1 [pid 1472] truncate("./file1", 1) = 0 [pid 1472] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1471] <... futex resumed>) = 0 [pid 1471] exit_group(0) = ? [pid 1472] <... futex resumed>) = ? [pid 1472] +++ exited with 0 +++ [pid 1471] +++ exited with 0 +++ [ 54.820972][ T1478] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 54.841281][ T1472] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 54.863776][ T1472] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1471, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 285] restart_syscall(<... resuming interrupted clone ...> [pid 1477] <... pwrite64 resumed>) = 176128 [pid 1477] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1475] <... futex resumed>) = 0 [pid 1475] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1475] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1477] <... futex resumed>) = 1 [pid 1478] <... mount resumed>) = 0 [pid 1477] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1478] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1478] chdir("./file1") = 0 [pid 1478] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 285] <... restart_syscall resumed>) = 0 [pid 285] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1480] <... openat resumed>) = 4 [pid 1478] <... openat resumed>) = 4 [pid 286] <... umount2 resumed>) = 0 [pid 1480] ioctl(4, LOOP_CLR_FD [pid 1478] ioctl(4, LOOP_CLR_FD [pid 1477] <... pwrite64 resumed>) = 176128 [pid 286] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1480] <... ioctl resumed>) = 0 [pid 1478] <... ioctl resumed>) = 0 [pid 1477] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1478] close(4 [pid 286] newfstatat(AT_FDCWD, "./45/file1", [pid 1480] close(4 [pid 1478] <... close resumed>) = 0 [pid 1477] <... futex resumed>) = 1 [pid 1475] <... futex resumed>) = 0 [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1475] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1475] <... futex resumed>) = 0 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1478] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1475] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1478] <... futex resumed>) = 1 [pid 1477] truncate("./file1", 1 [pid 1476] <... futex resumed>) = 0 [pid 1478] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1476] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... openat resumed>) = 4 [pid 1478] <... futex resumed>) = 0 [pid 1476] <... futex resumed>) = 1 [pid 1476] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1478] openat(AT_FDCWD, "./file1", O_RDWR [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1478] <... openat resumed>) = 4 [pid 286] getdents64(4, [pid 1478] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 1478] <... futex resumed>) = 1 [pid 1476] <... futex resumed>) = 0 [pid 1476] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1478] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 286] getdents64(4, [pid 1476] <... futex resumed>) = 0 [pid 1476] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1477] <... truncate resumed>) = 0 [pid 1477] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1475] <... futex resumed>) = 0 [pid 286] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 1477] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1475] exit_group(0 [pid 286] close(4 [pid 1475] <... exit_group resumed>) = ? [pid 1477] <... futex resumed>) = ? [pid 1477] +++ exited with 0 +++ [pid 1475] +++ exited with 0 +++ [pid 286] <... close resumed>) = 0 [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1475, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 286] rmdir("./45/file1" [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 1478] <... pwrite64 resumed>) = 87490 [pid 286] <... rmdir resumed>) = 0 [pid 1478] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1476] <... futex resumed>) = 0 [pid 286] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1476] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1478] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1476] <... futex resumed>) = 0 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1476] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] newfstatat(AT_FDCWD, "./45/binderfs", [pid 1478] <... openat resumed>) = 5 [pid 1478] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1476] <... futex resumed>) = 0 [pid 1476] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1476] <... futex resumed>) = 0 [pid 1478] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1476] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] unlink("./45/binderfs") = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] close(3) = 0 [pid 286] rmdir("./45") = 0 [pid 286] mkdir("./46", 0777) = 0 [ 54.878757][ T1477] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 54.895767][ T1477] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 287] <... restart_syscall resumed>) = 0 [pid 287] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1478] <... pwrite64 resumed>) = 176128 [pid 1478] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1476] <... futex resumed>) = 0 [pid 1476] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1476] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1478] <... futex resumed>) = 1 [pid 1478] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1478] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1478] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULLexecuting program [pid 1480] <... close resumed>) = 0 [pid 1476] <... futex resumed>) = 0 [pid 285] <... umount2 resumed>) = 0 [pid 285] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 285] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] close(4) = 0 [pid 285] rmdir("./45/file1") = 0 [pid 285] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] unlink("./45/binderfs") = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] close(3) = 0 [pid 285] rmdir("./45") = 0 [pid 285] mkdir("./46", 0777) = 0 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 285] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 285] close(3) = 0 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1493 ./strace-static-x86_64: Process 1493 attached [pid 1493] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1493] chdir("./46") = 0 [pid 1493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1493] setpgid(0, 0) = 0 [pid 1493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1493] write(3, "1000", 4) = 4 [pid 1493] close(3) = 0 [pid 1493] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1493] write(1, "executing program\n", 18) = 18 [pid 286] <... openat resumed>) = 3 [pid 1493] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1493] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1476] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1480] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] ioctl(3, LOOP_CLR_FD [pid 1493] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1493] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1493] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1480] <... futex resumed>) = 1 [pid 1478] <... futex resumed>) = 0 [pid 1476] <... futex resumed>) = 1 [pid 1474] <... futex resumed>) = 0 [pid 1478] truncate("./file1", 1 [pid 1480] openat(AT_FDCWD, "./file1", O_RDWR [pid 1476] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1474] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1480] <... openat resumed>) = 4 [pid 1474] <... futex resumed>) = 0 [pid 1480] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1474] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1493] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1480] <... futex resumed>) = 0 [pid 1474] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1480] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1474] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1478] <... truncate resumed>) = 0 [pid 1474] <... futex resumed>) = 0 [pid 1478] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1478] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1493] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1493] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1494]}, 88) = 1494 [pid 1493] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1493] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1493] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1494 attached [pid 1494] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1494] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1494] memfd_create("syzkaller", 0) = 3 [pid 1494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1480] <... pwrite64 resumed>) = 87490 [pid 1476] <... futex resumed>) = 0 [pid 1474] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1476] exit_group(0 [pid 1478] <... futex resumed>) = ? [pid 1476] <... exit_group resumed>) = ? [pid 1478] +++ exited with 0 +++ [pid 1476] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1476, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- [pid 283] restart_syscall(<... resuming interrupted clone ...> [pid 1480] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1474] <... futex resumed>) = 0 [pid 1474] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1474] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1480] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1480] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1474] <... futex resumed>) = 0 [pid 1474] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1474] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1494] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1480] <... futex resumed>) = 1 [pid 1480] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1494] <... write resumed>) = 524288 [pid 1494] munmap(0x7f895cf98000, 138412032) = 0 [ 54.929419][ T1478] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 54.946030][ T1478] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1494] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 283] <... restart_syscall resumed>) = 0 [pid 283] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1480] <... pwrite64 resumed>) = 176128 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1480] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1474] <... futex resumed>) = 0 [pid 1480] <... futex resumed>) = 1 [pid 1474] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1480] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1474] <... futex resumed>) = 0 [pid 1474] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1480] <... pwrite64 resumed>) = 176128 [pid 1480] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1480] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1474] <... futex resumed>) = 0 [pid 1474] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1474] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1480] <... futex resumed>) = 0 [pid 1480] truncate("./file1", 1 [pid 287] <... umount2 resumed>) = 0 [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 286] close(3 [pid 1480] <... truncate resumed>) = 0 [pid 1480] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1474] <... futex resumed>) = 0 [pid 1474] exit_group(0) = ? [pid 1480] <... futex resumed>) = ? [pid 1480] +++ exited with 0 +++ [pid 1474] +++ exited with 0 +++ [pid 286] <... close resumed>) = 0 [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1474, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 287] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 284] restart_syscall(<... resuming interrupted clone ...> [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./46/file1", [pid 286] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1495 ./strace-static-x86_64: Process 1495 attached [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 284] <... restart_syscall resumed>) = 0 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, [pid 1495] set_robust_list(0x55557fe8a6a0, 24 [pid 287] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] getdents64(4, [pid 284] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1495] <... set_robust_list resumed>) = 0 [pid 287] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 1495] chdir("./46" [pid 287] close(4) = 0 [pid 287] rmdir("./46/file1") = 0 [pid 287] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./46/binderfs") = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 1495] <... chdir resumed>) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./46") = 0 [pid 287] mkdir("./47", 0777 [pid 1495] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1495] setpgid(0, 0) = 0 [pid 287] <... mkdir resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1495] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1495] write(3, "1000", 4) = 4 [pid 1495] close(3) = 0 [pid 1495] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1495] write(1, "executing program\n", 18executing program ) = 18 [pid 1495] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1495] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1495] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1495] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1495] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1495] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0}./strace-static-x86_64: Process 1496 attached => {parent_tid=[1496]}, 88) = 1496 [pid 1496] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1496] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1496] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1495] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1495] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1496] <... futex resumed>) = 0 [pid 1495] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1496] memfd_create("syzkaller", 0) = 3 [pid 1496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1496] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1496] munmap(0x7f895cf98000, 138412032) = 0 [pid 1496] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1494] <... openat resumed>) = 4 [ 54.981369][ T1480] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 54.998699][ T1480] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1494] ioctl(4, LOOP_SET_FD, 3 [pid 287] <... openat resumed>) = 3 [pid 283] <... umount2 resumed>) = 0 [pid 283] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] close(4) = 0 [pid 283] rmdir("./45/file1" [pid 287] ioctl(3, LOOP_CLR_FD [pid 283] <... rmdir resumed>) = 0 [pid 283] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./45/binderfs", [pid 1494] <... ioctl resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 284] <... umount2 resumed>) = 0 [pid 283] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1494] close(3 [pid 287] close(3 [pid 284] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1496] <... openat resumed>) = 4 [pid 287] <... close resumed>) = 0 [pid 1496] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1496] close(3) = 0 [pid 1496] close(4) = 0 [pid 1496] mkdir("./file1", 0777) = 0 [pid 1496] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1499 attached [pid 1494] <... close resumed>) = 0 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] unlink("./45/binderfs" [pid 1494] close(4 [pid 287] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1499 [pid 284] newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] <... unlink resumed>) = 0 [pid 284] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] getdents64(3, executing program [pid 1499] set_robust_list(0x55557fe8a6a0, 24 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 283] close(3 [pid 284] <... openat resumed>) = 4 [pid 283] <... close resumed>) = 0 [pid 284] newfstatat(4, "", [pid 283] rmdir("./45" [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] <... rmdir resumed>) = 0 [pid 284] getdents64(4, [pid 283] mkdir("./46", 0777 [pid 284] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] <... mkdir resumed>) = 0 [pid 284] getdents64(4, [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 284] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] close(4) = 0 [pid 284] rmdir("./46/file1") = 0 [pid 284] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] unlink("./46/binderfs") = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] close(3) = 0 [pid 284] rmdir("./46") = 0 [pid 284] mkdir("./47", 0777) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1499] <... set_robust_list resumed>) = 0 [pid 1499] chdir("./47") = 0 [pid 1499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1499] setpgid(0, 0) = 0 [pid 1499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1499] write(3, "1000", 4) = 4 [pid 1499] close(3) = 0 [pid 1499] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1499] write(1, "executing program\n", 18) = 18 [pid 1499] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1499] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1499] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1499] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1499] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1499] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1500]}, 88) = 1500 [pid 1499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1499] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1499] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1500 attached [pid 1500] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1500] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1500] memfd_create("syzkaller", 0) = 3 [pid 1500] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1500] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1500] munmap(0x7f895cf98000, 138412032) = 0 [pid 1500] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1494] <... close resumed>) = 0 [pid 1494] mkdir("./file1", 0777 [pid 1496] <... mount resumed>) = 0 [pid 1494] <... mkdir resumed>) = 0 [pid 1494] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1496] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1496] chdir("./file1") = 0 [pid 1496] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 283] <... openat resumed>) = 3 [pid 283] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 283] close(3) = 0 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1503 ./strace-static-x86_64: Process 1503 attached [pid 1503] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1503] chdir("./46") = 0 [pid 1503] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1503] setpgid(0, 0) = 0 [pid 1503] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1503] write(3, "1000", 4) = 4 [pid 1503] close(3) = 0 [pid 1503] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1503] write(1, "executing program\n", 18executing program ) = 18 [pid 284] <... openat resumed>) = 3 [pid 1503] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1503] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 284] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 284] close(3 [pid 1503] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1503] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1503] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1503] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1503] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1504]}, 88) = 1504 [pid 1503] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 55.126270][ T1496] EXT4-fs (loop3): Ignoring removed nobh option [ 55.133482][ T1496] EXT4-fs (loop3): Ignoring removed bh option [ 55.139889][ T1496] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1503] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1503] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1496] <... openat resumed>) = 4 [pid 1496] ioctl(4, LOOP_CLR_FD) = 0 [pid 1496] close(4) = 0 [pid 1496] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1496] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1495] <... futex resumed>) = 0 [pid 284] <... close resumed>) = 0 [pid 1495] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1500] <... openat resumed>) = 4 [pid 1500] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 1504 attached [pid 1504] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1504] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1504] memfd_create("syzkaller", 0) = 3 [pid 1504] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1504] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1495] <... futex resumed>) = 1 [pid 1496] <... futex resumed>) = 0 [pid 1496] openat(AT_FDCWD, "./file1", O_RDWR [pid 1495] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1506 [pid 1496] <... openat resumed>) = 4 [pid 1496] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1500] <... ioctl resumed>) = 0 [pid 1500] close(3 [pid 1496] <... futex resumed>) = 1 [pid 1495] <... futex resumed>) = 0 [pid 1500] <... close resumed>) = 0 [pid 1496] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1495] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1506 attached [pid 1504] <... write resumed>) = 524288 [pid 1500] close(4 [pid 1496] <... pwrite64 resumed>) = 87490 [pid 1495] <... futex resumed>) = 0 [pid 1500] <... close resumed>) = 0 [pid 1495] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1500] mkdir("./file1", 0777) = 0 [pid 1500] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"...executing program [pid 1506] set_robust_list(0x55557fe8a6a0, 24 [pid 1504] munmap(0x7f895cf98000, 138412032 [pid 1496] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1496] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1506] <... set_robust_list resumed>) = 0 [pid 1506] chdir("./47" [pid 1504] <... munmap resumed>) = 0 [pid 1506] <... chdir resumed>) = 0 [pid 1506] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1506] setpgid(0, 0) = 0 [pid 1506] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1504] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1506] <... openat resumed>) = 3 [pid 1504] ioctl(4, LOOP_SET_FD, 3 [pid 1506] write(3, "1000", 4) = 4 [pid 1506] close(3) = 0 [pid 1506] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1506] write(1, "executing program\n", 18) = 18 [pid 1506] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1506] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1506] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1506] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1506] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1506] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1506] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1507]}, 88) = 1507 [pid 1506] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1506] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1506] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1507 attached [pid 1507] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1507] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1507] memfd_create("syzkaller", 0) = 3 [pid 1507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1495] <... futex resumed>) = 0 [pid 1495] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1496] <... futex resumed>) = 0 [pid 1495] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1496] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1507] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1504] <... ioctl resumed>) = 0 [pid 1504] close(3) = 0 [pid 1504] close(4 [pid 1507] <... write resumed>) = 524288 [pid 1507] munmap(0x7f895cf98000, 138412032) = 0 [pid 1507] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1496] <... openat resumed>) = 5 [pid 1496] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1495] <... futex resumed>) = 0 [pid 1496] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1495] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 55.202737][ T1494] EXT4-fs (loop2): Ignoring removed nobh option [ 55.209318][ T1494] EXT4-fs (loop2): Ignoring removed bh option [ 55.217469][ T1494] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 55.232676][ T1500] EXT4-fs (loop4): Ignoring removed nobh option [ 55.239861][ T1500] EXT4-fs (loop4): Ignoring removed bh option [pid 1495] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1494] <... mount resumed>) = 0 [pid 1494] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1494] chdir("./file1") = 0 [pid 1494] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1496] <... pwrite64 resumed>) = 176128 [pid 1496] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1496] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1495] <... futex resumed>) = 0 [pid 1495] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1495] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1496] <... futex resumed>) = 0 [pid 1496] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1500] <... mount resumed>) = 0 [pid 1500] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1500] chdir("./file1") = 0 [pid 1500] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1496] <... pwrite64 resumed>) = 176128 [pid 1496] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1496] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1495] <... futex resumed>) = 0 [pid 1495] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1495] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1496] <... futex resumed>) = 0 [pid 1496] truncate("./file1", 1) = 0 [pid 1496] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1495] <... futex resumed>) = 0 [pid 1495] exit_group(0) = ? [pid 1496] <... futex resumed>) = ? [pid 1496] +++ exited with 0 +++ [pid 1495] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1495, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 286] restart_syscall(<... resuming interrupted clone ...> [pid 1507] <... openat resumed>) = 4 [pid 1504] <... close resumed>) = 0 [pid 1507] ioctl(4, LOOP_SET_FD, 3 [pid 1504] mkdir("./file1", 0777) = 0 [pid 1504] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 286] <... restart_syscall resumed>) = 0 [pid 286] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 286] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1500] <... openat resumed>) = 4 [pid 1494] <... openat resumed>) = 4 [pid 1500] ioctl(4, LOOP_CLR_FD [pid 1494] ioctl(4, LOOP_CLR_FD [pid 1507] <... ioctl resumed>) = 0 [pid 1507] close(3) = 0 [ 55.247483][ T1500] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 55.248912][ T1496] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 55.275371][ T1496] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1507] close(4 [pid 1500] <... ioctl resumed>) = 0 [pid 1494] <... ioctl resumed>) = 0 [pid 1500] close(4 [pid 1494] close(4 [pid 1507] <... close resumed>) = 0 [pid 1507] mkdir("./file1", 0777 [pid 1500] <... close resumed>) = 0 [pid 1494] <... close resumed>) = 0 [pid 286] <... umount2 resumed>) = 0 [pid 286] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 286] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] close(4) = 0 [pid 286] rmdir("./46/file1") = 0 [pid 286] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./46/binderfs" [pid 1500] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1494] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... unlink resumed>) = 0 [pid 1507] <... mkdir resumed>) = 0 [pid 1500] <... futex resumed>) = 1 [pid 1499] <... futex resumed>) = 0 [pid 1494] <... futex resumed>) = 1 [pid 1493] <... futex resumed>) = 0 [pid 286] getdents64(3, [pid 1507] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1500] openat(AT_FDCWD, "./file1", O_RDWR [pid 1499] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1494] openat(AT_FDCWD, "./file1", O_RDWR [pid 1493] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 1499] <... futex resumed>) = 0 [pid 1493] <... futex resumed>) = 0 [pid 286] close(3 [pid 1500] <... openat resumed>) = 4 [pid 1499] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1493] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] <... close resumed>) = 0 [pid 286] rmdir("./46") = 0 [pid 286] mkdir("./47", 0777) = 0 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 286] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 286] close(3) = 0 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1514 ./strace-static-x86_64: Process 1514 attached [pid 1514] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1514] chdir("./47") = 0 [pid 1514] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1514] setpgid(0, 0) = 0 [pid 1514] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1514] write(3, "1000", 4) = 4 [pid 1514] close(3) = 0 [pid 1514] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1514] write(1, "executing program\n", 18executing program ) = 18 [pid 1514] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1514] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1514] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1514] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1514] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1514] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1515]}, 88) = 1515 [pid 1514] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1514] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1500] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1494] <... openat resumed>) = 4 [pid 1500] <... futex resumed>) = 1 [pid 1499] <... futex resumed>) = 0 [pid 1494] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1500] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1499] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1500] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1499] <... futex resumed>) = 0 [pid 1494] <... futex resumed>) = 1 [pid 1493] <... futex resumed>) = 0 [pid 1500] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1499] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1494] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1493] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1514] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1515 attached [pid 1515] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1515] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1515] memfd_create("syzkaller", 0) = 3 [pid 1515] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1500] <... pwrite64 resumed>) = 87490 [pid 1493] <... futex resumed>) = 0 [pid 1493] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1494] <... pwrite64 resumed>) = 87490 [pid 1515] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1515] munmap(0x7f895cf98000, 138412032) = 0 [pid 1515] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 1515] ioctl(4, LOOP_SET_FD, 3 [pid 1494] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1500] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1493] <... futex resumed>) = 0 [pid 1493] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1493] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1500] <... futex resumed>) = 1 [pid 1499] <... futex resumed>) = 0 [pid 1494] <... futex resumed>) = 1 [ 55.447726][ T1504] EXT4-fs (loop0): Ignoring removed nobh option [ 55.457072][ T1507] EXT4-fs (loop1): Ignoring removed nobh option [ 55.463367][ T1507] EXT4-fs (loop1): Ignoring removed bh option [ 55.480527][ T1504] EXT4-fs (loop0): Ignoring removed bh option [pid 1500] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1499] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1494] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1515] <... ioctl resumed>) = 0 [pid 1515] close(3) = 0 [pid 1515] close(4) = 0 [pid 1515] mkdir("./file1", 0777) = 0 [pid 1515] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1500] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1499] <... futex resumed>) = 0 [pid 1494] <... openat resumed>) = 5 [pid 1500] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1499] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1494] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1500] <... openat resumed>) = 5 [pid 1494] <... futex resumed>) = 1 [pid 1493] <... futex resumed>) = 0 [pid 1500] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1494] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1493] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1500] <... futex resumed>) = 1 [pid 1499] <... futex resumed>) = 0 [pid 1494] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1493] <... futex resumed>) = 0 [pid 1500] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1499] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1494] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1493] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1500] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1499] <... futex resumed>) = 0 [pid 1500] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [ 55.481503][ T1507] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 55.499891][ T1504] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 55.519373][ T1494] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 55.519397][ T1500] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1499] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1500] <... pwrite64 resumed>) = 176128 [pid 1500] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1500] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1499] <... futex resumed>) = 0 [pid 1494] <... pwrite64 resumed>) = 176128 [pid 1494] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1494] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1507] <... mount resumed>) = 0 [pid 1507] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1507] chdir("./file1") = 0 [pid 1507] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1507] ioctl(4, LOOP_CLR_FD) = 0 [pid 1507] close(4) = 0 [pid 1493] <... futex resumed>) = 0 [pid 1493] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1499] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1493] <... futex resumed>) = 1 [pid 1499] <... futex resumed>) = 1 [pid 1493] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1499] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1507] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1500] <... futex resumed>) = 0 [pid 1494] <... futex resumed>) = 0 [pid 1507] <... futex resumed>) = 1 [pid 1506] <... futex resumed>) = 0 [pid 1500] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1507] openat(AT_FDCWD, "./file1", O_RDWR [pid 1506] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1504] <... mount resumed>) = 0 [pid 1506] <... futex resumed>) = 0 [pid 1504] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1494] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1506] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1504] <... openat resumed>) = 3 [pid 1507] <... openat resumed>) = 4 [pid 1507] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1507] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1500] <... pwrite64 resumed>) = 176128 [pid 1500] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1499] <... futex resumed>) = 0 [pid 1499] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1499] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1500] <... futex resumed>) = 1 [pid 1500] truncate("./file1", 1) = 0 [pid 1500] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1499] <... futex resumed>) = 0 [pid 1499] exit_group(0) = ? [pid 1500] <... futex resumed>) = ? [pid 1500] +++ exited with 0 +++ [pid 1499] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1499, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 1506] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 55.548999][ T1515] EXT4-fs (loop3): Ignoring removed nobh option [ 55.555363][ T1515] EXT4-fs (loop3): Ignoring removed bh option [ 55.561485][ T1515] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 55.575421][ T1500] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1506] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1507] <... futex resumed>) = 0 [pid 1506] <... futex resumed>) = 1 [pid 1507] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900) = 87490 [pid 1506] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1507] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1506] <... futex resumed>) = 0 [pid 1506] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1506] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1507] <... futex resumed>) = 1 [pid 1507] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 287] <... restart_syscall resumed>) = 0 [pid 287] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1507] <... openat resumed>) = 5 [pid 1507] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1506] <... futex resumed>) = 0 [pid 1506] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1506] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1507] <... futex resumed>) = 1 [pid 1507] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1504] chdir("./file1") = 0 [pid 1504] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1504] ioctl(4, LOOP_CLR_FD) = 0 [pid 1504] close(4 [pid 1494] <... pwrite64 resumed>) = 176128 [pid 1515] <... mount resumed>) = 0 [pid 1494] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1515] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1494] <... futex resumed>) = 1 [pid 1493] <... futex resumed>) = 0 [pid 1493] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1493] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1515] <... openat resumed>) = 3 [pid 1515] chdir("./file1" [pid 1494] truncate("./file1", 1 [pid 1515] <... chdir resumed>) = 0 [pid 1515] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1494] <... truncate resumed>) = 0 [pid 1494] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1494] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1493] <... futex resumed>) = 0 [pid 1493] exit_group(0) = ? [pid 1494] <... futex resumed>) = ? [pid 1494] +++ exited with 0 +++ [pid 1493] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1493, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 285] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 285] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1507] <... pwrite64 resumed>) = 176128 [pid 1507] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1506] <... futex resumed>) = 0 [pid 1506] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1506] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1507] <... futex resumed>) = 1 [pid 1507] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1507] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1506] <... futex resumed>) = 0 [pid 1506] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1506] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1507] truncate("./file1", 1 [pid 287] <... umount2 resumed>) = 0 [pid 1515] <... openat resumed>) = 4 [pid 1504] <... close resumed>) = 0 [pid 1504] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1515] ioctl(4, LOOP_CLR_FD [pid 1504] <... futex resumed>) = 1 [pid 1503] <... futex resumed>) = 0 [pid 287] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1503] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1504] openat(AT_FDCWD, "./file1", O_RDWR [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1503] <... futex resumed>) = 0 [pid 1507] <... truncate resumed>) = 0 [pid 1507] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1506] <... futex resumed>) = 0 [pid 1506] exit_group(0 [pid 1503] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1506] <... exit_group resumed>) = ? [pid 1504] <... openat resumed>) = 4 [pid 1507] <... futex resumed>) = ? [pid 1504] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] newfstatat(AT_FDCWD, "./47/file1", [pid 1504] <... futex resumed>) = 1 [pid 1503] <... futex resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1503] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1504] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 287] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1507] +++ exited with 0 +++ [pid 1506] +++ exited with 0 +++ [pid 1503] <... futex resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./47/file1") = 0 [pid 287] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./47/binderfs") = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./47") = 0 [pid 287] mkdir("./48", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1506, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 284] restart_syscall(<... resuming interrupted clone ...> [pid 1504] <... pwrite64 resumed>) = 87490 [pid 1503] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1504] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1503] <... futex resumed>) = 0 [pid 1503] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1503] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1504] <... futex resumed>) = 1 [pid 1504] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1504] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1503] <... futex resumed>) = 0 [pid 1503] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1503] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1504] <... futex resumed>) = 1 [pid 1504] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 284] <... restart_syscall resumed>) = 0 [ 55.577521][ T1494] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 55.612744][ T1507] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 55.628189][ T1507] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1504] <... pwrite64 resumed>) = 176128 [pid 284] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 1504] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1503] <... futex resumed>) = 0 [pid 1503] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... openat resumed>) = 3 [pid 1503] <... futex resumed>) = 0 [pid 1503] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1504] <... futex resumed>) = 1 [pid 284] newfstatat(3, "", [pid 1504] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1504] <... pwrite64 resumed>) = 176128 [pid 1504] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1504] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1515] <... ioctl resumed>) = 0 [pid 1503] <... futex resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 285] <... umount2 resumed>) = 0 [pid 1515] close(4 [pid 1503] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] ioctl(3, LOOP_CLR_FD [pid 285] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 285] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] close(4) = 0 [pid 285] rmdir("./46/file1") = 0 [pid 285] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] unlink("./46/binderfs") = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] close(3) = 0 [pid 285] rmdir("./46") = 0 [pid 285] mkdir("./47", 0777 [pid 1515] <... close resumed>) = 0 [pid 1503] <... futex resumed>) = 1 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 285] <... mkdir resumed>) = 0 [pid 1515] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1503] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] close(3 [pid 1515] <... futex resumed>) = 1 [pid 1514] <... futex resumed>) = 0 [pid 1515] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 287] <... close resumed>) = 0 [pid 1514] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1515] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1514] <... futex resumed>) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1515] openat(AT_FDCWD, "./file1", O_RDWR [pid 1514] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1515] <... openat resumed>) = 4 [pid 285] <... openat resumed>) = 3 [pid 1515] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1523 [pid 285] ioctl(3, LOOP_CLR_FD [pid 1515] <... futex resumed>) = 1 [pid 1514] <... futex resumed>) = 0 [pid 285] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1515] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1514] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] close(3 [pid 1515] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1514] <... futex resumed>) = 0 [pid 285] <... close resumed>) = 0 [pid 1515] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1514] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1524 [pid 1504] <... futex resumed>) = 0 [pid 1504] truncate("./file1", 1 [pid 1515] <... pwrite64 resumed>) = 87490 [pid 1504] <... truncate resumed>) = 0 ./strace-static-x86_64: Process 1524 attached [pid 1524] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1524] chdir("./47") = 0 [pid 1524] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1524] setpgid(0, 0 [pid 1504] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1503] <... futex resumed>) = 0 [pid 1515] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1503] exit_group(0 [pid 1515] <... futex resumed>) = 1 [pid 1514] <... futex resumed>) = 0 [pid 1503] <... exit_group resumed>) = ? [pid 1515] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1514] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1515] <... openat resumed>) = 5 [pid 1514] <... futex resumed>) = 0 [pid 1515] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1514] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1515] <... futex resumed>) = 0 [pid 1514] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1515] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1514] <... futex resumed>) = 0 [pid 1514] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1524] <... setpgid resumed>) = 0 [pid 1524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1504] +++ exited with 0 +++ [pid 1503] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1503, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 283] restart_syscall(<... resuming interrupted clone ...> [pid 1524] <... openat resumed>) = 3 [pid 1524] write(3, "1000", 4) = 4 [pid 1524] close(3) = 0 [pid 1524] symlink("/dev/binderfs", "./binderfs" [pid 283] <... restart_syscall resumed>) = 0 [pid 283] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1524] <... symlink resumed>) = 0 [pid 1524] write(1, "executing program\n", 18executing program ) = 18 [pid 1524] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1524] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1524] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1524] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1524] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1524] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1524] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1525]}, 88) = 1525 [pid 1524] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1524] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1524] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1525 attached [pid 1525] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1525] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1525] memfd_create("syzkaller", 0) = 3 [ 55.655916][ T1504] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 55.682062][ T1504] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1525] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1525] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1525] munmap(0x7f895cf98000, 138412032) = 0 [pid 1525] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 1523 attached [pid 1523] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1523] chdir("./48") = 0 [pid 1523] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1523] setpgid(0, 0) = 0 [pid 1523] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1523] write(3, "1000", 4) = 4 [pid 1523] close(3) = 0 [pid 1523] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1523] write(1, "executing program\n", 18executing program ) = 18 [pid 1523] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1523] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1523] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1523] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1523] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1523] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1523] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1526]}, 88) = 1526 [pid 1523] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1523] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1526 attached ) = 0 [pid 1515] <... pwrite64 resumed>) = 176128 [pid 1515] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1526] set_robust_list(0x7f89653b89a0, 24 [pid 1515] <... futex resumed>) = 1 [pid 1514] <... futex resumed>) = 0 [pid 1514] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1514] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1523] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1526] <... set_robust_list resumed>) = 0 [pid 1526] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1526] memfd_create("syzkaller", 0) = 3 [pid 1526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1515] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1526] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1526] munmap(0x7f895cf98000, 138412032) = 0 [pid 1526] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1515] <... pwrite64 resumed>) = 176128 [pid 1515] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1515] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1514] <... futex resumed>) = 0 [pid 1514] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1514] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1515] <... futex resumed>) = 0 [pid 1515] truncate("./file1", 1) = 0 [pid 1515] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1514] <... futex resumed>) = 0 [pid 1514] exit_group(0) = ? [pid 1515] <... futex resumed>) = ? [pid 284] <... umount2 resumed>) = 0 [pid 284] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1515] +++ exited with 0 +++ [pid 1514] +++ exited with 0 +++ [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1514, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 286] restart_syscall(<... resuming interrupted clone ...> [pid 284] newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 284] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] close(4) = 0 [pid 284] rmdir("./47/file1") = 0 [pid 284] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] unlink("./47/binderfs") = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] close(3) = 0 [pid 284] rmdir("./47") = 0 [pid 284] mkdir("./48", 0777) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 286] <... restart_syscall resumed>) = 0 [pid 286] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 286] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1525] <... openat resumed>) = 4 [pid 286] <... umount2 resumed>) = 0 [pid 1526] <... openat resumed>) = 4 [pid 1525] ioctl(4, LOOP_SET_FD, 3 [pid 286] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] <... openat resumed>) = 3 [pid 283] <... umount2 resumed>) = 0 [pid 283] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] close(4) = 0 [pid 283] rmdir("./46/file1") = 0 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] ioctl(3, LOOP_CLR_FD [pid 283] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1526] ioctl(4, LOOP_SET_FD, 3 [pid 286] newfstatat(AT_FDCWD, "./47/file1", [pid 1525] <... ioctl resumed>) = 0 [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1525] close(3 [pid 286] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1525] <... close resumed>) = 0 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./46/binderfs", [pid 1525] close(4 [pid 286] openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1525] <... close resumed>) = 0 [pid 286] <... openat resumed>) = 4 [pid 283] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1525] mkdir("./file1", 0777 [pid 286] newfstatat(4, "", [pid 1525] <... mkdir resumed>) = 0 [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 283] unlink("./46/binderfs" [pid 1525] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 286] getdents64(4, [pid 284] close(3 [pid 283] <... unlink resumed>) = 0 [pid 286] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [ 55.721987][ T1515] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 55.738373][ T1515] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 283] getdents64(3, [pid 286] getdents64(4, [pid 283] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] <... close resumed>) = 0 [pid 283] close(3 [pid 1526] <... ioctl resumed>) = 0 [pid 1526] close(3) = 0 [pid 286] close(4 [pid 1526] close(4 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1529 [pid 283] <... close resumed>) = 0 [pid 283] rmdir("./46") = 0 [pid 283] mkdir("./47", 0777) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 286] <... close resumed>) = 0 [pid 286] rmdir("./47/file1") = 0 [pid 286] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./47/binderfs") = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] close(3) = 0 [pid 286] rmdir("./47") = 0 [pid 286] mkdir("./48", 0777) = 0 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR./strace-static-x86_64: Process 1529 attached [pid 1529] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1529] chdir("./48") = 0 [pid 1529] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1529] setpgid(0, 0) = 0 [pid 1529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1529] write(3, "1000", 4) = 4 [pid 1529] close(3) = 0 [pid 1529] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1529] write(1, "executing program\n", 18executing program ) = 18 [pid 1529] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1529] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1529] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1529] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1529] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1530]}, 88) = 1530 [pid 1529] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1529] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1529] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1530 attached [pid 1530] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1530] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1530] memfd_create("syzkaller", 0) = 3 [pid 1530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1530] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1530] munmap(0x7f895cf98000, 138412032) = 0 [pid 1530] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1526] <... close resumed>) = 0 [pid 1530] <... openat resumed>) = 4 [pid 1526] mkdir("./file1", 0777 [pid 286] <... openat resumed>) = 3 [pid 283] <... openat resumed>) = 3 [pid 1526] <... mkdir resumed>) = 0 [pid 286] ioctl(3, LOOP_CLR_FD [pid 283] ioctl(3, LOOP_CLR_FD [pid 1526] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 283] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 283] close(3 [pid 1530] ioctl(4, LOOP_SET_FD, 3 [pid 1525] <... mount resumed>) = 0 [pid 1525] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1525] chdir("./file1") = 0 [ 55.806195][ T1525] EXT4-fs (loop2): Ignoring removed nobh option [ 55.812523][ T1525] EXT4-fs (loop2): Ignoring removed bh option [ 55.818954][ T1525] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1525] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 286] <... ioctl resumed>) = 0 [pid 283] <... close resumed>) = 0 [pid 286] close(3 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1533 ./strace-static-x86_64: Process 1533 attached [pid 1533] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1533] chdir("./47") = 0 [pid 1533] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1533] setpgid(0, 0) = 0 [pid 1533] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1533] write(3, "1000", 4) = 4 [pid 1533] close(3) = 0 [pid 1533] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1533] write(1, "executing program\n", 18executing program ) = 18 [pid 1533] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1533] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1533] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1533] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1533] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1533] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1533] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1535]}, 88) = 1535 [pid 1533] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1533] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1533] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1530] <... ioctl resumed>) = 0 [pid 1525] <... openat resumed>) = 4 [pid 1525] ioctl(4, LOOP_CLR_FD [pid 286] <... close resumed>) = 0 [pid 1525] <... ioctl resumed>) = 0 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1525] close(4) = 0 [pid 1525] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1536 [pid 1525] <... futex resumed>) = 1 [pid 1524] <... futex resumed>) = 0 [pid 1525] openat(AT_FDCWD, "./file1", O_RDWR [pid 1524] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1525] <... openat resumed>) = 4 [pid 1524] <... futex resumed>) = 0 [pid 1525] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1524] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1525] <... futex resumed>) = 0 [pid 1524] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1525] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1524] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1525] <... pwrite64 resumed>) = 87490 [pid 1524] <... futex resumed>) = 0 [pid 1524] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1530] close(3) = 0 [pid 1530] close(4) = 0 [pid 1530] mkdir("./file1", 0777) = 0 [pid 1530] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1525] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1524] <... futex resumed>) = 0 [pid 1524] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1525] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1524] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1525] <... openat resumed>) = 5 ./strace-static-x86_64: Process 1536 attached ./strace-static-x86_64: Process 1535 attached [pid 1525] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1536] set_robust_list(0x55557fe8a6a0, 24 [pid 1535] set_robust_list(0x7f89653b89a0, 24 [pid 1525] <... futex resumed>) = 1 [pid 1536] <... set_robust_list resumed>) = 0 [pid 1535] <... set_robust_list resumed>) = 0 [pid 1525] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1536] chdir("./48" [pid 1535] rt_sigprocmask(SIG_SETMASK, [], [pid 1524] <... futex resumed>) = 0 [pid 1536] <... chdir resumed>) = 0 [pid 1535] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1536] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1535] memfd_create("syzkaller", 0 [pid 1524] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1536] <... prctl resumed>) = 0 [pid 1535] <... memfd_create resumed>) = 3 [pid 1536] setpgid(0, 0 [pid 1535] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1525] <... futex resumed>) = 0 [pid 1524] <... futex resumed>) = 1 [pid 1536] <... setpgid resumed>) = 0 [pid 1535] <... mmap resumed>) = 0x7f895cf98000 [ 55.891681][ T1526] EXT4-fs (loop4): Ignoring removed nobh option [ 55.898165][ T1526] EXT4-fs (loop4): Ignoring removed bh option [ 55.904482][ T1526] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 55.922747][ T1530] EXT4-fs (loop1): Ignoring removed nobh option [ 55.933878][ T1530] EXT4-fs (loop1): Ignoring removed bh option [pid 1525] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864executing program [pid 1536] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1535] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1524] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1536] <... openat resumed>) = 3 [pid 1536] write(3, "1000", 4) = 4 [pid 1536] close(3) = 0 [pid 1536] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1536] write(1, "executing program\n", 18) = 18 [pid 1536] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1535] <... write resumed>) = 524288 [pid 1536] <... futex resumed>) = 0 [pid 1536] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1536] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1536] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1536] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1536] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1536] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1537]}, 88) = 1537 [pid 1536] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1536] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1536] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1535] munmap(0x7f895cf98000, 138412032) = 0 [pid 1535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1535] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 1537 attached [pid 1537] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1537] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1537] memfd_create("syzkaller", 0) = 3 [pid 1537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1537] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1537] munmap(0x7f895cf98000, 138412032) = 0 [pid 1537] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1525] <... pwrite64 resumed>) = 176128 [pid 1525] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1524] <... futex resumed>) = 0 [pid 1524] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1524] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1525] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1537] <... openat resumed>) = 4 [pid 1535] <... ioctl resumed>) = 0 [pid 1535] close(3) = 0 [pid 1535] close(4 [pid 1537] ioctl(4, LOOP_SET_FD, 3 [pid 1525] <... pwrite64 resumed>) = 176128 [pid 1525] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1525] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1526] <... mount resumed>) = 0 [pid 1524] <... futex resumed>) = 0 [pid 1526] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1524] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1526] <... openat resumed>) = 3 [pid 1524] <... futex resumed>) = 1 [pid 1526] chdir("./file1") = 0 [pid 1526] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1525] <... futex resumed>) = 0 [pid 1524] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1525] truncate("./file1", 1) = 0 [pid 1525] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1524] <... futex resumed>) = 0 [pid 1524] exit_group(0) = ? [pid 1525] <... futex resumed>) = ? [pid 1525] +++ exited with 0 +++ [pid 1524] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1524, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 285] restart_syscall(<... resuming interrupted clone ...> [pid 1530] <... mount resumed>) = 0 [pid 1530] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1530] chdir("./file1") = 0 [pid 1530] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 285] <... restart_syscall resumed>) = 0 [pid 285] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 55.937233][ T1525] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 55.940550][ T1530] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 55.966614][ T1525] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 285] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1535] <... close resumed>) = 0 [pid 1535] mkdir("./file1", 0777) = 0 [pid 1535] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1537] <... ioctl resumed>) = 0 [pid 1530] <... openat resumed>) = 4 [pid 1526] <... openat resumed>) = 4 [pid 1537] close(3) = 0 [pid 1537] close(4 [pid 1530] ioctl(4, LOOP_CLR_FD [pid 1526] ioctl(4, LOOP_CLR_FD [pid 285] <... umount2 resumed>) = 0 [pid 285] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 285] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] close(4) = 0 [pid 285] rmdir("./47/file1") = 0 [pid 285] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] unlink("./47/binderfs") = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] close(3) = 0 [pid 285] rmdir("./47") = 0 [pid 285] mkdir("./48", 0777) = 0 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1537] <... close resumed>) = 0 [pid 1530] <... ioctl resumed>) = 0 [pid 1526] <... ioctl resumed>) = 0 [pid 1530] close(4 [pid 1526] close(4 [pid 1530] <... close resumed>) = 0 [pid 1526] <... close resumed>) = 0 [pid 1530] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1526] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1530] <... futex resumed>) = 1 [pid 1529] <... futex resumed>) = 0 [pid 1526] <... futex resumed>) = 1 [pid 1523] <... futex resumed>) = 0 [pid 1537] mkdir("./file1", 0777 [pid 1530] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1526] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1523] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1526] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1523] <... futex resumed>) = 0 [pid 1526] openat(AT_FDCWD, "./file1", O_RDWR [pid 1523] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1526] <... openat resumed>) = 4 [pid 1526] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1523] <... futex resumed>) = 0 [pid 1526] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1523] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1526] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1523] <... futex resumed>) = 0 [pid 1526] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1523] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1526] <... pwrite64 resumed>) = 87490 [pid 1526] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1523] <... futex resumed>) = 0 [pid 1526] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1523] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1529] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1526] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1523] <... futex resumed>) = 0 [pid 1526] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1523] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1537] <... mkdir resumed>) = 0 [pid 1530] <... futex resumed>) = 0 [pid 1529] <... futex resumed>) = 1 [pid 1526] <... openat resumed>) = 5 [pid 1526] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1523] <... futex resumed>) = 0 [pid 1526] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1523] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1526] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1523] <... futex resumed>) = 0 [pid 1526] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1523] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1537] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1530] openat(AT_FDCWD, "./file1", O_RDWR [pid 1529] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] <... openat resumed>) = 3 [pid 1530] <... openat resumed>) = 4 [pid 285] ioctl(3, LOOP_CLR_FD [pid 1530] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1530] <... futex resumed>) = 1 [pid 1529] <... futex resumed>) = 0 [pid 285] close(3 [pid 1530] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1529] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] <... close resumed>) = 0 [pid 1530] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1529] <... futex resumed>) = 0 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1530] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1529] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1526] <... pwrite64 resumed>) = 176128 [pid 1526] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1523] <... futex resumed>) = 0 [pid 1523] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1523] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1526] <... futex resumed>) = 1 [ 56.148836][ T1535] EXT4-fs (loop0): Ignoring removed nobh option [ 56.166954][ T1535] EXT4-fs (loop0): Ignoring removed bh option [ 56.169049][ T1526] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1526] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864./strace-static-x86_64: Process 1544 attached [pid 1530] <... pwrite64 resumed>) = 87490 [pid 285] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1544 [pid 1526] <... pwrite64 resumed>) = 176128 [pid 1526] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1523] <... futex resumed>) = 0 [pid 1523] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1523] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1526] <... futex resumed>) = 1 [pid 1526] truncate("./file1", 1) = 0 [pid 1526] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1523] <... futex resumed>) = 0 [pid 1523] exit_group(0) = ? [pid 1526] <... futex resumed>) = ? [pid 1526] +++ exited with 0 +++ [pid 1523] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1523, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 1544] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1544] chdir("./48") = 0 [pid 1544] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1544] setpgid(0, 0executing program ) = 0 [pid 1544] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1544] write(3, "1000", 4) = 4 [pid 1544] close(3) = 0 [pid 1544] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1544] write(1, "executing program\n", 18) = 18 [pid 1544] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1544] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1544] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1544] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1544] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1544] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1544] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1545]}, 88) = 1545 [pid 1544] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1544] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1544] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1530] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1530] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1545 attached [pid 1545] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1545] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1545] memfd_create("syzkaller", 0) = 3 [pid 287] <... restart_syscall resumed>) = 0 [pid 287] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1529] <... futex resumed>) = 0 [pid 1529] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1530] <... futex resumed>) = 0 [pid 1529] <... futex resumed>) = 1 [pid 1530] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1529] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1530] <... openat resumed>) = 5 [pid 1530] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1529] <... futex resumed>) = 0 [pid 1530] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1529] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1545] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1529] <... futex resumed>) = 0 [pid 1545] <... mmap resumed>) = 0x7f895cf98000 [pid 1545] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1529] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1545] <... write resumed>) = 524288 [pid 1545] munmap(0x7f895cf98000, 138412032) = 0 [pid 1545] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1535] <... mount resumed>) = 0 [pid 1535] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1535] chdir("./file1") = 0 [pid 1535] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1530] <... pwrite64 resumed>) = 176128 [pid 1530] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1529] <... futex resumed>) = 0 [pid 1529] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1529] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 56.193012][ T1526] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 56.205208][ T1535] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 56.225246][ T1530] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1530] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1530] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1529] <... futex resumed>) = 0 [pid 1529] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1529] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1530] <... futex resumed>) = 1 [pid 1530] truncate("./file1", 1) = 0 [pid 1530] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1529] <... futex resumed>) = 0 [pid 1529] exit_group(0) = ? [pid 1530] <... futex resumed>) = ? [pid 1530] +++ exited with 0 +++ [pid 1529] +++ exited with 0 +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1529, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 284] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 284] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1545] <... openat resumed>) = 4 [pid 1535] <... openat resumed>) = 4 [pid 1545] ioctl(4, LOOP_SET_FD, 3 [ 56.240966][ T1530] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 56.276664][ T1537] EXT4-fs (loop3): Ignoring removed nobh option [ 56.283029][ T1537] EXT4-fs (loop3): Ignoring removed bh option [pid 1535] ioctl(4, LOOP_CLR_FD [pid 1537] <... mount resumed>) = 0 [pid 1537] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1537] chdir("./file1") = 0 [ 56.289352][ T1537] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1537] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1545] <... ioctl resumed>) = 0 [pid 1535] <... ioctl resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 284] <... umount2 resumed>) = 0 [pid 1537] <... openat resumed>) = 4 [pid 1537] ioctl(4, LOOP_CLR_FD) = 0 [pid 1537] close(4) = 0 [pid 1537] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1536] <... futex resumed>) = 0 [pid 1536] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1536] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1537] <... futex resumed>) = 1 [pid 1537] openat(AT_FDCWD, "./file1", O_RDWR) = 4 [pid 1537] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1536] <... futex resumed>) = 0 [pid 1536] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1536] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1537] <... futex resumed>) = 1 [pid 1537] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1535] close(4) = 0 [pid 1545] close(3 [pid 1535] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1537] <... pwrite64 resumed>) = 87490 [pid 1537] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1536] <... futex resumed>) = 0 [pid 1536] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1536] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1537] <... futex resumed>) = 1 [pid 1537] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1537] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1536] <... futex resumed>) = 0 [pid 1536] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1536] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1537] <... futex resumed>) = 1 [pid 1537] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1535] <... futex resumed>) = 1 [pid 1533] <... futex resumed>) = 0 [pid 1545] <... close resumed>) = 0 [pid 1535] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1533] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1545] close(4 [pid 1535] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1533] <... futex resumed>) = 0 [pid 287] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1533] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1535] openat(AT_FDCWD, "./file1", O_RDWR [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1535] <... openat resumed>) = 4 [pid 287] newfstatat(AT_FDCWD, "./48/file1", [pid 284] newfstatat(AT_FDCWD, "./48/file1", [pid 1535] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1535] <... futex resumed>) = 1 [pid 1533] <... futex resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1535] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1533] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1535] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1533] <... futex resumed>) = 0 [pid 287] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1535] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1533] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1535] <... pwrite64 resumed>) = 87490 [pid 284] openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 284] <... openat resumed>) = 4 [pid 287] <... openat resumed>) = 4 [pid 284] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] newfstatat(4, "", [pid 1535] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] getdents64(4, [pid 1535] <... futex resumed>) = 1 [pid 1533] <... futex resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 1533] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1533] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] close(4 [pid 287] getdents64(4, [pid 284] <... close resumed>) = 0 [pid 287] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 284] rmdir("./48/file1") = 0 [pid 287] rmdir("./48/file1") = 0 [pid 287] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./48/binderfs", [pid 284] newfstatat(AT_FDCWD, "./48/binderfs", [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./48/binderfs" [pid 284] unlink("./48/binderfs" [pid 287] <... unlink resumed>) = 0 [pid 284] <... unlink resumed>) = 0 [pid 287] getdents64(3, [pid 284] getdents64(3, [pid 287] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] close(3 [pid 284] close(3 [pid 287] <... close resumed>) = 0 [pid 284] <... close resumed>) = 0 [pid 287] rmdir("./48" [pid 284] rmdir("./48" [pid 287] <... rmdir resumed>) = 0 [pid 284] <... rmdir resumed>) = 0 [pid 287] mkdir("./49", 0777 [pid 284] mkdir("./49", 0777 [pid 287] <... mkdir resumed>) = 0 [pid 284] <... mkdir resumed>) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1535] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1535] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1533] <... futex resumed>) = 0 [pid 1533] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1533] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1535] <... futex resumed>) = 1 [pid 1535] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1537] <... pwrite64 resumed>) = 176128 [pid 1537] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1536] <... futex resumed>) = 0 [pid 1536] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1536] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1537] <... futex resumed>) = 1 [pid 1537] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1535] <... pwrite64 resumed>) = 176128 [pid 1535] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1533] <... futex resumed>) = 0 [pid 1533] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1533] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1535] <... futex resumed>) = 1 [pid 1535] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1537] <... pwrite64 resumed>) = 176128 [pid 1537] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1536] <... futex resumed>) = 0 [pid 1536] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1536] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1537] <... futex resumed>) = 1 [pid 1537] truncate("./file1", 1) = 0 [pid 1537] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1536] <... futex resumed>) = 0 [pid 1536] exit_group(0) = ? [pid 1537] <... futex resumed>) = ? [pid 1537] +++ exited with 0 +++ [pid 1536] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1536, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [ 56.390866][ T1537] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 56.402474][ T1535] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 56.406785][ T1537] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 286] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 286] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 286] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1545] <... close resumed>) = 0 [pid 1545] mkdir("./file1", 0777) = 0 [pid 1535] <... pwrite64 resumed>) = 176128 [pid 1545] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1535] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1535] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1533] <... futex resumed>) = 0 [pid 1533] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1533] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1535] <... futex resumed>) = 0 [pid 1535] truncate("./file1", 1) = 0 [pid 1535] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1535] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1533] <... futex resumed>) = 0 [pid 1533] exit_group(0 [pid 1535] <... futex resumed>) = ? [pid 1533] <... exit_group resumed>) = ? [pid 1535] +++ exited with 0 +++ [pid 1533] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1533, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 283] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 283] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... openat resumed>) = 3 [pid 286] <... umount2 resumed>) = 0 [pid 284] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD [pid 286] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] ioctl(3, LOOP_CLR_FD [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 286] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] close(4) = 0 [pid 286] rmdir("./48/file1") = 0 [pid 286] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./48/binderfs") = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] close(3) = 0 [pid 286] rmdir("./48") = 0 [pid 286] mkdir("./49", 0777) = 0 [ 56.421261][ T1535] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 56.477596][ T1545] EXT4-fs (loop2): Ignoring removed nobh option [ 56.483892][ T1545] EXT4-fs (loop2): Ignoring removed bh option [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1545] <... mount resumed>) = 0 [pid 1545] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1545] chdir("./file1") = 0 [ 56.490319][ T1545] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1545] openat(AT_FDCWD, "/dev/loop2", O_RDWRexecuting program [pid 283] <... umount2 resumed>) = 0 [pid 283] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] close(4) = 0 [pid 283] rmdir("./47/file1") = 0 [pid 283] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] unlink("./47/binderfs") = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] close(3 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 283] <... close resumed>) = 0 [pid 287] close(3 [pid 284] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 283] rmdir("./47" [pid 287] <... close resumed>) = 0 [pid 286] <... openat resumed>) = 3 [pid 284] close(3 [pid 283] <... rmdir resumed>) = 0 [pid 283] mkdir("./48", 0777) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 283] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 283] close(3) = 0 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 286] ioctl(3, LOOP_CLR_FD [pid 284] <... close resumed>) = 0 [pid 1545] <... openat resumed>) = 4 [pid 283] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1553 [pid 1545] ioctl(4, LOOP_CLR_FD) = 0 [pid 1545] close(4) = 0 [pid 1545] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... ioctl resumed>) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1545] <... futex resumed>) = 1 [pid 1544] <... futex resumed>) = 0 [pid 1545] openat(AT_FDCWD, "./file1", O_RDWR [pid 1544] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1545] <... openat resumed>) = 4 [pid 1544] <... futex resumed>) = 0 [pid 1545] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1544] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1554 [pid 286] close(3 [pid 1545] <... futex resumed>) = 0 [pid 1544] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1545] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1544] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1545] <... pwrite64 resumed>) = 87490 [pid 1544] <... futex resumed>) = 0 [pid 1544] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1555 attached [pid 1555] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1555] chdir("./49") = 0 [pid 1555] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1555] setpgid(0, 0) = 0 [pid 1555] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1555] write(3, "1000", 4) = 4 [pid 1555] close(3) = 0 [pid 1555] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1555] write(1, "executing program\n", 18) = 18 [pid 1555] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1555] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1555] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1555] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1555] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1545] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1544] <... futex resumed>) = 0 [pid 1544] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1544] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1545] <... futex resumed>) = 1 [pid 1545] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1555] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1555] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0}./strace-static-x86_64: Process 1553 attached [pid 1545] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1544] <... futex resumed>) = 0 [pid 1544] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1544] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1553] set_robust_list(0x55557fe8a6a0, 24 [pid 1545] <... futex resumed>) = 1 [pid 1545] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 286] <... close resumed>) = 0 [pid 284] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1555 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1557 [pid 1553] <... set_robust_list resumed>) = 0 [pid 1555] <... clone3 resumed> => {parent_tid=[1556]}, 88) = 1556 ./strace-static-x86_64: Process 1554 attached [pid 1555] rt_sigprocmask(SIG_SETMASK, [], [pid 1553] chdir("./48"./strace-static-x86_64: Process 1557 attached [pid 1557] set_robust_list(0x55557fe8a6a0, 24./strace-static-x86_64: Process 1556 attached ) = 0 [pid 1555] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1554] set_robust_list(0x55557fe8a6a0, 24 [pid 1553] <... chdir resumed>) = 0 [pid 1555] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1555] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1553] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1553] setpgid(0, 0) = 0 [pid 1553] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1553] write(3, "1000", 4) = 4 [pid 1553] close(3) = 0 [pid 1553] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1553] write(1, "executing program\n", 18executing program ) = 18 [pid 1553] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1553] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1553] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1553] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1553] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1553] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1553] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1558]}, 88) = 1558 [pid 1553] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1553] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1553] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1554] <... set_robust_list resumed>) = 0 [pid 1554] chdir("./49") = 0 [pid 1554] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1554] setpgid(0, 0) = 0 [pid 1554] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1554] write(3, "1000", 4) = 4 [pid 1554] close(3) = 0 [pid 1554] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1554] write(1, "executing program\n", 18executing program ) = 18 [pid 1554] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1554] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1554] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1554] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1554] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1554] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1554] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1559]}, 88) = 1559 [pid 1554] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1554] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1554] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1556] set_robust_list(0x7f89653b89a0, 24 [pid 1557] chdir("./49" [pid 1556] <... set_robust_list resumed>) = 0 [pid 1556] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1556] memfd_create("syzkaller", 0 [pid 1557] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 1558 attached ./strace-static-x86_64: Process 1559 attached [pid 1558] set_robust_list(0x7f89653b89a0, 24 [pid 1559] set_robust_list(0x7f89653b89a0, 24 [pid 1558] <... set_robust_list resumed>) = 0 [pid 1559] <... set_robust_list resumed>) = 0 [pid 1559] rt_sigprocmask(SIG_SETMASK, [], [pid 1557] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1559] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1558] rt_sigprocmask(SIG_SETMASK, [], [pid 1545] <... pwrite64 resumed>) = 176128 [pid 1557] <... prctl resumed>) = 0 [pid 1559] memfd_create("syzkaller", 0 [pid 1558] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1545] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1559] <... memfd_create resumed>) = 3 [pid 1557] setpgid(0, 0 [pid 1558] memfd_create("syzkaller", 0 [pid 1559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1545] <... futex resumed>) = 1 [pid 1544] <... futex resumed>) = 0 [pid 1559] <... mmap resumed>) = 0x7f895cf98000 [pid 1558] <... memfd_create resumed>) = 3 [pid 1556] <... memfd_create resumed>) = 3 [pid 1544] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1559] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1558] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1544] <... futex resumed>) = 0 [pid 1559] <... write resumed>) = 524288 [pid 1558] <... mmap resumed>) = 0x7f895cf98000 [pid 1544] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1559] munmap(0x7f895cf98000, 138412032 [pid 1558] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1559] <... munmap resumed>) = 0 [pid 1558] <... write resumed>) = 524288 [pid 1559] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1558] munmap(0x7f895cf98000, 138412032 [pid 1545] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1559] <... openat resumed>) = 4 [pid 1558] <... munmap resumed>) = 0 [pid 1556] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1559] ioctl(4, LOOP_SET_FD, 3 [pid 1557] <... setpgid resumed>) = 0 [pid 1557] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1557] write(3, "1000", 4) = 4 [pid 1557] close(3) = 0 [pid 1557] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1557] write(1, "executing program\n", 18executing program ) = 18 [pid 1557] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1557] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1557] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1557] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1557] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1557] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1557] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1560]}, 88) = 1560 [pid 1557] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1557] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1557] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1560 attached [pid 1560] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1560] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1560] memfd_create("syzkaller", 0) = 3 [pid 1560] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1560] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1560] munmap(0x7f895cf98000, 138412032) = 0 [pid 1560] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 1560] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1558] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1556] <... mmap resumed>) = 0x7f895cf98000 [pid 1545] <... pwrite64 resumed>) = 176128 [pid 1560] close(3) = 0 [pid 1559] <... ioctl resumed>) = 0 [pid 1558] <... openat resumed>) = 4 [pid 1556] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1545] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1559] close(3 [pid 1558] ioctl(4, LOOP_SET_FD, 3 [pid 1559] <... close resumed>) = 0 [pid 1559] close(4 [pid 1556] <... write resumed>) = 524288 [pid 1560] close(4 [pid 1556] munmap(0x7f895cf98000, 138412032) = 0 [pid 1556] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1544] <... futex resumed>) = 0 [pid 1544] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1544] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1545] <... futex resumed>) = 1 [pid 1545] truncate("./file1", 1 [pid 1559] <... close resumed>) = 0 [pid 1558] <... ioctl resumed>) = 0 [pid 1559] mkdir("./file1", 0777) = 0 [pid 1558] close(3) = 0 [pid 1558] close(4 [pid 1559] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1545] <... truncate resumed>) = 0 [pid 1545] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1545] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1544] <... futex resumed>) = 0 [pid 1544] exit_group(0) = ? [pid 1545] <... futex resumed>) = ? [pid 1545] +++ exited with 0 +++ [pid 1544] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1544, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 285] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 285] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1558] <... close resumed>) = 0 [pid 1558] mkdir("./file1", 0777) = 0 [ 56.559944][ T1545] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 56.584396][ T1545] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1558] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1560] <... close resumed>) = 0 [pid 1556] <... openat resumed>) = 4 [pid 1560] mkdir("./file1", 0777) = 0 [pid 1556] ioctl(4, LOOP_SET_FD, 3 [pid 1560] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1559] <... mount resumed>) = 0 [pid 1559] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1559] chdir("./file1") = 0 [ 56.665828][ T1559] EXT4-fs (loop4): Ignoring removed nobh option [ 56.672500][ T1559] EXT4-fs (loop4): Ignoring removed bh option [ 56.678682][ T1559] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1559] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1558] <... mount resumed>) = 0 [pid 1558] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1559] <... openat resumed>) = 4 [pid 1559] ioctl(4, LOOP_CLR_FD) = 0 [pid 1559] close(4 [pid 1558] <... openat resumed>) = 3 [pid 1558] chdir("./file1") = 0 [pid 1558] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1556] <... ioctl resumed>) = 0 [pid 285] <... umount2 resumed>) = 0 [pid 1559] <... close resumed>) = 0 [pid 1559] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1556] close(3 [pid 1554] <... futex resumed>) = 0 [pid 1559] openat(AT_FDCWD, "./file1", O_RDWR [pid 1556] <... close resumed>) = 0 [pid 1554] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1556] close(4 [pid 1554] <... futex resumed>) = 0 [pid 1554] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 285] newfstatat(4, "", [pid 1559] <... openat resumed>) = 4 [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1559] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [ 56.710078][ T1558] EXT4-fs (loop0): Ignoring removed nobh option [ 56.716385][ T1558] EXT4-fs (loop0): Ignoring removed bh option [ 56.722668][ T1558] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 56.747839][ T1560] EXT4-fs (loop3): Ignoring removed nobh option [ 56.754154][ T1560] EXT4-fs (loop3): Ignoring removed bh option [pid 285] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] close(4) = 0 [pid 285] rmdir("./48/file1") = 0 [pid 285] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] unlink("./48/binderfs") = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] close(3) = 0 [pid 285] rmdir("./48") = 0 [pid 285] mkdir("./49", 0777) = 0 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1559] <... futex resumed>) = 1 [pid 1554] <... futex resumed>) = 0 [pid 1559] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1554] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1559] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1554] <... futex resumed>) = 0 [pid 1559] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1554] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1559] <... pwrite64 resumed>) = 87490 [pid 1559] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1554] <... futex resumed>) = 0 [pid 1559] <... futex resumed>) = 1 [pid 1554] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1559] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1554] <... futex resumed>) = 0 [pid 1559] <... openat resumed>) = 5 [pid 1554] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1559] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1554] <... futex resumed>) = 0 [pid 1559] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1554] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1554] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1559] <... pwrite64 resumed>) = 176128 [pid 1559] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1554] <... futex resumed>) = 0 [pid 1554] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1554] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1559] <... futex resumed>) = 1 [pid 1559] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1559] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1556] <... close resumed>) = 0 [pid 285] <... openat resumed>) = 3 [pid 1558] <... openat resumed>) = 4 [pid 1554] <... futex resumed>) = 0 [pid 1556] mkdir("./file1", 0777 [pid 285] ioctl(3, LOOP_CLR_FD [pid 1556] <... mkdir resumed>) = 0 [pid 285] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1556] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [ 56.760628][ T1560] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 56.774352][ T1559] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 56.790027][ T1559] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 285] close(3 [pid 1558] ioctl(4, LOOP_CLR_FD [pid 1554] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] <... close resumed>) = 0 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1560] <... mount resumed>) = 0 [pid 1558] <... ioctl resumed>) = 0 [pid 1554] <... futex resumed>) = 0 [pid 285] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1571 [pid 1554] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1560] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1558] close(4 [pid 1559] truncate("./file1", 1 [pid 1560] <... openat resumed>) = 3 [pid 1558] <... close resumed>) = 0 [pid 1560] chdir("./file1" [pid 1558] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1560] <... chdir resumed>) = 0 [pid 1558] <... futex resumed>) = 1 [pid 1553] <... futex resumed>) = 0 [pid 1560] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1558] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1560] <... openat resumed>) = 4 [pid 1558] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1553] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1560] ioctl(4, LOOP_CLR_FD) = 0 [pid 1558] openat(AT_FDCWD, "./file1", O_RDWR [pid 1553] <... futex resumed>) = 0 [pid 1560] close(4 [pid 1553] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1558] <... openat resumed>) = 4 [pid 1560] <... close resumed>) = 0 [pid 1558] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1553] <... futex resumed>) = 0 [pid 1560] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1558] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1553] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1558] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1560] <... futex resumed>) = 1 [pid 1557] <... futex resumed>) = 0 [pid 1553] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1560] openat(AT_FDCWD, "./file1", O_RDWR [pid 1558] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1557] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1559] <... truncate resumed>) = 0 [pid 1559] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1554] <... futex resumed>) = 0 [pid 1557] <... futex resumed>) = 0 [pid 1559] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1557] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1554] exit_group(0 [pid 1560] <... openat resumed>) = 4 [pid 1558] <... pwrite64 resumed>) = 87490 [pid 1554] <... exit_group resumed>) = ? [pid 1560] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1558] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1560] <... futex resumed>) = 1 [pid 1557] <... futex resumed>) = 0 [pid 1560] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1557] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1559] <... futex resumed>) = ? [pid 1559] +++ exited with 0 +++ [pid 1554] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1554, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 1560] <... pwrite64 resumed>) = 87490 [pid 1558] <... futex resumed>) = 1 [pid 1557] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1553] <... futex resumed>) = 0 [pid 1553] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1553] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1558] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1558] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1553] <... futex resumed>) = 0 [pid 1553] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1553] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1558] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1560] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1557] <... futex resumed>) = 0 [pid 1557] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1557] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1560] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1560] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1557] <... futex resumed>) = 0 [pid 1557] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1557] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1560] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 287] <... restart_syscall resumed>) = 0 ./strace-static-x86_64: Process 1571 attached [pid 287] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1571] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1571] chdir("./49") = 0 [pid 1571] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 56.806870][ T1556] EXT4-fs (loop1): Ignoring removed nobh option [ 56.819892][ T1556] EXT4-fs (loop1): Ignoring removed bh option [ 56.828165][ T1556] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1571] setpgid(0, 0) = 0 [pid 1560] <... pwrite64 resumed>) = 176128 [pid 1560] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1557] <... futex resumed>) = 0 [pid 1557] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1557] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1560] <... futex resumed>) = 1 [pid 1560] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864executing program [pid 1571] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1558] <... pwrite64 resumed>) = 176128 [pid 1571] <... openat resumed>) = 3 [pid 1571] write(3, "1000", 4) = 4 [pid 1571] close(3) = 0 [pid 1571] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1571] write(1, "executing program\n", 18) = 18 [pid 1571] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1571] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1571] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1571] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1571] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1571] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1571] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1574]}, 88) = 1574 [pid 1571] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1571] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1571] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1558] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1558] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1556] <... mount resumed>) = 0 [pid 1556] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1556] chdir("./file1") = 0 [pid 1556] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 1574 attached [pid 1574] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1574] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1574] memfd_create("syzkaller", 0) = 3 [pid 1574] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1574] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1574] munmap(0x7f895cf98000, 138412032) = 0 [pid 1574] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1553] <... futex resumed>) = 0 [pid 1553] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1558] <... futex resumed>) = 0 [pid 1553] <... futex resumed>) = 1 [pid 1558] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1553] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1560] <... pwrite64 resumed>) = 176128 [pid 1560] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1557] <... futex resumed>) = 0 [pid 1557] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1557] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1560] <... futex resumed>) = 1 [pid 1560] truncate("./file1", 1) = 0 [pid 1560] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1557] <... futex resumed>) = 0 [pid 1557] exit_group(0) = ? [pid 1560] <... futex resumed>) = ? [pid 1560] +++ exited with 0 +++ [pid 1557] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1557, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 286] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 286] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./49/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./49/file1") = 0 [pid 287] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./49/binderfs") = 0 [ 56.854307][ T1560] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 56.854856][ T1558] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 56.871167][ T1560] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 56.895349][ T1558] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 287] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./49" [pid 1556] <... openat resumed>) = 4 [pid 287] <... rmdir resumed>) = 0 [pid 1556] ioctl(4, LOOP_CLR_FD) = 0 [pid 1556] close(4 [pid 287] mkdir("./50", 0777) = 0 [pid 1558] <... pwrite64 resumed>) = 176128 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1558] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1553] <... futex resumed>) = 0 [pid 1553] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1553] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1558] <... futex resumed>) = 1 [pid 1558] truncate("./file1", 1) = 0 [pid 1558] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1553] <... futex resumed>) = 0 [pid 1553] exit_group(0) = ? [pid 1558] +++ exited with 0 +++ [pid 1553] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1553, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 283] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 283] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1574] <... openat resumed>) = 4 [pid 1556] <... close resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 1574] ioctl(4, LOOP_SET_FD, 3 [pid 1556] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1555] <... futex resumed>) = 0 [pid 287] ioctl(3, LOOP_CLR_FD [pid 1556] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1555] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1556] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1555] <... futex resumed>) = 0 [pid 1556] openat(AT_FDCWD, "./file1", O_RDWR [pid 1555] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1556] <... openat resumed>) = 4 [pid 1556] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1555] <... futex resumed>) = 0 [pid 1556] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1555] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1556] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1555] <... futex resumed>) = 0 [pid 1556] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1555] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1574] <... ioctl resumed>) = 0 [pid 1574] close(3) = 0 [pid 1574] close(4 [pid 1556] <... pwrite64 resumed>) = 87490 [pid 1556] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1555] <... futex resumed>) = 0 [pid 1556] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1555] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1556] <... openat resumed>) = 5 [pid 1555] <... futex resumed>) = 0 [pid 1556] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1555] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1556] <... futex resumed>) = 0 [pid 1555] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1556] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1555] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1555] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1556] <... pwrite64 resumed>) = 176128 [pid 1556] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1555] <... futex resumed>) = 0 [pid 1555] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1555] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1556] <... futex resumed>) = 1 [pid 1556] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1556] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1555] <... futex resumed>) = 0 [pid 1555] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1555] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1556] <... futex resumed>) = 1 [pid 1556] truncate("./file1", 1 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 286] <... umount2 resumed>) = 0 [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1576 [pid 1574] <... close resumed>) = 0 [pid 1574] mkdir("./file1", 0777) = 0 [pid 283] <... umount2 resumed>) = 0 [pid 1574] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"..../strace-static-x86_64: Process 1576 attached [pid 1556] <... truncate resumed>) = 0 [pid 286] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./49/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] close(4) = 0 [pid 283] rmdir("./48/file1") = 0 [pid 283] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] unlink("./48/binderfs") = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] close(3) = 0 [pid 283] rmdir("./48" [pid 1576] set_robust_list(0x55557fe8a6a0, 24 [pid 1556] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] <... rmdir resumed>) = 0 [pid 1576] <... set_robust_list resumed>) = 0 [pid 1556] <... futex resumed>) = 1 [pid 1555] <... futex resumed>) = 0 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1555] exit_group(0) = ? [pid 283] mkdir("./49", 0777) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 283] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 283] close(3) = 0 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1577 ./strace-static-x86_64: Process 1577 attached [pid 1577] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1577] chdir("./49") = 0 [pid 1577] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1577] setpgid(0, 0) = 0 [pid 1577] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1577] write(3, "1000", 4) = 4 [ 56.948900][ T1556] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 56.964479][ T1556] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 56.987568][ T1574] EXT4-fs (loop2): Ignoring removed nobh option [pid 1577] close(3) = 0 [pid 1577] symlink("/dev/binderfs", "./binderfs" [pid 286] openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1576] chdir("./50" [pid 286] <... openat resumed>) = 4 [pid 1576] <... chdir resumed>) = 0 [pid 286] newfstatat(4, "", [pid 1576] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 286] getdents64(4, [pid 1576] <... prctl resumed>) = 0 [pid 286] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 1576] setpgid(0, 0 [pid 286] close(4) = 0 [pid 1577] <... symlink resumed>) = 0 [pid 1576] <... setpgid resumed>) = 0 [pid 1577] write(1, "executing program\n", 18 [pid 286] rmdir("./49/file1" [pid 1556] +++ exited with 0 +++ [pid 1555] +++ exited with 0 +++ [pid 1576] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 286] <... rmdir resumed>) = 0 [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1555, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 286] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] restart_syscall(<... resuming interrupted clone ...> [pid 1576] <... openat resumed>) = 3 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./49/binderfs", [pid 1576] write(3, "1000", 4executing program ) = 4 [pid 1576] close(3) = 0 [pid 1576] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1576] write(1, "executing program\n", 18) = 18 [pid 1576] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1576] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1576] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1576] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1576] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1576] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1576] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 286] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./49/binderfs" [pid 1576] <... clone3 resumed> => {parent_tid=[1578]}, 88) = 1578 [pid 1576] rt_sigprocmask(SIG_SETMASK, [], [pid 286] <... unlink resumed>) = 0 [pid 1576] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 286] getdents64(3, [pid 1576] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 1576] <... futex resumed>) = 0 [pid 286] close(3) = 0 [pid 1576] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 286] rmdir("./49"./strace-static-x86_64: Process 1578 attached [pid 1578] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1578] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 286] <... rmdir resumed>) = 0 [pid 286] mkdir("./50", 0777 [pid 1578] memfd_create("syzkaller", 0 [pid 286] <... mkdir resumed>) = 0 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1578] <... memfd_create resumed>) = 3 [pid 286] <... openat resumed>) = 3 [pid 286] ioctl(3, LOOP_CLR_FD [pid 1578] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 286] close(3) = 0 [pid 1578] <... mmap resumed>) = 0x7f895cf98000 [pid 1578] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288executing program ) = 524288 [pid 1577] <... write resumed>) = 18 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 284] <... restart_syscall resumed>) = 0 [pid 284] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1579 [pid 1577] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1577] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1577] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1577] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1577] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1577] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1577] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1580]}, 88) = 1580 [pid 1577] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1577] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1577] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1578] munmap(0x7f895cf98000, 138412032) = 0 [pid 1578] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 1578] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 1579 attached [pid 1579] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1579] chdir("./50") = 0 [pid 1579] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1579] setpgid(0, 0) = 0 [pid 1579] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1579] write(3, "1000", 4) = 4 [pid 1579] close(3) = 0 [pid 1579] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1579] write(1, "executing program\n", 18) = 18 [pid 1579] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1579] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1579] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1579] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1579] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1579] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1579] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1582]}, 88) = 1582 [pid 1579] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1579] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1579] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1582 attached ./strace-static-x86_64: Process 1580 attached [pid 1582] set_robust_list(0x7f89653b89a0, 24 [pid 1578] <... ioctl resumed>) = 0 [pid 1580] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1580] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1580] memfd_create("syzkaller", 0) = 3 [pid 1580] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1578] close(3 [pid 1582] <... set_robust_list resumed>) = 0 [pid 1578] <... close resumed>) = 0 [pid 1578] close(4 [pid 1582] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1582] memfd_create("syzkaller", 0) = 3 [pid 1582] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1580] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1582] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1580] <... write resumed>) = 524288 [pid 1580] munmap(0x7f895cf98000, 138412032) = 0 [pid 1582] <... write resumed>) = 524288 [pid 1580] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1582] munmap(0x7f895cf98000, 138412032) = 0 [pid 1582] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1574] <... mount resumed>) = 0 [pid 1574] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1574] chdir("./file1") = 0 [ 57.004606][ T1574] EXT4-fs (loop2): Ignoring removed bh option [ 57.022509][ T1574] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1574] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1578] <... close resumed>) = 0 [pid 284] <... umount2 resumed>) = 0 [pid 1578] mkdir("./file1", 0777) = 0 [pid 1578] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1582] <... openat resumed>) = 4 [pid 1580] <... openat resumed>) = 4 [pid 1574] <... openat resumed>) = 4 [pid 284] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1574] ioctl(4, LOOP_CLR_FD [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1574] <... ioctl resumed>) = 0 [pid 284] newfstatat(AT_FDCWD, "./49/file1", [pid 1574] close(4 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1574] <... close resumed>) = 0 [pid 284] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1574] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1571] <... futex resumed>) = 0 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1574] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1571] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1574] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1571] <... futex resumed>) = 0 [pid 284] openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1574] openat(AT_FDCWD, "./file1", O_RDWR [pid 1571] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] <... openat resumed>) = 4 [pid 284] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1574] <... openat resumed>) = 4 [pid 284] getdents64(4, [pid 1574] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1571] <... futex resumed>) = 0 [pid 284] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 1580] ioctl(4, LOOP_SET_FD, 3 [pid 1574] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1571] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] getdents64(4, [pid 1574] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1571] <... futex resumed>) = 0 [pid 284] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 1574] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1571] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] close(4 [pid 1574] <... pwrite64 resumed>) = 87490 [pid 284] <... close resumed>) = 0 [pid 1574] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] rmdir("./49/file1" [pid 1574] <... futex resumed>) = 1 [pid 1571] <... futex resumed>) = 0 [pid 284] <... rmdir resumed>) = 0 [pid 1574] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1571] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1574] <... openat resumed>) = 5 [pid 1571] <... futex resumed>) = 0 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1574] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1571] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] newfstatat(AT_FDCWD, "./49/binderfs", [pid 1574] <... futex resumed>) = 0 [pid 1571] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 284] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1574] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1571] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] unlink("./49/binderfs" [pid 1582] ioctl(4, LOOP_SET_FD, 3 [pid 1571] <... futex resumed>) = 0 [pid 1580] <... ioctl resumed>) = 0 [pid 1580] close(3) = 0 [pid 1580] close(4 [pid 284] <... unlink resumed>) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] close(3) = 0 [pid 284] rmdir("./49") = 0 [pid 284] mkdir("./50", 0777) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1571] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1574] <... pwrite64 resumed>) = 176128 [pid 1574] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1571] <... futex resumed>) = 0 [pid 1571] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1571] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1574] <... futex resumed>) = 1 [ 57.093163][ T1578] EXT4-fs (loop4): Ignoring removed nobh option [ 57.099578][ T1578] EXT4-fs (loop4): Ignoring removed bh option [ 57.105819][ T1578] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 57.111178][ T1574] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1574] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1580] <... close resumed>) = 0 [pid 1580] mkdir("./file1", 0777 [pid 1574] <... pwrite64 resumed>) = 176128 [pid 1580] <... mkdir resumed>) = 0 [pid 1574] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1580] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1574] <... futex resumed>) = 1 [pid 1571] <... futex resumed>) = 0 [pid 1571] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1571] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1574] truncate("./file1", 1 [pid 1582] <... ioctl resumed>) = 0 [pid 284] <... openat resumed>) = 3 [pid 1582] close(3 [pid 284] ioctl(3, LOOP_CLR_FD [pid 1582] <... close resumed>) = 0 [pid 284] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1582] close(4 [pid 284] close(3 [pid 1582] <... close resumed>) = 0 [pid 1578] <... mount resumed>) = 0 [pid 284] <... close resumed>) = 0 [pid 1582] mkdir("./file1", 0777 [pid 1578] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1582] <... mkdir resumed>) = 0 [pid 1582] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 284] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1589 ./strace-static-x86_64: Process 1589 attached [pid 1589] set_robust_list(0x55557fe8a6a0, 24 [pid 1578] <... openat resumed>) = 3 [pid 1574] <... truncate resumed>) = 0 [ 57.133491][ T1574] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 57.153105][ T1580] EXT4-fs (loop0): Ignoring removed nobh option [ 57.166993][ T1582] EXT4-fs (loop3): Ignoring removed nobh option [ 57.168908][ T1580] EXT4-fs (loop0): Ignoring removed bh option [ 57.173873][ T1582] EXT4-fs (loop3): Ignoring removed bh option [pid 1589] <... set_robust_list resumed>) = 0 [pid 1578] chdir("./file1" [pid 1574] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1589] chdir("./50" [pid 1578] <... chdir resumed>) = 0 [pid 1574] <... futex resumed>) = 1 [pid 1571] <... futex resumed>) = 0 [pid 1589] <... chdir resumed>) = 0 [pid 1578] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1574] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1571] exit_group(0 [pid 1589] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1578] <... openat resumed>) = 4 [pid 1574] <... futex resumed>) = ? [pid 1571] <... exit_group resumed>) = ? [pid 1589] <... prctl resumed>) = 0 [pid 1578] ioctl(4, LOOP_CLR_FD [pid 1574] +++ exited with 0 +++ [pid 1571] +++ exited with 0 +++ [pid 1589] setpgid(0, 0 [pid 1578] <... ioctl resumed>) = 0 [pid 1589] <... setpgid resumed>) = 0 [pid 1578] close(4 [pid 1589] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1578] <... close resumed>) = 0 [pid 1589] <... openat resumed>) = 3 [pid 1578] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1589] write(3, "1000", 4 [pid 1578] <... futex resumed>) = 1 [pid 1589] <... write resumed>) = 4 [pid 1578] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1589] close(3) = 0 executing program [pid 1589] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1589] write(1, "executing program\n", 18) = 18 [pid 1589] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1589] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1589] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1589] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1589] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1589] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1589] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1590]}, 88) = 1590 [pid 1589] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1589] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1589] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1571, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 285] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 285] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1576] <... futex resumed>) = 0 [pid 1576] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1578] <... futex resumed>) = 0 [pid 1576] <... futex resumed>) = 1 [pid 1578] openat(AT_FDCWD, "./file1", O_RDWR [pid 1576] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1578] <... openat resumed>) = 4 [pid 1578] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1576] <... futex resumed>) = 0 [pid 1578] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1576] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1578] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1576] <... futex resumed>) = 0 [pid 1578] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1576] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1578] <... pwrite64 resumed>) = 87490 [pid 1578] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1576] <... futex resumed>) = 0 [pid 1576] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1576] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1578] <... futex resumed>) = 1 [pid 1578] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1578] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1576] <... futex resumed>) = 0 [pid 1578] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1576] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1576] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1590 attached [pid 1590] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1590] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1590] memfd_create("syzkaller", 0) = 3 [pid 1590] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1590] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1580] <... mount resumed>) = 0 [pid 1590] <... write resumed>) = 524288 [pid 1580] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1590] munmap(0x7f895cf98000, 138412032) = 0 [pid 1590] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1580] <... openat resumed>) = 3 [pid 1580] chdir("./file1") = 0 [pid 1580] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1578] <... pwrite64 resumed>) = 176128 [pid 1578] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1578] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1576] <... futex resumed>) = 0 [pid 1576] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1576] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1578] <... futex resumed>) = 0 [ 57.179655][ T1580] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 57.189270][ T1582] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 57.221471][ T1578] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1578] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1578] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1578] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1576] <... futex resumed>) = 0 [pid 1578] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1576] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1578] truncate("./file1", 1 [pid 1582] <... mount resumed>) = 0 [pid 1576] <... futex resumed>) = 0 [pid 1582] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1576] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1582] <... openat resumed>) = 3 [pid 1582] chdir("./file1") = 0 [pid 1582] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1590] <... openat resumed>) = 4 [pid 1580] <... openat resumed>) = 4 [pid 1578] <... truncate resumed>) = 0 [pid 285] <... umount2 resumed>) = 0 [pid 1590] ioctl(4, LOOP_SET_FD, 3 [pid 1580] ioctl(4, LOOP_CLR_FD) = 0 [pid 1580] close(4 [pid 1578] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1576] <... futex resumed>) = 0 [pid 1576] exit_group(0) = ? [pid 1578] <... futex resumed>) = ? [pid 1578] +++ exited with 0 +++ [pid 1576] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1576, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 285] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1590] <... ioctl resumed>) = 0 [pid 1582] <... openat resumed>) = 4 [pid 1580] <... close resumed>) = 0 [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./49/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 285] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] close(4) = 0 [pid 285] rmdir("./49/file1") = 0 [pid 285] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... restart_syscall resumed>) = 0 [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] unlink("./49/binderfs" [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] <... unlink resumed>) = 0 [pid 287] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] getdents64(3, [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] close(3 [pid 287] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... close resumed>) = 0 [pid 285] rmdir("./49") = 0 [pid 285] mkdir("./50", 0777) = 0 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1590] close(3) = 0 [pid 1590] close(4 [pid 1582] ioctl(4, LOOP_CLR_FD [pid 1580] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1577] <... futex resumed>) = 0 [pid 1580] openat(AT_FDCWD, "./file1", O_RDWR [pid 1577] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1580] <... openat resumed>) = 4 [pid 1577] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1580] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1577] <... futex resumed>) = 0 [pid 1580] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1577] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1580] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1577] <... futex resumed>) = 0 [pid 1580] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1577] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1580] <... pwrite64 resumed>) = 87490 [pid 1580] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1577] <... futex resumed>) = 0 [pid 1580] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1577] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1580] <... openat resumed>) = 5 [pid 1577] <... futex resumed>) = 0 [pid 1580] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1577] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1580] <... futex resumed>) = 0 [pid 1577] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1580] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1577] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1577] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1580] <... pwrite64 resumed>) = 176128 [pid 1580] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1577] <... futex resumed>) = 0 [pid 1580] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1577] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 57.237343][ T1578] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 57.273898][ T1580] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1577] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1590] <... close resumed>) = 0 [pid 1582] <... ioctl resumed>) = 0 [pid 1580] <... pwrite64 resumed>) = 176128 [pid 1580] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1577] <... futex resumed>) = 0 [pid 1577] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1577] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1580] <... futex resumed>) = 1 [pid 1580] truncate("./file1", 1) = 0 [pid 1580] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1577] <... futex resumed>) = 0 [pid 1577] exit_group(0) = ? [pid 1580] <... futex resumed>) = ? [pid 1580] +++ exited with 0 +++ [pid 1577] +++ exited with 0 +++ [pid 1590] mkdir("./file1", 0777 [pid 1582] close(4 [pid 285] <... openat resumed>) = 3 [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1577, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 283] restart_syscall(<... resuming interrupted clone ...> [pid 285] ioctl(3, LOOP_CLR_FD [pid 1590] <... mkdir resumed>) = 0 [pid 1590] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 283] <... restart_syscall resumed>) = 0 [pid 283] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 57.289397][ T1580] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 283] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1582] <... close resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 285] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./50/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./50/file1") = 0 [pid 287] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./50/binderfs") = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./50") = 0 [pid 287] mkdir("./51", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1582] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1579] <... futex resumed>) = 0 [pid 1582] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1579] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1582] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1579] <... futex resumed>) = 0 [pid 1582] openat(AT_FDCWD, "./file1", O_RDWR [pid 1579] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1582] <... openat resumed>) = 4 [pid 1582] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1579] <... futex resumed>) = 0 [pid 1582] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1579] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1582] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1579] <... futex resumed>) = 0 [pid 1582] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1579] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1582] <... pwrite64 resumed>) = 87490 [pid 285] close(3 [pid 1582] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1579] <... futex resumed>) = 0 [pid 1582] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1579] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1582] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1579] <... futex resumed>) = 0 [pid 1582] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1579] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1582] <... openat resumed>) = 5 [pid 1582] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1579] <... futex resumed>) = 0 [pid 1582] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1579] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1582] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1579] <... futex resumed>) = 0 [pid 1582] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1579] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1582] <... pwrite64 resumed>) = 176128 [pid 1582] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1579] <... futex resumed>) = 0 [pid 1582] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1579] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 57.342821][ T1590] EXT4-fs (loop1): Ignoring removed nobh option [ 57.349714][ T1590] EXT4-fs (loop1): Ignoring removed bh option [ 57.356217][ T1590] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 57.358452][ T1582] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1579] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1582] <... pwrite64 resumed>) = 176128 [pid 1582] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1579] <... futex resumed>) = 0 [pid 1582] truncate("./file1", 1 [pid 1579] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1582] <... truncate resumed>) = 0 [pid 1579] <... futex resumed>) = 0 [pid 283] <... umount2 resumed>) = 0 [pid 1579] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1582] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1579] <... futex resumed>) = 0 [pid 1579] exit_group(0) = ? [pid 1582] <... futex resumed>) = ? [pid 1582] +++ exited with 0 +++ [pid 1579] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1579, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 286] restart_syscall(<... resuming interrupted clone ...> [pid 283] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./49/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] <... openat resumed>) = 3 [pid 285] <... close resumed>) = 0 [pid 283] getdents64(4, [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 283] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] ioctl(3, LOOP_CLR_FD [pid 283] close(4) = 0 [pid 283] rmdir("./49/file1") = 0 [pid 283] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] unlink("./49/binderfs") = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] close(3) = 0 [pid 283] rmdir("./49") = 0 [pid 283] mkdir("./50", 0777) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 283] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 283] close(3) = 0 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1598 ./strace-static-x86_64: Process 1598 attached [pid 1590] <... mount resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 286] <... restart_syscall resumed>) = 0 [pid 287] close(3 [pid 285] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1599 [pid 287] <... close resumed>) = 0 [pid 1590] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1590] <... openat resumed>) = 3 [pid 1590] chdir("./file1" [pid 286] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1590] <... chdir resumed>) = 0 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1590] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 286] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1598] set_robust_list(0x55557fe8a6a0, 24 [pid 1590] <... openat resumed>) = 4 [pid 287] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1600 [pid 286] <... openat resumed>) = 3 [pid 1598] <... set_robust_list resumed>) = 0 [pid 1590] ioctl(4, LOOP_CLR_FD [pid 286] newfstatat(3, "", [pid 1598] chdir("./50" [pid 1590] <... ioctl resumed>) = 0 [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1590] close(4 [pid 286] getdents64(3, [pid 1590] <... close resumed>) = 0 [pid 286] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 1590] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1598] <... chdir resumed>) = 0 [pid 1590] <... futex resumed>) = 1 [pid 1589] <... futex resumed>) = 0 [pid 1598] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1589] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1589] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1590] openat(AT_FDCWD, "./file1", O_RDWR [pid 286] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 1600 attached ./strace-static-x86_64: Process 1599 attached [pid 1598] <... prctl resumed>) = 0 [pid 1590] <... openat resumed>) = 4 [pid 286] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1599] set_robust_list(0x55557fe8a6a0, 24 [pid 1598] setpgid(0, 0 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1590] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1599] <... set_robust_list resumed>) = 0 [pid 1598] <... setpgid resumed>) = 0 [pid 286] newfstatat(AT_FDCWD, "./50/file1", [pid 1590] <... futex resumed>) = 1 [pid 1589] <... futex resumed>) = 0 [pid 1599] chdir("./50" [pid 1598] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1590] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1589] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1599] <... chdir resumed>) = 0 [pid 1598] <... openat resumed>) = 3 [pid 1590] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1589] <... futex resumed>) = 0 [pid 286] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1599] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1598] write(3, "1000", 4 [pid 1590] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1589] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1600] set_robust_list(0x55557fe8a6a0, 24 [pid 1599] <... prctl resumed>) = 0 [pid 1598] <... write resumed>) = 4 [pid 286] openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1599] setpgid(0, 0 [pid 1598] close(3 [pid 286] <... openat resumed>) = 4 [pid 1599] <... setpgid resumed>) = 0 [pid 1598] <... close resumed>) = 0 [pid 286] newfstatat(4, "", [pid 1599] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1598] symlink("/dev/binderfs", "./binderfs" [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1599] <... openat resumed>) = 3 [pid 1598] <... symlink resumed>) = 0 executing program [pid 286] getdents64(4, [pid 1599] write(3, "1000", 4 [pid 1598] write(1, "executing program\n", 18 [pid 286] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 1599] <... write resumed>) = 4 [pid 1598] <... write resumed>) = 18 [pid 286] getdents64(4, [pid 1599] close(3 [pid 1598] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 1599] <... close resumed>) = 0 [pid 1598] <... futex resumed>) = 0 [pid 286] close(4 [pid 1599] symlink("/dev/binderfs", "./binderfs" [pid 1598] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 286] <... close resumed>) = 0 [pid 1599] <... symlink resumed>) = 0 [pid 1598] <... rt_sigaction resumed>NULL, 8) = 0 executing program [pid 286] rmdir("./50/file1" [pid 1600] <... set_robust_list resumed>) = 0 [pid 1599] write(1, "executing program\n", 18 [pid 1598] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1590] <... pwrite64 resumed>) = 87490 [pid 1590] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1589] <... futex resumed>) = 0 [pid 1599] <... write resumed>) = 18 [pid 1598] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1590] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1589] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... rmdir resumed>) = 0 [pid 1599] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1598] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1590] <... openat resumed>) = 5 [pid 1589] <... futex resumed>) = 0 [pid 286] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1599] <... futex resumed>) = 0 [pid 1598] <... mmap resumed>) = 0x7f8965398000 [pid 1590] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1589] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1599] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1598] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 1590] <... futex resumed>) = 0 [pid 1589] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1600] chdir("./51" [pid 1599] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1598] <... mprotect resumed>) = 0 [pid 1590] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1589] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] newfstatat(AT_FDCWD, "./50/binderfs", [pid 1600] <... chdir resumed>) = 0 [pid 1599] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1598] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1589] <... futex resumed>) = 0 [pid 286] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1600] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1599] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1598] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1589] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] unlink("./50/binderfs" [pid 1600] <... prctl resumed>) = 0 [pid 1599] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1598] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 286] <... unlink resumed>) = 0 [pid 1600] setpgid(0, 0 [pid 1599] <... mmap resumed>) = 0x7f8965398000 [pid 286] getdents64(3, [pid 1600] <... setpgid resumed>) = 0 [pid 1599] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 1598] <... clone3 resumed> => {parent_tid=[1601]}, 88) = 1601 [ 57.383654][ T1582] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 286] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 1600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1599] <... mprotect resumed>) = 0 [pid 1598] rt_sigprocmask(SIG_SETMASK, [], [pid 286] close(3 [pid 1600] <... openat resumed>) = 3 [pid 1599] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1598] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 286] <... close resumed>) = 0 [pid 1600] write(3, "1000", 4 [pid 1599] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1598] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] rmdir("./50" [pid 1600] <... write resumed>) = 4 [pid 1599] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1598] <... futex resumed>) = 0 [pid 286] <... rmdir resumed>) = 0 [pid 1600] close(3 [pid 1598] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 286] mkdir("./51", 0777 [pid 1600] <... close resumed>) = 0 [pid 1599] <... clone3 resumed> => {parent_tid=[1602]}, 88) = 1602 [pid 286] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 1601 attached [pid 1600] symlink("/dev/binderfs", "./binderfs" [pid 1599] rt_sigprocmask(SIG_SETMASK, [], [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1600] <... symlink resumed>) = 0 [pid 1599] <... rt_sigprocmask resumed>NULL, 8) = 0 executing program [pid 1600] write(1, "executing program\n", 18 [pid 1599] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1600] <... write resumed>) = 18 [pid 1599] <... futex resumed>) = 0 [pid 1600] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1599] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1600] <... futex resumed>) = 0 [pid 1600] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1600] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1600] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1600] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1600] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1600] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1603]}, 88) = 1603 [pid 1600] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1600] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1600] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1602 attached [pid 1602] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1602] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1602] memfd_create("syzkaller", 0) = 3 [pid 1602] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1602] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1602] munmap(0x7f895cf98000, 138412032) = 0 [pid 1602] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1601] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1601] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1601] memfd_create("syzkaller", 0) = 3 [pid 1601] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1601] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1601] munmap(0x7f895cf98000, 138412032) = 0 [pid 1601] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 1603 attached [pid 1603] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1603] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1603] memfd_create("syzkaller", 0) = 3 [pid 1603] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 286] <... openat resumed>) = 3 [pid 1603] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1603] munmap(0x7f895cf98000, 138412032) = 0 [pid 1603] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 286] ioctl(3, LOOP_CLR_FD [pid 1603] ioctl(4, LOOP_SET_FD, 3 [pid 1590] <... pwrite64 resumed>) = 176128 [pid 1602] <... openat resumed>) = 4 [pid 1590] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1603] <... ioctl resumed>) = 0 [pid 1601] <... openat resumed>) = 4 [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1602] ioctl(4, LOOP_SET_FD, 3 [pid 1589] <... futex resumed>) = 0 [pid 1589] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1589] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1590] <... futex resumed>) = 1 [pid 1590] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 286] close(3 [pid 1603] close(3 [pid 1601] ioctl(4, LOOP_SET_FD, 3 [pid 1603] <... close resumed>) = 0 [pid 1603] close(4 [pid 1602] <... ioctl resumed>) = 0 [pid 286] <... close resumed>) = 0 [pid 1602] close(3 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1602] <... close resumed>) = 0 [pid 1602] close(4 [pid 286] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1607 [pid 1602] <... close resumed>) = 0 [pid 1601] <... ioctl resumed>) = 0 [pid 1602] mkdir("./file1", 0777 [pid 1601] close(3 [pid 1602] <... mkdir resumed>) = 0 [pid 1601] <... close resumed>) = 0 [pid 1602] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1601] close(4./strace-static-x86_64: Process 1607 attached [pid 1607] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1607] chdir("./51") = 0 [pid 1607] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1607] setpgid(0, 0) = 0 [pid 1607] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1607] write(3, "1000", 4) = 4 [pid 1607] close(3) = 0 [pid 1607] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1590] <... pwrite64 resumed>) = 176128 executing program [pid 1607] write(1, "executing program\n", 18) = 18 [pid 1607] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1607] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1607] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1607] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1607] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1590] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1589] <... futex resumed>) = 0 [pid 1607] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1590] <... futex resumed>) = 1 [pid 1589] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1589] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1607] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1607] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1608]}, 88) = 1608 [pid 1607] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1607] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1607] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1608 attached [pid 1608] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1608] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1608] memfd_create("syzkaller", 0) = 3 [pid 1608] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1590] truncate("./file1", 1 [pid 1608] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1590] <... truncate resumed>) = 0 [pid 1590] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1589] <... futex resumed>) = 0 [pid 1589] exit_group(0) = ? [pid 1608] <... write resumed>) = 524288 [pid 1608] munmap(0x7f895cf98000, 138412032 [pid 1590] <... futex resumed>) = ? [pid 1608] <... munmap resumed>) = 0 [pid 1608] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1590] +++ exited with 0 +++ [pid 1589] +++ exited with 0 +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1589, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 284] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 284] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1601] <... close resumed>) = 0 [pid 1603] <... close resumed>) = 0 [ 57.437726][ T1590] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 57.461154][ T1590] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1601] mkdir("./file1", 0777 [pid 1603] mkdir("./file1", 0777) = 0 [pid 1603] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1601] <... mkdir resumed>) = 0 [pid 1601] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1608] <... openat resumed>) = 4 [pid 1608] ioctl(4, LOOP_SET_FD, 3 [pid 1602] <... mount resumed>) = 0 [pid 1602] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1602] chdir("./file1") = 0 [ 57.499277][ T1602] EXT4-fs (loop2): Ignoring removed nobh option [ 57.505634][ T1602] EXT4-fs (loop2): Ignoring removed bh option [ 57.511814][ T1602] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1602] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1608] <... ioctl resumed>) = 0 [pid 1608] close(3) = 0 [pid 1608] close(4) = 0 [pid 1608] mkdir("./file1", 0777) = 0 [pid 1608] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 284] <... umount2 resumed>) = 0 [pid 284] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./50/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 284] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] close(4) = 0 [pid 284] rmdir("./50/file1") = 0 [pid 284] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] unlink("./50/binderfs") = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] close(3) = 0 [pid 284] rmdir("./50") = 0 [pid 284] mkdir("./51", 0777) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 284] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 284] close(3) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1612 ./strace-static-x86_64: Process 1612 attached [pid 1602] <... openat resumed>) = 4 [pid 1602] ioctl(4, LOOP_CLR_FD) = 0 [pid 1602] close(4 [pid 1612] set_robust_list(0x55557fe8a6a0, 24) = 0 [ 57.601270][ T1603] EXT4-fs (loop4): Ignoring removed nobh option [ 57.612272][ T1608] EXT4-fs (loop3): Ignoring removed nobh option [ 57.619013][ T1608] EXT4-fs (loop3): Ignoring removed bh option [ 57.625345][ T1608] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 57.636036][ T1601] EXT4-fs (loop0): Ignoring removed nobh option [ 57.637676][ T1603] EXT4-fs (loop4): Ignoring removed bh option executing program [pid 1612] chdir("./51") = 0 [pid 1612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1612] setpgid(0, 0) = 0 [pid 1612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1612] write(3, "1000", 4) = 4 [pid 1612] close(3) = 0 [pid 1612] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1612] write(1, "executing program\n", 18) = 18 [pid 1612] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1612] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1612] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1612] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1612] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1612] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1614]}, 88) = 1614 [pid 1612] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1612] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1612] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1602] <... close resumed>) = 0 [pid 1602] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1599] <... futex resumed>) = 0 [pid 1599] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1599] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1602] <... futex resumed>) = 1 [pid 1602] openat(AT_FDCWD, "./file1", O_RDWR./strace-static-x86_64: Process 1614 attached [pid 1608] <... mount resumed>) = 0 [pid 1602] <... openat resumed>) = 4 [pid 1614] set_robust_list(0x7f89653b89a0, 24 [pid 1602] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1614] <... set_robust_list resumed>) = 0 [pid 1602] <... futex resumed>) = 1 [pid 1614] rt_sigprocmask(SIG_SETMASK, [], [pid 1602] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1614] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1614] memfd_create("syzkaller", 0) = 3 [pid 1614] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1614] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1599] <... futex resumed>) = 0 [pid 1608] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1608] chdir("./file1") = 0 [pid 1608] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 1608] ioctl(4, LOOP_CLR_FD) = 0 [pid 1608] close(4) = 0 [pid 1608] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1607] <... futex resumed>) = 0 [pid 1608] openat(AT_FDCWD, "./file1", O_RDWR [pid 1607] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1607] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1608] <... openat resumed>) = 4 [pid 1608] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1607] <... futex resumed>) = 0 [pid 1608] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1607] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1608] <... pwrite64 resumed>) = 87490 [pid 1607] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1614] <... write resumed>) = 524288 [pid 1614] munmap(0x7f895cf98000, 138412032) = 0 [pid 1608] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1607] <... futex resumed>) = 0 [pid 1607] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1607] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1608] <... futex resumed>) = 1 [pid 1608] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1614] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1608] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1607] <... futex resumed>) = 0 [pid 1607] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1607] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1608] <... futex resumed>) = 1 [pid 1614] ioctl(4, LOOP_SET_FD, 3 [pid 1608] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1599] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1602] <... futex resumed>) = 0 [pid 1599] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1602] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1614] <... ioctl resumed>) = 0 [pid 1602] <... pwrite64 resumed>) = 87490 [pid 1614] close(3 [pid 1602] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1614] <... close resumed>) = 0 [pid 1602] <... futex resumed>) = 1 [pid 1599] <... futex resumed>) = 0 [pid 1614] close(4 [pid 1602] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1599] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1602] <... openat resumed>) = 5 [pid 1599] <... futex resumed>) = 0 [pid 1602] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1599] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1602] <... futex resumed>) = 0 [pid 1599] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1602] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1599] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 57.650140][ T1603] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 57.660080][ T1601] EXT4-fs (loop0): Ignoring removed bh option [ 57.669757][ T1601] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 57.686109][ T1608] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1599] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1608] <... pwrite64 resumed>) = 176128 [pid 1608] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1607] <... futex resumed>) = 0 [pid 1607] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1607] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1608] <... futex resumed>) = 1 [pid 1608] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1603] <... mount resumed>) = 0 [pid 1603] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1603] chdir("./file1") = 0 [pid 1603] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1602] <... pwrite64 resumed>) = 176128 [pid 1602] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1599] <... futex resumed>) = 0 [pid 1599] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1599] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1602] <... futex resumed>) = 1 [pid 1602] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1608] <... pwrite64 resumed>) = 176128 [pid 1608] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1607] <... futex resumed>) = 0 [pid 1607] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1607] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1608] <... futex resumed>) = 1 [pid 1608] truncate("./file1", 1) = 0 [pid 1608] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1607] <... futex resumed>) = 0 [pid 1607] exit_group(0) = ? [pid 1608] <... futex resumed>) = ? [pid 1608] +++ exited with 0 +++ [pid 1607] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1607, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 286] restart_syscall(<... resuming interrupted clone ...> [pid 1601] <... mount resumed>) = 0 [pid 1601] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1601] chdir("./file1") = 0 [pid 1601] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 286] <... restart_syscall resumed>) = 0 [pid 286] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 286] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1614] <... close resumed>) = 0 [pid 1603] <... openat resumed>) = 4 [pid 1602] <... pwrite64 resumed>) = 176128 [pid 1601] <... openat resumed>) = 4 [pid 1603] ioctl(4, LOOP_CLR_FD [pid 1601] ioctl(4, LOOP_CLR_FD [pid 1602] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1599] <... futex resumed>) = 0 [pid 1599] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1599] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1602] <... futex resumed>) = 1 [pid 1602] truncate("./file1", 1 [pid 1614] mkdir("./file1", 0777) = 0 [pid 1614] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1602] <... truncate resumed>) = 0 [pid 1602] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1599] <... futex resumed>) = 0 [pid 1599] exit_group(0) = ? [pid 1602] <... futex resumed>) = ? [pid 1602] +++ exited with 0 +++ [pid 1599] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1599, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 285] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 285] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 57.693630][ T1602] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 57.704200][ T1608] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 57.719425][ T1602] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 285] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1603] <... ioctl resumed>) = 0 [pid 1603] close(4) = 0 [pid 1603] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1600] <... futex resumed>) = 0 [pid 1603] openat(AT_FDCWD, "./file1", O_RDWR [pid 1600] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1600] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1603] <... openat resumed>) = 4 [pid 1601] <... ioctl resumed>) = 0 [pid 1603] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1601] close(4 [pid 1603] <... futex resumed>) = 1 [pid 1600] <... futex resumed>) = 0 [pid 1603] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1600] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1603] <... pwrite64 resumed>) = 87490 [pid 1600] <... futex resumed>) = 0 [pid 1600] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1603] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1600] <... futex resumed>) = 0 [pid 1600] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1600] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1603] <... futex resumed>) = 1 [pid 1603] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1603] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1600] <... futex resumed>) = 0 [pid 1600] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1600] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1603] <... futex resumed>) = 1 [pid 1603] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1614] <... mount resumed>) = 0 [pid 1614] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1614] chdir("./file1") = 0 [pid 1614] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1603] <... pwrite64 resumed>) = 176128 [pid 1603] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1600] <... futex resumed>) = 0 [pid 1600] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1600] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1603] <... futex resumed>) = 1 [ 57.774221][ T1614] EXT4-fs (loop1): Ignoring removed nobh option [ 57.780629][ T1614] EXT4-fs (loop1): Ignoring removed bh option [ 57.787490][ T1614] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 57.790999][ T1603] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1603] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1603] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1603] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1600] <... futex resumed>) = 0 [pid 1600] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1600] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1603] <... futex resumed>) = 0 [pid 1603] truncate("./file1", 1) = 0 [pid 1603] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1603] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1600] <... futex resumed>) = 0 [pid 1600] exit_group(0) = ? [pid 1603] <... futex resumed>) = 231 [pid 1603] +++ exited with 0 +++ [pid 1600] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1600, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1614] <... openat resumed>) = 4 [pid 1601] <... close resumed>) = 0 [pid 286] <... umount2 resumed>) = 0 [pid 285] <... umount2 resumed>) = 0 [pid 1614] ioctl(4, LOOP_CLR_FD [pid 1601] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1614] <... ioctl resumed>) = 0 [pid 286] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1614] close(4 [pid 1601] <... futex resumed>) = 1 [pid 1598] <... futex resumed>) = 0 [pid 1614] <... close resumed>) = 0 [pid 1598] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1601] openat(AT_FDCWD, "./file1", O_RDWR [pid 1614] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1598] <... futex resumed>) = 0 [pid 286] newfstatat(AT_FDCWD, "./51/file1", [pid 285] newfstatat(AT_FDCWD, "./50/file1", [pid 1614] <... futex resumed>) = 1 [pid 1598] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1614] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 285] openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 286] <... openat resumed>) = 4 [pid 285] <... openat resumed>) = 4 [pid 286] newfstatat(4, "", [pid 285] newfstatat(4, "", [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] getdents64(4, [pid 286] getdents64(4, [pid 285] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 286] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] getdents64(4, [pid 286] close(4 [pid 285] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] <... close resumed>) = 0 [pid 285] close(4 [pid 286] rmdir("./51/file1" [pid 285] <... close resumed>) = 0 [pid 1612] <... futex resumed>) = 0 [pid 286] <... rmdir resumed>) = 0 [pid 285] rmdir("./50/file1" [pid 1612] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1601] <... openat resumed>) = 4 [pid 286] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... rmdir resumed>) = 0 [pid 1614] <... futex resumed>) = 0 [pid 1612] <... futex resumed>) = 1 [pid 1601] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1614] openat(AT_FDCWD, "./file1", O_RDWR [pid 1612] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1601] <... futex resumed>) = 1 [pid 1598] <... futex resumed>) = 0 [pid 286] newfstatat(AT_FDCWD, "./51/binderfs", [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1598] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] newfstatat(AT_FDCWD, "./50/binderfs", [pid 1614] <... openat resumed>) = 4 [pid 1601] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1598] <... futex resumed>) = 0 [pid 286] unlink("./51/binderfs" [pid 285] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1614] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1598] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] <... unlink resumed>) = 0 [pid 285] unlink("./50/binderfs" [pid 287] <... umount2 resumed>) = 0 [pid 286] getdents64(3, [pid 285] <... unlink resumed>) = 0 [pid 287] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] getdents64(3, [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] close(3 [pid 285] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] newfstatat(AT_FDCWD, "./51/file1", [pid 286] <... close resumed>) = 0 [pid 285] close(3 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] rmdir("./51" [pid 285] <... close resumed>) = 0 [pid 287] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] <... rmdir resumed>) = 0 [pid 285] rmdir("./50" [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] mkdir("./52", 0777 [pid 285] <... rmdir resumed>) = 0 [pid 287] openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 286] <... mkdir resumed>) = 0 [pid 285] mkdir("./51", 0777 [pid 1614] <... futex resumed>) = 1 [pid 1612] <... futex resumed>) = 0 [pid 1601] <... pwrite64 resumed>) = 87490 [pid 287] <... openat resumed>) = 4 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 285] <... mkdir resumed>) = 0 [pid 1614] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 287] newfstatat(4, "", [pid 286] <... openat resumed>) = 3 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] ioctl(3, LOOP_CLR_FD [pid 285] <... openat resumed>) = 3 [pid 287] getdents64(4, [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 285] ioctl(3, LOOP_CLR_FD [pid 287] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 286] close(3 [pid 285] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] getdents64(4, [pid 286] <... close resumed>) = 0 [pid 285] close(3 [pid 287] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 285] <... close resumed>) = 0 [pid 287] close(4 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] <... close resumed>) = 0 [pid 286] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1623 [pid 287] rmdir("./51/file1" [pid 285] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1624 [pid 287] <... rmdir resumed>) = 0 [pid 287] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./51/binderfs") = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./51" [pid 1614] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1612] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... rmdir resumed>) = 0 [pid 1614] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1612] <... futex resumed>) = 0 [pid 287] mkdir("./52", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1614] <... pwrite64 resumed>) = 87490 [pid 1612] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1614] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1612] <... futex resumed>) = 0 [pid 1614] <... futex resumed>) = 1 [pid 1601] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1624 attached ./strace-static-x86_64: Process 1623 attached [pid 1614] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1612] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1601] <... futex resumed>) = 1 [pid 1598] <... futex resumed>) = 0 [pid 1598] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1598] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1614] <... openat resumed>) = 5 [pid 1612] <... futex resumed>) = 0 [pid 1601] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1612] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1614] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1601] <... openat resumed>) = 5 [pid 1612] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 57.815376][ T1603] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1601] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1614] <... futex resumed>) = 0 [pid 1614] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1612] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1624] set_robust_list(0x55557fe8a6a0, 24 [pid 1601] <... futex resumed>) = 1 [pid 1598] <... futex resumed>) = 0 [pid 1623] set_robust_list(0x55557fe8a6a0, 24 [pid 1598] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1598] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1612] <... futex resumed>) = 0 [pid 1612] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1624] <... set_robust_list resumed>) = 0 [pid 1624] chdir("./51") = 0 [pid 1624] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1624] setpgid(0, 0) = 0 [pid 1624] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1624] write(3, "1000", 4) = 4 [pid 1624] close(3) = 0 executing program [pid 1624] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1624] write(1, "executing program\n", 18) = 18 [pid 1624] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1624] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1624] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1624] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1624] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1624] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1624] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1625]}, 88) = 1625 [pid 1624] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1624] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1624] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1625 attached [pid 1625] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1625] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1625] memfd_create("syzkaller", 0) = 3 [pid 1625] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1625] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1625] munmap(0x7f895cf98000, 138412032) = 0 [pid 1625] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1601] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1623] <... set_robust_list resumed>) = 0 [pid 1623] chdir("./52" [pid 1614] <... pwrite64 resumed>) = 176128 [pid 287] <... openat resumed>) = 3 [pid 1601] <... pwrite64 resumed>) = 176128 [pid 1601] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1598] <... futex resumed>) = 0 [pid 1598] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1598] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1601] <... futex resumed>) = 1 [pid 1601] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1625] <... openat resumed>) = 4 [pid 1623] <... chdir resumed>) = 0 [pid 1614] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] ioctl(3, LOOP_CLR_FD [pid 1623] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1623] <... prctl resumed>) = 0 [pid 287] close(3 [pid 1623] setpgid(0, 0 [pid 287] <... close resumed>) = 0 [pid 1623] <... setpgid resumed>) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1623] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 287] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1626 [pid 1623] write(3, "1000", 4) = 4 [pid 1623] close(3) = 0 [pid 1623] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1623] write(1, "executing program\n", 18) = 18 [pid 1623] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1623] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1623] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1623] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1623] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1601] <... pwrite64 resumed>) = 176128 [pid 1625] ioctl(4, LOOP_SET_FD, 3 [pid 1623] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1614] <... futex resumed>) = 1 [pid 1612] <... futex resumed>) = 0 [pid 1601] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1623] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1612] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1623] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1612] <... futex resumed>) = 0 [pid 1614] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1612] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1623] <... clone3 resumed> => {parent_tid=[1627]}, 88) = 1627 [pid 1623] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1623] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1623] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}executing program ./strace-static-x86_64: Process 1626 attached [pid 1626] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1626] chdir("./52") = 0 [pid 1626] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1626] setpgid(0, 0) = 0 [pid 1626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1626] write(3, "1000", 4) = 4 [pid 1626] close(3) = 0 [pid 1626] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1626] write(1, "executing program\n", 18) = 18 [pid 1626] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1626] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1626] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1626] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1626] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1626] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1626] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0}./strace-static-x86_64: Process 1627 attached [pid 1627] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1627] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 57.868769][ T1614] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 57.887813][ T1601] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 57.904225][ T1601] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1627] memfd_create("syzkaller", 0 [pid 1625] <... ioctl resumed>) = 0 [pid 1601] <... futex resumed>) = 1 [pid 1601] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1629 attached [pid 1629] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1629] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1629] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1627] <... memfd_create resumed>) = 3 [pid 1627] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1627] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1627] munmap(0x7f895cf98000, 138412032) = 0 [pid 1627] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 1627] ioctl(4, LOOP_SET_FD, 3 [pid 1626] <... clone3 resumed> => {parent_tid=[1629]}, 88) = 1629 [pid 1626] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1626] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1629] <... futex resumed>) = 0 [pid 1629] memfd_create("syzkaller", 0) = 3 [pid 1629] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1598] <... futex resumed>) = 0 [pid 1598] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1601] <... futex resumed>) = 0 [pid 1598] <... futex resumed>) = 1 [pid 1601] truncate("./file1", 1 [pid 1629] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1626] <... futex resumed>) = 1 [pid 1625] close(3 [pid 1614] <... pwrite64 resumed>) = 176128 [pid 1598] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1625] <... close resumed>) = 0 [pid 1625] close(4 [pid 1601] <... truncate resumed>) = 0 [pid 1601] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1627] <... ioctl resumed>) = 0 [pid 1626] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1614] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1601] <... futex resumed>) = 1 [pid 1627] close(3 [pid 1601] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1598] <... futex resumed>) = 0 [pid 1627] <... close resumed>) = 0 [pid 1612] <... futex resumed>) = 0 [pid 1627] close(4 [pid 1614] <... futex resumed>) = 1 [pid 1614] truncate("./file1", 1 [pid 1612] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1598] exit_group(0 [pid 1629] <... write resumed>) = 524288 [pid 1598] <... exit_group resumed>) = ? [pid 1629] munmap(0x7f895cf98000, 138412032 [pid 1612] <... futex resumed>) = 0 [pid 1601] <... futex resumed>) = ? [pid 1612] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1601] +++ exited with 0 +++ [pid 1598] +++ exited with 0 +++ [pid 1629] <... munmap resumed>) = 0 [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1598, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 283] restart_syscall(<... resuming interrupted clone ...> [pid 1629] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1614] <... truncate resumed>) = 0 [pid 1614] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1614] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1612] <... futex resumed>) = 0 [pid 1612] exit_group(0) = ? [pid 1614] <... futex resumed>) = ? [pid 1614] +++ exited with 0 +++ [pid 1612] +++ exited with 0 +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1612, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 284] restart_syscall(<... resuming interrupted clone ...> [pid 283] <... restart_syscall resumed>) = 0 [pid 283] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] <... restart_syscall resumed>) = 0 [pid 284] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 57.925413][ T1614] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 284] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1625] <... close resumed>) = 0 [pid 1625] mkdir("./file1", 0777) = 0 [pid 1625] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1629] <... openat resumed>) = 4 [pid 1629] ioctl(4, LOOP_SET_FD, 3 [pid 1627] <... close resumed>) = 0 [pid 1627] mkdir("./file1", 0777) = 0 [pid 1627] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1629] <... ioctl resumed>) = 0 [pid 1629] close(3 [pid 284] <... umount2 resumed>) = 0 [pid 283] <... umount2 resumed>) = 0 [pid 1629] <... close resumed>) = 0 [pid 284] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1629] close(4 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1629] <... close resumed>) = 0 [pid 284] newfstatat(AT_FDCWD, "./51/file1", [pid 283] newfstatat(AT_FDCWD, "./50/file1", [pid 1629] mkdir("./file1", 0777 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1629] <... mkdir resumed>) = 0 [pid 284] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1629] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 283] openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 284] <... openat resumed>) = 4 [pid 283] <... openat resumed>) = 4 [pid 284] newfstatat(4, "", [pid 283] newfstatat(4, "", [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(4, [pid 283] getdents64(4, [pid 284] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] getdents64(4, [pid 283] getdents64(4, [pid 284] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] close(4 [pid 283] close(4 [pid 284] <... close resumed>) = 0 [pid 283] <... close resumed>) = 0 [pid 284] rmdir("./51/file1" [pid 283] rmdir("./50/file1" [pid 284] <... rmdir resumed>) = 0 [pid 283] <... rmdir resumed>) = 0 [pid 284] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./51/binderfs", [pid 283] newfstatat(AT_FDCWD, "./50/binderfs", [pid 284] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] unlink("./51/binderfs" [pid 283] unlink("./50/binderfs" [pid 284] <... unlink resumed>) = 0 [pid 283] <... unlink resumed>) = 0 [pid 284] getdents64(3, [pid 283] getdents64(3, [pid 284] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] close(3 [pid 283] close(3 [pid 284] <... close resumed>) = 0 [pid 283] <... close resumed>) = 0 [pid 284] rmdir("./51" [pid 283] rmdir("./50" [pid 284] <... rmdir resumed>) = 0 [pid 283] <... rmdir resumed>) = 0 [pid 284] mkdir("./52", 0777 [pid 283] mkdir("./51", 0777 [pid 284] <... mkdir resumed>) = 0 [pid 283] <... mkdir resumed>) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 284] <... openat resumed>) = 3 [pid 283] <... openat resumed>) = 3 [pid 284] ioctl(3, LOOP_CLR_FD [pid 283] ioctl(3, LOOP_CLR_FD [pid 284] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 283] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 284] close(3 [pid 283] close(3 [pid 284] <... close resumed>) = 0 [pid 283] <... close resumed>) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 284] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1632 [pid 283] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1633 ./strace-static-x86_64: Process 1633 attached [pid 1633] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1633] chdir("./51") = 0 [pid 1633] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1633] setpgid(0, 0) = 0 [pid 1633] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1633] write(3, "1000", 4) = 4 [pid 1633] close(3) = 0 [pid 1633] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 1632 attached ) = 0 [pid 1632] set_robust_list(0x55557fe8a6a0, 24) = 0 executing program [pid 1632] chdir("./52") = 0 [pid 1633] write(1, "executing program\n", 18 [pid 1632] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1633] <... write resumed>) = 18 [pid 1632] <... prctl resumed>) = 0 [pid 1632] setpgid(0, 0 [pid 1633] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1632] <... setpgid resumed>) = 0 [pid 1633] <... futex resumed>) = 0 [pid 1632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1633] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1633] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [ 58.118045][ T1625] EXT4-fs (loop2): Ignoring removed nobh option [ 58.124456][ T1627] EXT4-fs (loop3): Ignoring removed nobh option [ 58.130792][ T1625] EXT4-fs (loop2): Ignoring removed bh option [ 58.143306][ T1627] EXT4-fs (loop3): Ignoring removed bh option [ 58.150223][ T1625] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1633] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 1632] <... openat resumed>) = 3 [pid 1633] <... mprotect resumed>) = 0 [pid 1633] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1632] write(3, "1000", 4) = 4 [pid 1632] close(3) = 0 [pid 1633] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1632] symlink("/dev/binderfs", "./binderfs" [pid 1633] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1632] <... symlink resumed>) = 0 [pid 1633] <... clone3 resumed> => {parent_tid=[1634]}, 88) = 1634 [pid 1633] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1633] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1633] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}executing program [pid 1632] write(1, "executing program\n", 18) = 18 [pid 1632] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1632] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1632] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1632] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1632] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1632] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1635]}, 88) = 1635 [pid 1632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1632] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1632] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1634 attached ./strace-static-x86_64: Process 1635 attached [pid 1634] set_robust_list(0x7f89653b89a0, 24 [pid 1635] set_robust_list(0x7f89653b89a0, 24 [pid 1634] <... set_robust_list resumed>) = 0 [pid 1635] <... set_robust_list resumed>) = 0 [pid 1634] rt_sigprocmask(SIG_SETMASK, [], [pid 1627] <... mount resumed>) = 0 [pid 1635] rt_sigprocmask(SIG_SETMASK, [], [pid 1634] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1635] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1634] memfd_create("syzkaller", 0 [pid 1635] memfd_create("syzkaller", 0 [pid 1634] <... memfd_create resumed>) = 3 [pid 1635] <... memfd_create resumed>) = 3 [pid 1634] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1635] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1634] <... mmap resumed>) = 0x7f895cf98000 [pid 1635] <... mmap resumed>) = 0x7f895cf98000 [pid 1634] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1627] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1635] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1627] <... openat resumed>) = 3 [pid 1627] chdir("./file1") = 0 [pid 1627] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 1627] ioctl(4, LOOP_CLR_FD) = 0 [pid 1627] close(4) = 0 [pid 1635] <... write resumed>) = 524288 [pid 1634] <... write resumed>) = 524288 [pid 1634] munmap(0x7f895cf98000, 138412032 [pid 1635] munmap(0x7f895cf98000, 138412032) = 0 [pid 1634] <... munmap resumed>) = 0 [pid 1634] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1627] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1627] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1623] <... futex resumed>) = 0 [pid 1623] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1627] <... futex resumed>) = 0 [pid 1623] <... futex resumed>) = 1 [pid 1627] openat(AT_FDCWD, "./file1", O_RDWR [pid 1623] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1635] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1634] <... openat resumed>) = 4 [pid 1635] <... openat resumed>) = 4 [pid 1635] ioctl(4, LOOP_SET_FD, 3 [pid 1634] ioctl(4, LOOP_SET_FD, 3 [pid 1625] <... mount resumed>) = 0 [pid 1625] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1627] <... openat resumed>) = 4 [pid 1625] chdir("./file1") = 0 [pid 1625] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1627] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1623] <... futex resumed>) = 0 [pid 1627] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1635] <... ioctl resumed>) = 0 [pid 1623] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1635] close(3 [pid 1623] <... futex resumed>) = 0 [pid 1635] <... close resumed>) = 0 [pid 1623] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1635] close(4 [pid 1627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1627] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1634] <... ioctl resumed>) = 0 [pid 1625] <... openat resumed>) = 4 [pid 1625] ioctl(4, LOOP_CLR_FD) = 0 [pid 1625] close(4) = 0 [pid 1625] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1624] <... futex resumed>) = 0 [pid 1625] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1624] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1625] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1624] <... futex resumed>) = 0 [pid 1625] openat(AT_FDCWD, "./file1", O_RDWR [pid 1624] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1625] <... openat resumed>) = 4 [pid 1625] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1624] <... futex resumed>) = 0 [pid 1625] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1624] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1625] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1624] <... futex resumed>) = 0 [pid 1625] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1624] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1635] <... close resumed>) = 0 [pid 1634] close(3 [pid 1627] <... pwrite64 resumed>) = 87490 [pid 1625] <... pwrite64 resumed>) = 87490 [pid 1635] mkdir("./file1", 0777 [pid 1634] <... close resumed>) = 0 [pid 1627] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1635] <... mkdir resumed>) = 0 [pid 1634] close(4 [pid 1627] <... futex resumed>) = 1 [pid 1625] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1623] <... futex resumed>) = 0 [pid 1635] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1627] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1625] <... futex resumed>) = 1 [pid 1624] <... futex resumed>) = 0 [pid 1623] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1627] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1625] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1624] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1623] <... futex resumed>) = 0 [pid 1627] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1625] <... openat resumed>) = 5 [pid 1624] <... futex resumed>) = 0 [pid 1623] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1627] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1627] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1625] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1624] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1623] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1624] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1623] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1624] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1627] <... futex resumed>) = 0 [pid 1623] <... futex resumed>) = 1 [ 58.165697][ T1629] EXT4-fs (loop4): Ignoring removed nobh option [ 58.167355][ T1627] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 58.172505][ T1629] EXT4-fs (loop4): Ignoring removed bh option [ 58.195318][ T1629] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1629] <... mount resumed>) = 0 [pid 1627] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1624] <... futex resumed>) = 0 [pid 1623] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1629] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1629] chdir("./file1") = 0 [pid 1629] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1625] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1624] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1627] <... pwrite64 resumed>) = 176128 [pid 1627] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1623] <... futex resumed>) = 0 [pid 1623] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1623] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1627] <... futex resumed>) = 1 [pid 1627] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1625] <... pwrite64 resumed>) = 176128 [pid 1625] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1625] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1624] <... futex resumed>) = 0 [pid 1624] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1624] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1625] <... futex resumed>) = 0 [pid 1625] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1627] <... pwrite64 resumed>) = 176128 [pid 1627] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1623] <... futex resumed>) = 0 [pid 1623] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1623] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1627] <... futex resumed>) = 1 [pid 1627] truncate("./file1", 1) = 0 [pid 1627] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1623] <... futex resumed>) = 0 [pid 1623] exit_group(0) = ? [pid 1627] <... futex resumed>) = ? [pid 1627] +++ exited with 0 +++ [pid 1623] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1623, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [ 58.238259][ T1627] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 58.238953][ T1625] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 58.258059][ T1627] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 286] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 286] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 286] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1634] <... close resumed>) = 0 [pid 1634] mkdir("./file1", 0777) = 0 [pid 1634] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1625] <... pwrite64 resumed>) = 176128 [pid 1625] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1625] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1624] <... futex resumed>) = 0 [pid 1624] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1624] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1625] <... futex resumed>) = 0 [pid 1625] truncate("./file1", 1) = 0 [pid 1625] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1624] <... futex resumed>) = 0 [pid 1624] exit_group(0) = ? [pid 1625] +++ exited with 0 +++ [pid 1624] +++ exited with 0 +++ [pid 1629] <... openat resumed>) = 4 [pid 1629] ioctl(4, LOOP_CLR_FD [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1624, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 285] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 285] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1635] <... mount resumed>) = 0 [pid 1635] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1635] chdir("./file1") = 0 [ 58.269028][ T1625] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 58.296289][ T1635] EXT4-fs (loop1): Ignoring removed nobh option [ 58.302576][ T1635] EXT4-fs (loop1): Ignoring removed bh option [ 58.308776][ T1635] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 58.322352][ T1634] EXT4-fs (loop0): Ignoring removed nobh option [ 58.328694][ T1634] EXT4-fs (loop0): Ignoring removed bh option [pid 1635] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1634] <... mount resumed>) = 0 [pid 1634] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1634] chdir("./file1") = 0 [pid 1634] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1629] <... ioctl resumed>) = 0 [pid 286] <... umount2 resumed>) = 0 [pid 1629] close(4 [pid 286] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./52/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 286] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] close(4) = 0 [pid 286] rmdir("./52/file1") = 0 [pid 286] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./52/binderfs") = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] close(3) = 0 [pid 286] rmdir("./52") = 0 [pid 286] mkdir("./53", 0777) = 0 [ 58.334800][ T1634] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWRexecuting program executing program [pid 1634] <... openat resumed>) = 4 [pid 1634] ioctl(4, LOOP_CLR_FD [pid 1629] <... close resumed>) = 0 [pid 1634] <... ioctl resumed>) = 0 [pid 1634] close(4) = 0 [pid 1634] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1634] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 286] <... openat resumed>) = 3 [pid 285] <... umount2 resumed>) = 0 [pid 286] ioctl(3, LOOP_CLR_FD [pid 285] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] close(3 [pid 285] newfstatat(AT_FDCWD, "./51/file1", [pid 286] <... close resumed>) = 0 [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 285] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1648 [pid 285] openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 285] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] close(4) = 0 [pid 285] rmdir("./51/file1") = 0 [pid 285] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] unlink("./51/binderfs") = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] close(3) = 0 [pid 285] rmdir("./51" [pid 1635] <... openat resumed>) = 4 [pid 1633] <... futex resumed>) = 0 [pid 1629] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] <... rmdir resumed>) = 0 [pid 285] mkdir("./52", 0777) = 0 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 285] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 285] close(3) = 0 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1635] ioctl(4, LOOP_CLR_FD [pid 1633] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1629] <... futex resumed>) = 1 [pid 1626] <... futex resumed>) = 0 [pid 1635] <... ioctl resumed>) = 0 [pid 1634] <... futex resumed>) = 0 [pid 1633] <... futex resumed>) = 1 [pid 1629] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1626] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1649 [pid 1635] close(4 [pid 1634] openat(AT_FDCWD, "./file1", O_RDWR [pid 1633] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1629] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1626] <... futex resumed>) = 0 [pid 1635] <... close resumed>) = 0 [pid 1629] openat(AT_FDCWD, "./file1", O_RDWR [pid 1626] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1648 attached [pid 1648] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1648] chdir("./53") = 0 [pid 1648] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1648] setpgid(0, 0 [pid 1629] <... openat resumed>) = 4 [pid 1635] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1629] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1634] <... openat resumed>) = 4 [pid 1635] <... futex resumed>) = 1 [pid 1632] <... futex resumed>) = 0 [pid 1634] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1629] <... futex resumed>) = 1 [pid 1626] <... futex resumed>) = 0 [pid 1635] openat(AT_FDCWD, "./file1", O_RDWR [pid 1634] <... futex resumed>) = 1 [pid 1633] <... futex resumed>) = 0 [pid 1632] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1629] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1626] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1633] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1649 attached [pid 1632] <... futex resumed>) = 0 [pid 1633] <... futex resumed>) = 0 [pid 1626] <... futex resumed>) = 0 [pid 1629] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1648] <... setpgid resumed>) = 0 [pid 1648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1632] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1626] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1633] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1635] <... openat resumed>) = 4 [pid 1634] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1629] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1649] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1649] chdir("./52" [pid 1648] <... openat resumed>) = 3 [pid 1649] <... chdir resumed>) = 0 [pid 1649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1649] setpgid(0, 0) = 0 [pid 1648] write(3, "1000", 4 [pid 1649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1648] <... write resumed>) = 4 [pid 1648] close(3) = 0 [pid 1648] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1649] <... openat resumed>) = 3 [pid 1649] write(3, "1000", 4) = 4 [pid 1649] close(3) = 0 [pid 1649] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1648] write(1, "executing program\n", 18) = 18 [pid 1648] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1648] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1648] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1649] write(1, "executing program\n", 18 [pid 1648] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1649] <... write resumed>) = 18 [pid 1648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1649] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1648] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1649] <... futex resumed>) = 0 [pid 1629] <... pwrite64 resumed>) = 87490 [pid 1649] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1648] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1635] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1632] <... futex resumed>) = 0 [pid 1632] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1635] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1632] <... futex resumed>) = 0 [pid 1649] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1632] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1649] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1649] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1648] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1649] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1648] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1649] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1649] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1648] <... clone3 resumed> => {parent_tid=[1650]}, 88) = 1650 [pid 1648] rt_sigprocmask(SIG_SETMASK, [], [pid 1649] <... clone3 resumed> => {parent_tid=[1651]}, 88) = 1651 [pid 1648] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1649] rt_sigprocmask(SIG_SETMASK, [], [pid 1648] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1649] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1648] <... futex resumed>) = 0 [pid 1649] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1648] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1649] <... futex resumed>) = 0 [pid 1649] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1634] <... pwrite64 resumed>) = 87490 ./strace-static-x86_64: Process 1650 attached ./strace-static-x86_64: Process 1651 attached [pid 1635] <... pwrite64 resumed>) = 87490 [pid 1634] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1629] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1626] <... futex resumed>) = 0 [pid 1635] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1629] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1626] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1651] set_robust_list(0x7f89653b89a0, 24 [pid 1650] set_robust_list(0x7f89653b89a0, 24 [pid 1635] <... futex resumed>) = 1 [pid 1634] <... futex resumed>) = 1 [pid 1633] <... futex resumed>) = 0 [pid 1632] <... futex resumed>) = 0 [pid 1629] <... openat resumed>) = 5 [pid 1626] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1651] <... set_robust_list resumed>) = 0 [pid 1651] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1651] memfd_create("syzkaller", 0) = 3 [pid 1651] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1633] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1632] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1635] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1634] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1633] <... futex resumed>) = 0 [pid 1650] <... set_robust_list resumed>) = 0 [pid 1632] <... futex resumed>) = 0 [pid 1629] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1626] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1650] rt_sigprocmask(SIG_SETMASK, [], [pid 1635] <... openat resumed>) = 5 [pid 1634] <... openat resumed>) = 5 [pid 1633] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1632] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1629] <... futex resumed>) = 0 [pid 1626] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1650] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1635] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1634] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1633] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1632] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1629] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1626] <... futex resumed>) = 0 [pid 1635] <... futex resumed>) = 0 [pid 1634] <... futex resumed>) = 0 [pid 1633] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1632] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1651] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1651] munmap(0x7f895cf98000, 138412032) = 0 [pid 1651] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 1651] ioctl(4, LOOP_SET_FD, 3 [pid 1635] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1633] <... futex resumed>) = 0 [pid 1626] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1650] memfd_create("syzkaller", 0 [pid 1632] <... futex resumed>) = 0 [pid 1650] <... memfd_create resumed>) = 3 [pid 1650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1650] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1650] munmap(0x7f895cf98000, 138412032) = 0 [pid 1650] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 1650] ioctl(4, LOOP_SET_FD, 3 [pid 1635] <... pwrite64 resumed>) = 176128 [pid 1634] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1633] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1632] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1650] <... ioctl resumed>) = 0 [pid 1635] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1632] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1650] close(3 [pid 1635] <... futex resumed>) = 0 [pid 1634] <... pwrite64 resumed>) = 176128 [pid 1632] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1629] <... pwrite64 resumed>) = 176128 [pid 1651] <... ioctl resumed>) = 0 [pid 1650] <... close resumed>) = 0 [pid 1632] <... futex resumed>) = 0 [pid 1650] close(4 [pid 1632] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1650] <... close resumed>) = 0 [pid 1650] mkdir("./file1", 0777) = 0 [pid 1626] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1650] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [ 58.490589][ T1635] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 58.492033][ T1629] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 58.510017][ T1634] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1626] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1651] close(3 [pid 1635] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1634] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1629] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1626] <... futex resumed>) = 0 [pid 1651] <... close resumed>) = 0 [pid 1651] close(4) = 0 [pid 1651] mkdir("./file1", 0777) = 0 [pid 1651] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1626] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965377000 [pid 1626] mprotect(0x7f8965378000, 131072, PROT_READ|PROT_WRITE [pid 1634] <... futex resumed>) = 1 [pid 1633] <... futex resumed>) = 0 [pid 1629] <... futex resumed>) = 0 [pid 1634] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1633] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1629] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1633] <... futex resumed>) = 0 [pid 1626] <... mprotect resumed>) = 0 [pid 1633] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1626] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1626] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8965397990, parent_tid=0x7f8965397990, exit_signal=0, stack=0x7f8965377000, stack_size=0x20300, tls=0x7f89653976c0} => {parent_tid=[1654]}, 88) = 1654 [pid 1626] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1626] futex(0x7f89654836d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1626] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1654 attached [pid 1654] set_robust_list(0x7f89653979a0, 24) = 0 [pid 1654] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 58.536076][ T1650] EXT4-fs (loop3): Ignoring removed nobh option [ 58.542489][ T1650] EXT4-fs (loop3): Ignoring removed bh option [ 58.549164][ T1650] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 58.550540][ T1634] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 58.562099][ T1635] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1654] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1632] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1632] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965377000 [pid 1632] mprotect(0x7f8965378000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1632] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1632] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8965397990, parent_tid=0x7f8965397990, exit_signal=0, stack=0x7f8965377000, stack_size=0x20300, tls=0x7f89653976c0} => {parent_tid=[1655]}, 88) = 1655 [pid 1632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1632] futex(0x7f89654836d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1632] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1654] <... pwrite64 resumed>) = 176128 [pid 1654] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1634] <... pwrite64 resumed>) = 176128 [pid 1626] <... futex resumed>) = 0 [pid 1634] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1626] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1629] <... futex resumed>) = 0 [pid 1626] <... futex resumed>) = 1 [pid 1634] <... futex resumed>) = 1 [pid 1633] <... futex resumed>) = 0 [pid 1629] truncate("./file1", 1 [pid 1626] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1634] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1633] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1634] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1633] <... futex resumed>) = 0 [pid 1634] truncate("./file1", 1 [pid 1633] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1629] <... truncate resumed>) = 0 [pid 1629] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1626] <... futex resumed>) = 0 [pid 1626] exit_group(0) = ? [pid 1629] <... futex resumed>) = ? [pid 1629] +++ exited with 0 +++ [pid 1654] <... futex resumed>) = ? [pid 1654] +++ exited with 0 +++ [pid 1626] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1626, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 1634] <... truncate resumed>) = 0 [pid 287] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 1655 attached [pid 1635] <... pwrite64 resumed>) = 176128 [pid 1634] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1633] <... futex resumed>) = 0 [pid 1633] exit_group(0) = ? [pid 1634] +++ exited with 0 +++ [pid 1633] +++ exited with 0 +++ [pid 1635] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1635] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1655] set_robust_list(0x7f89653979a0, 24) = 0 [pid 1655] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1655] truncate("./file1", 1) = 0 [pid 1655] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1632] <... futex resumed>) = 0 [pid 1632] exit_group(0) = ? [pid 1635] <... futex resumed>) = ? [pid 1635] +++ exited with 0 +++ [pid 1655] <... futex resumed>) = ? [pid 1655] +++ exited with 0 +++ [pid 1632] +++ exited with 0 +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1632, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1633, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 284] restart_syscall(<... resuming interrupted clone ...> [pid 283] restart_syscall(<... resuming interrupted clone ...> [pid 1650] <... mount resumed>) = 0 [pid 1650] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1650] chdir("./file1") = 0 [pid 284] <... restart_syscall resumed>) = 0 [pid 283] <... restart_syscall resumed>) = 0 [pid 284] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 283] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 284] <... openat resumed>) = 3 [pid 283] <... openat resumed>) = 3 [pid 284] newfstatat(3, "", [pid 283] newfstatat(3, "", [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1650] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 284] getdents64(3, [pid 283] getdents64(3, [pid 1650] <... openat resumed>) = 4 [pid 284] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 1650] ioctl(4, LOOP_CLR_FD [pid 284] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1650] <... ioctl resumed>) = 0 [pid 1650] close(4) = 0 [pid 1650] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1650] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1648] <... futex resumed>) = 0 [pid 1648] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1650] <... futex resumed>) = 0 [pid 1648] <... futex resumed>) = 1 [pid 1650] openat(AT_FDCWD, "./file1", O_RDWR [pid 1648] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1650] <... openat resumed>) = 4 [pid 287] <... restart_syscall resumed>) = 0 [pid 1650] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1648] <... futex resumed>) = 0 [pid 1650] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1648] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 287] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1648] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1650] <... pwrite64 resumed>) = 87490 [pid 1650] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1648] <... futex resumed>) = 0 [pid 1648] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1648] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1650] <... futex resumed>) = 1 [pid 1650] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1650] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1648] <... futex resumed>) = 0 [pid 1648] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1648] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1650] <... futex resumed>) = 1 [pid 1650] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1651] <... mount resumed>) = 0 [pid 1651] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1651] chdir("./file1") = 0 [ 58.579399][ T1654] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 58.591207][ T1651] EXT4-fs (loop2): Ignoring removed nobh option [ 58.619425][ T1651] EXT4-fs (loop2): Ignoring removed bh option [ 58.625735][ T1651] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1651] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1650] <... pwrite64 resumed>) = 176128 [pid 1650] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1648] <... futex resumed>) = 0 [pid 1648] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1648] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1650] <... futex resumed>) = 1 [pid 1650] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1650] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1648] <... futex resumed>) = 0 [pid 1650] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1648] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1648] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1650] <... futex resumed>) = 0 [pid 1650] truncate("./file1", 1 [pid 283] <... umount2 resumed>) = 0 [pid 283] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./51/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 1650] <... truncate resumed>) = 0 [pid 283] close(4 [pid 1650] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] <... close resumed>) = 0 [pid 283] rmdir("./51/file1") = 0 [pid 283] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] unlink("./51/binderfs" [pid 1648] <... futex resumed>) = 0 [pid 283] <... unlink resumed>) = 0 [pid 1650] <... futex resumed>) = 1 [pid 1648] exit_group(0 [pid 283] getdents64(3, [pid 1648] <... exit_group resumed>) = ? [pid 283] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] close(3) = 0 [pid 283] rmdir("./51") = 0 [pid 283] mkdir("./52", 0777) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1650] +++ exited with 0 +++ [pid 1648] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1648, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 286] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 286] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 58.650010][ T1650] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 58.665473][ T1650] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 286] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1651] <... openat resumed>) = 4 [pid 283] <... openat resumed>) = 3 [pid 1651] ioctl(4, LOOP_CLR_FD [pid 283] ioctl(3, LOOP_CLR_FD [pid 1651] <... ioctl resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 286] <... umount2 resumed>) = 0 [pid 284] <... umount2 resumed>) = 0 [pid 1651] close(4 [pid 283] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1651] <... close resumed>) = 0 [pid 286] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1651] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1651] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 286] newfstatat(AT_FDCWD, "./53/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 286] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] close(4) = 0 [pid 286] rmdir("./53/file1") = 0 [pid 286] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 1649] <... futex resumed>) = 0 [pid 286] newfstatat(AT_FDCWD, "./53/binderfs", [pid 283] close(3 [pid 284] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1649] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1651] <... futex resumed>) = 0 [pid 1649] <... futex resumed>) = 1 [pid 283] <... close resumed>) = 0 [pid 1651] openat(AT_FDCWD, "./file1", O_RDWR [pid 1649] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1651] <... openat resumed>) = 4 [pid 287] newfstatat(AT_FDCWD, "./52/file1", [pid 286] unlink("./53/binderfs" [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1651] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] <... unlink resumed>) = 0 [pid 284] newfstatat(AT_FDCWD, "./52/file1", [pid 1651] <... futex resumed>) = 1 [pid 1649] <... futex resumed>) = 0 [pid 287] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] getdents64(3, [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1651] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1649] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1660 [pid 1651] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1649] <... futex resumed>) = 0 [pid 287] openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 286] close(3 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1651] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1649] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... openat resumed>) = 4 [pid 286] <... close resumed>) = 0 [pid 284] openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 286] rmdir("./53") = 0 [pid 286] mkdir("./54", 0777) = 0 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 286] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 286] close(3 [pid 1651] <... pwrite64 resumed>) = 87490 [pid 287] newfstatat(4, "", [pid 286] <... close resumed>) = 0 [pid 284] <... openat resumed>) = 4 [pid 1651] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 284] newfstatat(4, "", [pid 1651] <... futex resumed>) = 1 [pid 1649] <... futex resumed>) = 0 [pid 287] getdents64(4, [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1651] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1649] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 286] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1661 [pid 284] getdents64(4, [pid 1651] <... openat resumed>) = 5 [pid 1649] <... futex resumed>) = 0 [pid 287] getdents64(4, [pid 1651] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1649] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 1651] <... futex resumed>) = 0 [pid 1649] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 287] close(4 [pid 284] getdents64(4, [pid 1651] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1649] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... close resumed>) = 0 [pid 1649] <... futex resumed>) = 0 [pid 287] rmdir("./52/file1" [pid 284] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 1649] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1661 attached [pid 287] <... rmdir resumed>) = 0 [pid 284] close(4 [pid 287] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] <... close resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] rmdir("./52/file1" [pid 287] newfstatat(AT_FDCWD, "./52/binderfs", [pid 1661] set_robust_list(0x55557fe8a6a0, 24 [pid 284] <... rmdir resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] unlink("./52/binderfs" [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... unlink resumed>) = 0 [pid 284] newfstatat(AT_FDCWD, "./52/binderfs", [pid 287] getdents64(3, [pid 284] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] unlink("./52/binderfs" [pid 287] close(3 [pid 284] <... unlink resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 284] getdents64(3, [pid 287] rmdir("./52" [pid 284] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 1661] <... set_robust_list resumed>) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 284] close(3 [pid 287] mkdir("./53", 0777 [pid 284] <... close resumed>) = 0 [pid 1661] chdir("./54" [pid 287] <... mkdir resumed>) = 0 [pid 284] rmdir("./52" [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1661] <... chdir resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 284] <... rmdir resumed>) = 0 [pid 287] ioctl(3, LOOP_CLR_FD [pid 284] mkdir("./53", 0777 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1661] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 284] <... mkdir resumed>) = 0 [pid 287] close(3 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 287] <... close resumed>) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 284] <... openat resumed>) = 3 [pid 284] ioctl(3, LOOP_CLR_FD [pid 287] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1662 [pid 284] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 284] close(3) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1661] <... prctl resumed>) = 0 [pid 1661] setpgid(0, 0 [pid 284] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1663 [pid 1661] <... setpgid resumed>) = 0 [pid 1661] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1661] write(3, "1000", 4) = 4 [pid 1661] close(3) = 0 [pid 1661] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1661] write(1, "executing program\n", 18) = 18 [pid 1661] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1661] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1661] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1661] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1661] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1661] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1661] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1664]}, 88) = 1664 [pid 1661] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1661] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1661] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1663 attached [pid 1663] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1663] chdir("./53") = 0 [pid 1663] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1663] setpgid(0, 0) = 0 [pid 1663] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1663] write(3, "1000", 4) = 4 [pid 1663] close(3) = 0 [pid 1663] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1663] write(1, "executing program\n", 18executing program ) = 18 [pid 1663] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1663] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1663] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1663] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1663] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1663] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1663] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1665]}, 88) = 1665 [pid 1663] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1663] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1663] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1665 attached [pid 1665] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1665] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1665] memfd_create("syzkaller", 0) = 3 [pid 1665] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1665] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1665] munmap(0x7f895cf98000, 138412032) = 0 [pid 1665] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1665] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 1660 attached [pid 1660] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1660] chdir("./52") = 0 [pid 1660] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1660] setpgid(0, 0./strace-static-x86_64: Process 1664 attached ./strace-static-x86_64: Process 1662 attached [pid 1664] set_robust_list(0x7f89653b89a0, 24 [pid 1662] set_robust_list(0x55557fe8a6a0, 24 [pid 1660] <... setpgid resumed>) = 0 [pid 1664] <... set_robust_list resumed>) = 0 [pid 1662] <... set_robust_list resumed>) = 0 [pid 1651] <... pwrite64 resumed>) = 176128 [pid 1651] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1649] <... futex resumed>) = 0 [pid 1649] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1649] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1651] <... futex resumed>) = 1 [pid 1651] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1665] <... ioctl resumed>) = 0 [pid 1664] rt_sigprocmask(SIG_SETMASK, [], [pid 1662] chdir("./53" [pid 1665] close(3 [pid 1664] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1662] <... chdir resumed>) = 0 [pid 1665] <... close resumed>) = 0 [pid 1665] close(4 [pid 1664] memfd_create("syzkaller", 0 [pid 1662] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1665] <... close resumed>) = 0 [pid 1664] <... memfd_create resumed>) = 3 [pid 1662] <... prctl resumed>) = 0 [pid 1665] mkdir("./file1", 0777 [pid 1664] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1662] setpgid(0, 0 [pid 1664] <... mmap resumed>) = 0x7f895cf98000 [pid 1662] <... setpgid resumed>) = 0 [pid 1660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1660] write(3, "1000", 4) = 4 [pid 1660] close(3) = 0 [pid 1660] symlink("/dev/binderfs", "./binderfs" [pid 1664] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1662] write(3, "1000", 4) = 4 [pid 1662] close(3) = 0 [pid 1662] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1662] write(1, "executing program\n", 18executing program [pid 1664] <... write resumed>) = 524288 [pid 1662] <... write resumed>) = 18 [pid 1665] <... mkdir resumed>) = 0 [pid 1664] munmap(0x7f895cf98000, 138412032 [pid 1662] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1665] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1664] <... munmap resumed>) = 0 [pid 1662] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1664] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1662] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1664] <... openat resumed>) = 4 [pid 1662] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1664] ioctl(4, LOOP_SET_FD, 3 [pid 1662] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1660] <... symlink resumed>) = 0 [pid 1660] write(1, "executing program\n", 18executing program ) = 18 [pid 1660] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1660] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1660] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1660] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1660] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1660] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1667]}, 88) = 1667 [pid 1660] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1660] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1660] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1667 attached [pid 1667] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1667] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1667] memfd_create("syzkaller", 0 [pid 1662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1667] <... memfd_create resumed>) = 3 [pid 1667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1662] <... mmap resumed>) = 0x7f8965398000 [pid 1662] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1662] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1662] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1669]}, 88) = 1669 [pid 1662] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1662] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 58.843950][ T1651] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 58.861593][ T1651] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 58.882538][ T1665] EXT4-fs (loop1): Ignoring removed nobh option [pid 1667] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 ./strace-static-x86_64: Process 1669 attached [pid 1669] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1669] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1669] memfd_create("syzkaller", 0) = 3 [pid 1669] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1662] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1664] <... ioctl resumed>) = 0 [pid 1667] munmap(0x7f895cf98000, 138412032 [pid 1664] close(3) = 0 [pid 1664] close(4) = 0 [pid 1667] <... munmap resumed>) = 0 [pid 1667] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1667] ioctl(4, LOOP_SET_FD, 3 [pid 1669] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1651] <... pwrite64 resumed>) = 176128 [pid 1651] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1649] <... futex resumed>) = 0 [pid 1649] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1649] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1651] <... futex resumed>) = 1 [pid 1651] truncate("./file1", 1 [pid 1669] munmap(0x7f895cf98000, 138412032) = 0 [pid 1669] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1651] <... truncate resumed>) = 0 [pid 1651] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1649] <... futex resumed>) = 0 [pid 1649] exit_group(0) = ? [pid 1651] <... futex resumed>) = ? [pid 1651] +++ exited with 0 +++ [pid 1649] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1649, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 285] restart_syscall(<... resuming interrupted clone ...> [pid 1664] mkdir("./file1", 0777) = 0 [pid 1664] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1667] <... ioctl resumed>) = 0 [pid 1667] close(3) = 0 [pid 1667] close(4) = 0 [pid 1667] mkdir("./file1", 0777) = 0 [pid 1667] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1669] <... openat resumed>) = 4 [pid 285] <... restart_syscall resumed>) = 0 [pid 285] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 58.892077][ T1665] EXT4-fs (loop1): Ignoring removed bh option [ 58.900705][ T1665] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 58.915851][ T1664] EXT4-fs (loop3): Ignoring removed nobh option [ 58.922130][ T1664] EXT4-fs (loop3): Ignoring removed bh option [ 58.924074][ T1667] EXT4-fs (loop0): Ignoring removed nobh option [pid 1669] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1669] close(3 [pid 1665] <... mount resumed>) = 0 [pid 1669] <... close resumed>) = 0 [pid 1665] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1669] close(4 [pid 1665] <... openat resumed>) = 3 [pid 1665] chdir("./file1") = 0 [pid 1665] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1665] ioctl(4, LOOP_CLR_FD) = 0 [pid 1665] close(4) = 0 [pid 1665] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1665] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1663] <... futex resumed>) = 0 [pid 1663] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1665] <... futex resumed>) = 0 [pid 1663] <... futex resumed>) = 1 [pid 1665] openat(AT_FDCWD, "./file1", O_RDWR [pid 1663] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1665] <... openat resumed>) = 4 [pid 1665] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1663] <... futex resumed>) = 0 [pid 1665] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1663] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1663] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1665] <... pwrite64 resumed>) = 87490 [pid 1665] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1665] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1663] <... futex resumed>) = 0 [pid 1663] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1663] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1665] <... futex resumed>) = 0 [pid 1665] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1665] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1663] <... futex resumed>) = 0 [pid 1663] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1663] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1665] <... futex resumed>) = 1 [pid 1665] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1664] <... mount resumed>) = 0 [pid 1664] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1664] chdir("./file1") = 0 [pid 1664] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1669] <... close resumed>) = 0 [pid 1669] mkdir("./file1", 0777 [pid 1665] <... pwrite64 resumed>) = 176128 [pid 1669] <... mkdir resumed>) = 0 [pid 1665] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1669] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1665] <... futex resumed>) = 1 [pid 1663] <... futex resumed>) = 0 [pid 1665] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1667] <... mount resumed>) = 0 [pid 1665] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1663] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1663] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1667] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1667] chdir("./file1") = 0 [pid 1667] openat(AT_FDCWD, "/dev/loop0", O_RDWR [ 58.928832][ T1664] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 58.935232][ T1667] EXT4-fs (loop0): Ignoring removed bh option [ 58.953223][ T1667] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 58.974198][ T1665] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1665] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1665] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1663] <... futex resumed>) = 0 [pid 1663] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1663] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1665] <... futex resumed>) = 1 [pid 1665] truncate("./file1", 1) = 0 [pid 1665] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1663] <... futex resumed>) = 0 [pid 1665] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1663] exit_group(0) = ? [pid 1665] <... futex resumed>) = ? [pid 1665] +++ exited with 0 +++ [pid 1663] +++ exited with 0 +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1663, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 284] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 284] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1667] <... openat resumed>) = 4 [pid 1667] ioctl(4, LOOP_CLR_FD) = 0 [pid 1667] close(4) = 0 [pid 1667] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1667] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1664] <... openat resumed>) = 4 [pid 1664] ioctl(4, LOOP_CLR_FD [pid 1660] <... futex resumed>) = 0 [pid 1660] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1667] <... futex resumed>) = 0 [pid 1660] <... futex resumed>) = 1 [pid 1667] openat(AT_FDCWD, "./file1", O_RDWR [pid 1660] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1667] <... openat resumed>) = 4 [pid 1667] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1660] <... futex resumed>) = 0 [pid 1667] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1660] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1667] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1660] <... futex resumed>) = 0 [pid 1667] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1660] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1667] <... pwrite64 resumed>) = 87490 [pid 1667] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1660] <... futex resumed>) = 0 [pid 1667] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1660] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1667] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1660] <... futex resumed>) = 0 [pid 1667] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1660] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1667] <... openat resumed>) = 5 [pid 1667] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1660] <... futex resumed>) = 0 [pid 1667] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1660] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 58.991806][ T1665] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1660] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1667] <... pwrite64 resumed>) = 176128 [pid 1667] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1660] <... futex resumed>) = 0 [pid 1660] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1660] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1667] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1667] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1667] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1660] <... futex resumed>) = 0 [pid 1660] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1660] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1667] <... futex resumed>) = 0 [pid 1667] truncate("./file1", 1) = 0 [pid 1667] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1660] <... futex resumed>) = 0 [pid 1667] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1660] exit_group(0 [pid 1667] <... futex resumed>) = ? [pid 1660] <... exit_group resumed>) = ? [pid 1667] +++ exited with 0 +++ [pid 1660] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1660, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 283] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 283] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 59.044203][ T1667] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 59.060092][ T1667] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 283] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1664] <... ioctl resumed>) = 0 [pid 1664] close(4 [pid 285] <... umount2 resumed>) = 0 [pid 285] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./52/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 285] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] close(4) = 0 [pid 285] rmdir("./52/file1") = 0 [pid 285] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] unlink("./52/binderfs") = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] close(3) = 0 [pid 285] rmdir("./52") = 0 [pid 285] mkdir("./53", 0777) = 0 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1664] <... close resumed>) = 0 [pid 284] <... umount2 resumed>) = 0 [pid 284] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./53/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 284] newfstatat(4, "", [pid 1664] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] <... openat resumed>) = 3 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] <... umount2 resumed>) = 0 [pid 1664] <... futex resumed>) = 1 [pid 1661] <... futex resumed>) = 0 [pid 285] ioctl(3, LOOP_CLR_FD [pid 284] getdents64(4, [pid 1664] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1661] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 284] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1664] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1661] <... futex resumed>) = 0 [pid 285] close(3 [pid 284] getdents64(4, [pid 1664] openat(AT_FDCWD, "./file1", O_RDWR [pid 1661] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] <... close resumed>) = 0 [pid 284] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] close(4) = 0 [pid 284] rmdir("./53/file1") = 0 [pid 284] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] unlink("./53/binderfs" [pid 1664] <... openat resumed>) = 4 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 284] <... unlink resumed>) = 0 [pid 283] newfstatat(AT_FDCWD, "./52/file1", [pid 284] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] close(3) = 0 [pid 284] rmdir("./53") = 0 [pid 284] mkdir("./54", 0777) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 284] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 284] close(3) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1678 ./strace-static-x86_64: Process 1678 attached [pid 1678] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1678] chdir("./54") = 0 [pid 1678] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1678] setpgid(0, 0) = 0 [pid 1678] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1678] write(3, "1000", 4) = 4 [pid 1678] close(3) = 0 [pid 1678] symlink("/dev/binderfs", "./binderfs" [pid 1664] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 1679 attached [pid 1664] <... futex resumed>) = 1 [pid 1661] <... futex resumed>) = 0 [pid 285] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1679 [pid 283] umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1679] set_robust_list(0x55557fe8a6a0, 24 [pid 1664] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1661] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1679] <... set_robust_list resumed>) = 0 [pid 1661] <... futex resumed>) = 0 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1661] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1678] <... symlink resumed>) = 0 [pid 1678] write(1, "executing program\n", 18executing program ) = 18 [pid 1678] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1678] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1678] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1678] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1664] <... pwrite64 resumed>) = 87490 [pid 1679] chdir("./53" [pid 1664] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1679] <... chdir resumed>) = 0 [pid 1678] <... mmap resumed>) = 0x7f8965398000 [pid 1664] <... futex resumed>) = 1 [pid 1661] <... futex resumed>) = 0 [pid 1679] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1664] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1661] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] <... openat resumed>) = 4 [pid 1679] <... prctl resumed>) = 0 [pid 1664] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1661] <... futex resumed>) = 0 [pid 1679] setpgid(0, 0 [pid 1664] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1661] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 283] newfstatat(4, "", [pid 1679] <... setpgid resumed>) = 0 [pid 1664] <... openat resumed>) = 5 [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1678] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 1679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1664] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] getdents64(4, [pid 1678] <... mprotect resumed>) = 0 [pid 1679] <... openat resumed>) = 3 [pid 1664] <... futex resumed>) = 1 [pid 1661] <... futex resumed>) = 0 [pid 283] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 executing program [pid 1679] write(3, "1000", 4 [pid 1664] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1661] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] getdents64(4, [pid 1679] <... write resumed>) = 4 [pid 1661] <... futex resumed>) = 0 [pid 283] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 1679] close(3 [pid 1661] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 283] close(4 [pid 1679] <... close resumed>) = 0 [pid 283] <... close resumed>) = 0 [pid 1679] symlink("/dev/binderfs", "./binderfs" [pid 283] rmdir("./52/file1" [pid 1679] <... symlink resumed>) = 0 [pid 1678] rt_sigprocmask(SIG_BLOCK, ~[], [pid 283] <... rmdir resumed>) = 0 [pid 1679] write(1, "executing program\n", 18 [pid 283] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1679] <... write resumed>) = 18 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1679] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1678] <... rt_sigprocmask resumed>[], 8) = 0 [pid 283] newfstatat(AT_FDCWD, "./52/binderfs", [pid 1679] <... futex resumed>) = 0 [pid 283] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1679] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 283] unlink("./52/binderfs" [pid 1679] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1678] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1679] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 283] <... unlink resumed>) = 0 [pid 1679] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 283] getdents64(3, [pid 1679] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1678] <... clone3 resumed> => {parent_tid=[1680]}, 88) = 1680 [pid 283] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 1679] <... mmap resumed>) = 0x7f8965398000 [pid 283] close(3 [pid 1679] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 283] <... close resumed>) = 0 [pid 1679] <... mprotect resumed>) = 0 [pid 283] rmdir("./52" [pid 1678] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1679] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1678] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1678] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1680 attached [pid 283] <... rmdir resumed>) = 0 [pid 1679] <... rt_sigprocmask resumed>[], 8) = 0 [pid 283] mkdir("./53", 0777 [pid 1679] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1680] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1680] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 283] <... mkdir resumed>) = 0 [pid 1680] memfd_create("syzkaller", 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1679] <... clone3 resumed> => {parent_tid=[1681]}, 88) = 1681 [pid 283] <... openat resumed>) = 3 [pid 1679] rt_sigprocmask(SIG_SETMASK, [], [pid 283] ioctl(3, LOOP_CLR_FD [pid 1679] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 283] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1679] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] close(3 [pid 1679] <... futex resumed>) = 0 [pid 1679] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 283] <... close resumed>) = 0 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1680] <... memfd_create resumed>) = 3 [pid 1680] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 283] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1683 [ 59.181714][ T1669] EXT4-fs (loop4): Ignoring removed nobh option [ 59.198038][ T1669] EXT4-fs (loop4): Ignoring removed bh option [ 59.204386][ T1669] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1680] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 ./strace-static-x86_64: Process 1681 attached [pid 1681] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1681] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1681] memfd_create("syzkaller", 0) = 3 [pid 1681] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1681] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1680] munmap(0x7f895cf98000, 138412032) = 0 [pid 1680] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1680] ioctl(4, LOOP_SET_FD, 3 [pid 1681] <... write resumed>) = 524288 [pid 1681] munmap(0x7f895cf98000, 138412032) = 0 [pid 1681] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1680] <... ioctl resumed>) = 0 [pid 1680] close(3) = 0 [pid 1680] close(4) = 0 [pid 1680] mkdir("./file1", 0777) = 0 [pid 1680] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"..../strace-static-x86_64: Process 1683 attached [pid 1681] <... openat resumed>) = 4 [pid 1683] set_robust_list(0x55557fe8a6a0, 24 [pid 1664] <... pwrite64 resumed>) = 176128 [pid 1664] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1661] <... futex resumed>) = 0 [pid 1661] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1661] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1664] <... futex resumed>) = 1 [pid 1664] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1683] <... set_robust_list resumed>) = 0 [pid 1664] <... pwrite64 resumed>) = 176128 [pid 1664] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1661] <... futex resumed>) = 0 [pid 1661] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1661] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1664] <... futex resumed>) = 1 [pid 1664] truncate("./file1", 1) = 0 [pid 1664] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1661] <... futex resumed>) = 0 [pid 1661] exit_group(0) = ? [pid 1664] <... futex resumed>) = ? [pid 1664] +++ exited with 0 +++ [pid 1661] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1661, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 286] restart_syscall(<... resuming interrupted clone ...> [pid 1683] chdir("./53" [pid 1669] <... mount resumed>) = 0 [pid 1683] <... chdir resumed>) = 0 [pid 1681] ioctl(4, LOOP_SET_FD, 3 [pid 1669] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1683] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1669] <... openat resumed>) = 3 [pid 1683] <... prctl resumed>) = 0 [pid 1669] chdir("./file1" [pid 1683] setpgid(0, 0 [pid 1669] <... chdir resumed>) = 0 [pid 1683] <... setpgid resumed>) = 0 [pid 1669] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1683] write(3, "1000", 4) = 4 [pid 1683] close(3 [pid 1669] <... openat resumed>) = 4 [pid 1683] <... close resumed>) = 0 [ 59.230628][ T1664] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 59.246449][ T1680] EXT4-fs (loop1): Ignoring removed nobh option [ 59.247666][ T1664] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 59.252937][ T1680] EXT4-fs (loop1): Ignoring removed bh option executing program [pid 1683] symlink("/dev/binderfs", "./binderfs" [pid 1681] <... ioctl resumed>) = 0 [pid 1669] ioctl(4, LOOP_CLR_FD [pid 1683] <... symlink resumed>) = 0 [pid 1669] <... ioctl resumed>) = 0 [pid 1669] close(4 [pid 1683] write(1, "executing program\n", 18 [pid 1669] <... close resumed>) = 0 [pid 1683] <... write resumed>) = 18 [pid 1669] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1683] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1669] <... futex resumed>) = 1 [pid 1662] <... futex resumed>) = 0 [pid 1683] <... futex resumed>) = 0 [pid 1669] openat(AT_FDCWD, "./file1", O_RDWR [pid 1662] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1683] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1669] <... openat resumed>) = 4 [pid 1662] <... futex resumed>) = 0 [pid 1683] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1669] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1662] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1683] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1669] <... futex resumed>) = 0 [pid 1662] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1683] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1669] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1662] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1681] close(3 [pid 1669] <... pwrite64 resumed>) = 87490 [pid 1662] <... futex resumed>) = 0 [pid 286] <... restart_syscall resumed>) = 0 [pid 1681] <... close resumed>) = 0 [pid 1683] <... mmap resumed>) = 0x7f8965398000 [pid 1662] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1681] close(4 [pid 286] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1683] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1683] <... mprotect resumed>) = 0 [pid 286] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1683] rt_sigprocmask(SIG_BLOCK, ~[], [pid 286] <... openat resumed>) = 3 [pid 1683] <... rt_sigprocmask resumed>[], 8) = 0 [pid 286] newfstatat(3, "", [pid 1683] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1683] <... clone3 resumed> => {parent_tid=[1687]}, 88) = 1687 [pid 286] getdents64(3, [pid 1683] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1683] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1683] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 286] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 1687 attached [pid 1669] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1687] set_robust_list(0x7f89653b89a0, 24 [pid 1669] <... futex resumed>) = 1 [pid 1662] <... futex resumed>) = 0 [pid 1662] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1687] <... set_robust_list resumed>) = 0 [pid 1669] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1662] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1687] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1669] <... openat resumed>) = 5 [pid 1669] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1662] <... futex resumed>) = 0 [pid 1687] memfd_create("syzkaller", 0 [pid 1662] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1687] <... memfd_create resumed>) = 3 [pid 1662] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1669] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1687] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1687] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1687] munmap(0x7f895cf98000, 138412032) = 0 [pid 1687] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1680] <... mount resumed>) = 0 [pid 1680] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1680] chdir("./file1") = 0 [pid 1680] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1669] <... pwrite64 resumed>) = 176128 [pid 1669] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1662] <... futex resumed>) = 0 [pid 1662] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1662] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1669] <... futex resumed>) = 1 [pid 1669] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1681] <... close resumed>) = 0 [pid 1681] mkdir("./file1", 0777) = 0 [pid 1681] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1669] <... pwrite64 resumed>) = 176128 [pid 1669] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1669] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1662] <... futex resumed>) = 0 [pid 1662] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1669] <... futex resumed>) = 0 [pid 1662] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1669] truncate("./file1", 1) = 0 [pid 1669] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1662] <... futex resumed>) = 0 [pid 1669] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1662] exit_group(0) = ? [pid 1669] <... futex resumed>) = ? [pid 1669] +++ exited with 0 +++ [pid 1662] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1662, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 59.276354][ T1680] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 59.301530][ T1669] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 59.317541][ T1669] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 287] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1687] <... openat resumed>) = 4 [pid 1680] <... openat resumed>) = 4 [pid 1680] ioctl(4, LOOP_CLR_FD) = 0 [pid 1680] close(4 [pid 1687] ioctl(4, LOOP_SET_FD, 3 [pid 1680] <... close resumed>) = 0 [pid 1680] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1680] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1678] <... futex resumed>) = 0 [pid 1678] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1680] <... futex resumed>) = 0 [pid 1678] <... futex resumed>) = 1 [pid 1680] openat(AT_FDCWD, "./file1", O_RDWR [pid 1678] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1687] <... ioctl resumed>) = 0 [pid 1687] close(3) = 0 [pid 1687] close(4 [pid 1680] <... openat resumed>) = 4 [pid 1680] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1678] <... futex resumed>) = 0 [pid 1680] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1678] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1680] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1678] <... futex resumed>) = 0 [pid 1680] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1678] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1680] <... pwrite64 resumed>) = 87490 [pid 1680] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1678] <... futex resumed>) = 0 [pid 1680] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1678] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1680] <... openat resumed>) = 5 [pid 1678] <... futex resumed>) = 0 [pid 1680] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1678] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1680] <... futex resumed>) = 0 [pid 1678] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1680] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1678] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 286] <... umount2 resumed>) = 0 [pid 1678] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./54/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 286] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] close(4) = 0 [pid 286] rmdir("./54/file1") = 0 [pid 286] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./54/binderfs") = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] close(3) = 0 [pid 286] rmdir("./54") = 0 [pid 286] mkdir("./55", 0777) = 0 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1680] <... pwrite64 resumed>) = 176128 [pid 1680] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1678] <... futex resumed>) = 0 [pid 1678] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1678] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1680] <... futex resumed>) = 1 [ 59.380917][ T1681] EXT4-fs (loop2): Ignoring removed nobh option [ 59.387926][ T1681] EXT4-fs (loop2): Ignoring removed bh option [ 59.400333][ T1681] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 59.401511][ T1680] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1680] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1680] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1678] <... futex resumed>) = 0 [pid 1678] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1678] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1680] <... futex resumed>) = 1 [pid 1680] truncate("./file1", 1 [pid 1681] <... mount resumed>) = 0 [pid 1681] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1681] chdir("./file1") = 0 [pid 1681] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1680] <... truncate resumed>) = 0 [pid 1680] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1680] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1678] <... futex resumed>) = 0 [pid 1678] exit_group(0) = ? [pid 1680] <... futex resumed>) = ? [pid 1680] +++ exited with 0 +++ [pid 1678] +++ exited with 0 +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1678, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 284] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 284] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 59.428038][ T1680] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 284] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1687] <... close resumed>) = 0 [pid 1681] <... openat resumed>) = 4 [pid 287] <... umount2 resumed>) = 0 [pid 286] <... openat resumed>) = 3 [pid 1687] mkdir("./file1", 0777) = 0 [pid 1687] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1681] ioctl(4, LOOP_CLR_FD [pid 287] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] ioctl(3, LOOP_CLR_FD [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./53/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./53/file1") = 0 [pid 287] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./53/binderfs") = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./53") = 0 [pid 287] mkdir("./54", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1687] <... mount resumed>) = 0 [pid 1687] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1687] chdir("./file1") = 0 [pid 1687] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 287] <... openat resumed>) = 3 [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1681] <... ioctl resumed>) = 0 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3 [pid 1681] close(4 [pid 287] <... close resumed>) = 0 [pid 286] close(3 [pid 284] <... umount2 resumed>) = 0 [pid 1681] <... close resumed>) = 0 [pid 286] <... close resumed>) = 0 [pid 1681] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1681] <... futex resumed>) = 1 [pid 1679] <... futex resumed>) = 0 [pid 1679] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1695 [pid 1681] openat(AT_FDCWD, "./file1", O_RDWR [pid 1679] <... futex resumed>) = 0 [pid 286] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1696 [pid 284] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1679] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1681] <... openat resumed>) = 4 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1681] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] newfstatat(AT_FDCWD, "./54/file1", [pid 1681] <... futex resumed>) = 1 [pid 1679] <... futex resumed>) = 0 [ 59.531387][ T1687] EXT4-fs (loop0): Ignoring removed nobh option [ 59.537695][ T1687] EXT4-fs (loop0): Ignoring removed bh option [ 59.543757][ T1687] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1681] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1679] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1696 attached ./strace-static-x86_64: Process 1695 attached ) = 0 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1687] <... openat resumed>) = 4 [pid 1679] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 284] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(4, [pid 1681] <... pwrite64 resumed>) = 87490 [pid 284] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] close(4) = 0 [pid 284] rmdir("./54/file1" [pid 1681] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1679] <... futex resumed>) = 0 [pid 1679] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1679] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1681] <... futex resumed>) = 1 [pid 284] <... rmdir resumed>) = 0 [pid 1681] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 284] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1681] <... openat resumed>) = 5 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1681] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] newfstatat(AT_FDCWD, "./54/binderfs", [pid 1679] <... futex resumed>) = 0 [pid 284] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1679] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] unlink("./54/binderfs" [pid 1681] <... futex resumed>) = 1 [pid 1679] <... futex resumed>) = 0 [pid 1681] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1679] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] <... unlink resumed>) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] close(3) = 0 executing program executing program [pid 1696] set_robust_list(0x55557fe8a6a0, 24 [pid 1695] set_robust_list(0x55557fe8a6a0, 24 [pid 1687] ioctl(4, LOOP_CLR_FD [pid 284] rmdir("./54") = 0 [pid 284] mkdir("./55", 0777) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 284] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 284] close(3) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1697 [pid 1696] <... set_robust_list resumed>) = 0 [pid 1696] chdir("./55") = 0 [pid 1696] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1696] setpgid(0, 0) = 0 [pid 1696] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1696] write(3, "1000", 4) = 4 [pid 1696] close(3) = 0 [pid 1696] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1696] write(1, "executing program\n", 18) = 18 [pid 1696] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1696] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1696] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1696] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1696] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1696] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1696] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1687] <... ioctl resumed>) = 0 [pid 1695] <... set_robust_list resumed>) = 0 [pid 1687] close(4 [pid 1695] chdir("./54" [pid 1687] <... close resumed>) = 0 [pid 1696] <... clone3 resumed> => {parent_tid=[1698]}, 88) = 1698 [pid 1696] rt_sigprocmask(SIG_SETMASK, [], [pid 1687] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1696] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1696] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1687] <... futex resumed>) = 1 [pid 1696] <... futex resumed>) = 0 [pid 1687] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1696] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1695] <... chdir resumed>) = 0 [pid 1695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1695] setpgid(0, 0) = 0 [pid 1695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1695] write(3, "1000", 4) = 4 [pid 1695] close(3) = 0 [pid 1695] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1695] write(1, "executing program\n", 18) = 18 [pid 1695] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1695] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1695] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1695] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1695] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1695] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1699]}, 88) = 1699 [pid 1695] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1695] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1695] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1683] <... futex resumed>) = 0 [pid 1683] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1697 attached ./strace-static-x86_64: Process 1699 attached ./strace-static-x86_64: Process 1698 attached [pid 1687] <... futex resumed>) = 0 [pid 1683] <... futex resumed>) = 1 [pid 1687] openat(AT_FDCWD, "./file1", O_RDWR [pid 1683] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1699] set_robust_list(0x7f89653b89a0, 24 [pid 1698] set_robust_list(0x7f89653b89a0, 24 [pid 1697] set_robust_list(0x55557fe8a6a0, 24 [pid 1687] <... openat resumed>) = 4 [pid 1699] <... set_robust_list resumed>) = 0 [pid 1698] <... set_robust_list resumed>) = 0 [pid 1697] <... set_robust_list resumed>) = 0 [pid 1698] rt_sigprocmask(SIG_SETMASK, [], [pid 1699] rt_sigprocmask(SIG_SETMASK, [], [pid 1698] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1697] chdir("./55" [pid 1687] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1699] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1699] memfd_create("syzkaller", 0 [pid 1698] memfd_create("syzkaller", 0 [pid 1697] <... chdir resumed>) = 0 [pid 1687] <... futex resumed>) = 1 [pid 1683] <... futex resumed>) = 0 [pid 1699] <... memfd_create resumed>) = 3 [pid 1683] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1699] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1698] <... memfd_create resumed>) = 3 [pid 1697] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1687] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1698] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1697] <... prctl resumed>) = 0 [pid 1683] <... futex resumed>) = 0 [pid 1699] <... mmap resumed>) = 0x7f895cf98000 [pid 1687] <... pwrite64 resumed>) = 87490 [pid 1683] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1698] <... mmap resumed>) = 0x7f895cf98000 [pid 1697] setpgid(0, 0 [pid 1681] <... pwrite64 resumed>) = 176128 [pid 1681] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1681] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1687] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1687] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1683] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1683] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1683] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1699] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1697] <... setpgid resumed>) = 0 [pid 1679] <... futex resumed>) = 0 [pid 1687] <... futex resumed>) = 0 [pid 1687] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1687] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1683] <... futex resumed>) = 0 [pid 1683] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1683] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1698] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1687] <... futex resumed>) = 1 [pid 1697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1679] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1697] <... openat resumed>) = 3 [pid 1679] <... futex resumed>) = 1 [pid 1697] write(3, "1000", 4 [pid 1679] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1697] <... write resumed>) = 4 [pid 1687] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1697] close(3) = 0 [pid 1697] symlink("/dev/binderfs", "./binderfs" [pid 1699] <... write resumed>) = 524288 [pid 1697] <... symlink resumed>) = 0 executing program [pid 1697] write(1, "executing program\n", 18 [pid 1699] munmap(0x7f895cf98000, 138412032 [pid 1698] <... write resumed>) = 524288 [pid 1697] <... write resumed>) = 18 [pid 1681] <... futex resumed>) = 0 [pid 1698] munmap(0x7f895cf98000, 138412032 [pid 1697] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1699] <... munmap resumed>) = 0 [pid 1698] <... munmap resumed>) = 0 [pid 1697] <... futex resumed>) = 0 [pid 1699] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1698] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1697] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1699] <... openat resumed>) = 4 [pid 1698] <... openat resumed>) = 4 [pid 1697] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1699] ioctl(4, LOOP_SET_FD, 3 [pid 1698] ioctl(4, LOOP_SET_FD, 3 [pid 1697] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1681] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1697] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1697] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1699] <... ioctl resumed>) = 0 [pid 1697] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1699] close(3 [pid 1697] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1699] <... close resumed>) = 0 [pid 1699] close(4 [pid 1697] <... clone3 resumed> => {parent_tid=[1702]}, 88) = 1702 [pid 1697] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 59.603385][ T1681] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 59.634885][ T1681] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata ./strace-static-x86_64: Process 1702 attached [pid 1698] <... ioctl resumed>) = 0 [pid 1697] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1681] <... pwrite64 resumed>) = 176128 [pid 1702] set_robust_list(0x7f89653b89a0, 24 [pid 1698] close(3 [pid 1697] <... futex resumed>) = 0 [pid 1702] <... set_robust_list resumed>) = 0 [pid 1698] <... close resumed>) = 0 [pid 1697] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1702] rt_sigprocmask(SIG_SETMASK, [], [pid 1698] close(4 [pid 1702] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1702] memfd_create("syzkaller", 0) = 3 [pid 1702] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1702] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1702] munmap(0x7f895cf98000, 138412032) = 0 [pid 1702] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1681] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1679] <... futex resumed>) = 0 [pid 1679] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1679] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1681] <... futex resumed>) = 1 [pid 1681] truncate("./file1", 1) = 0 [pid 1681] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1679] <... futex resumed>) = 0 [pid 1679] exit_group(0) = ? [pid 1681] <... futex resumed>) = ? [pid 1681] +++ exited with 0 +++ [pid 1679] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1679, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 285] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 285] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1687] <... pwrite64 resumed>) = 176128 [pid 1687] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1683] <... futex resumed>) = 0 [pid 1683] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1683] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1687] <... futex resumed>) = 1 [pid 1687] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1699] <... close resumed>) = 0 [pid 1687] <... pwrite64 resumed>) = 176128 [pid 1687] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1683] <... futex resumed>) = 0 [pid 1683] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1683] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1699] mkdir("./file1", 0777 [pid 1687] <... futex resumed>) = 1 [pid 1699] <... mkdir resumed>) = 0 [pid 1687] truncate("./file1", 1 [pid 1699] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1687] <... truncate resumed>) = 0 [pid 1687] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1683] <... futex resumed>) = 0 [pid 1683] exit_group(0) = ? [pid 1687] <... futex resumed>) = ? [pid 1687] +++ exited with 0 +++ [pid 1683] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1683, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 283] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 283] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1702] <... openat resumed>) = 4 [pid 1698] <... close resumed>) = 0 [pid 1702] ioctl(4, LOOP_SET_FD, 3 [pid 1698] mkdir("./file1", 0777) = 0 [pid 1698] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1702] <... ioctl resumed>) = 0 [pid 1702] close(3) = 0 [ 59.638088][ T1687] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 59.666579][ T1687] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1702] close(4) = 0 [pid 1702] mkdir("./file1", 0777) = 0 [pid 1702] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 285] <... umount2 resumed>) = 0 [pid 285] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./53/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 285] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] close(4) = 0 [pid 285] rmdir("./53/file1") = 0 [pid 285] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] unlink("./53/binderfs") = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] close(3) = 0 [pid 285] rmdir("./53") = 0 [pid 285] mkdir("./54", 0777) = 0 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 285] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 285] close(3) = 0 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1704 ./strace-static-x86_64: Process 1704 attached [pid 1704] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1704] chdir("./54") = 0 [pid 1704] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1704] setpgid(0, 0) = 0 [pid 1704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1704] write(3, "1000", 4) = 4 [pid 1704] close(3) = 0 [pid 1704] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1704] write(1, "executing program\n", 18executing program ) = 18 [pid 1704] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1704] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1704] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1704] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1704] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1704] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1704] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1705]}, 88) = 1705 [pid 1704] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1704] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1704] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1705 attached [pid 1705] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1705] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1705] memfd_create("syzkaller", 0) = 3 [pid 1705] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1705] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1705] munmap(0x7f895cf98000, 138412032) = 0 [pid 1705] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 1705] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1705] close(3) = 0 [ 59.771416][ T1699] EXT4-fs (loop4): Ignoring removed nobh option [ 59.777904][ T1698] EXT4-fs (loop3): Ignoring removed nobh option [ 59.784173][ T1698] EXT4-fs (loop3): Ignoring removed bh option [ 59.791034][ T1702] EXT4-fs (loop1): Ignoring removed nobh option [ 59.793347][ T1699] EXT4-fs (loop4): Ignoring removed bh option [ 59.799292][ T1702] EXT4-fs (loop1): Ignoring removed bh option [ 59.804501][ T1699] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1705] close(4 [pid 1699] <... mount resumed>) = 0 [pid 1699] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1699] chdir("./file1") = 0 [pid 1699] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1698] <... mount resumed>) = 0 [pid 1702] <... mount resumed>) = 0 [pid 1698] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1702] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1702] chdir("./file1") = 0 [pid 1702] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1698] <... openat resumed>) = 3 [pid 1698] chdir("./file1") = 0 [pid 1698] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1699] <... openat resumed>) = 4 [pid 1698] <... openat resumed>) = 4 [pid 283] <... umount2 resumed>) = 0 [pid 1698] ioctl(4, LOOP_CLR_FD) = 0 [pid 1698] close(4) = 0 [pid 1698] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1696] <... futex resumed>) = 0 [pid 283] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1698] openat(AT_FDCWD, "./file1", O_RDWR [pid 1696] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1696] <... futex resumed>) = 0 [pid 283] newfstatat(AT_FDCWD, "./53/file1", [pid 1699] ioctl(4, LOOP_CLR_FD [pid 1696] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1698] <... openat resumed>) = 4 [pid 283] umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 283] newfstatat(4, "", [pid 1698] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] close(4) = 0 [pid 283] rmdir("./53/file1" [pid 1698] <... futex resumed>) = 1 [pid 1696] <... futex resumed>) = 0 [ 59.809963][ T1698] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 59.822225][ T1702] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1698] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1696] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 283] <... rmdir resumed>) = 0 [pid 283] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] unlink("./53/binderfs") = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] close(3) = 0 [pid 283] rmdir("./53") = 0 [pid 283] mkdir("./54", 0777) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1696] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1698] <... pwrite64 resumed>) = 87490 [pid 1698] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1696] <... futex resumed>) = 0 [pid 1696] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1696] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1698] <... futex resumed>) = 1 [pid 1698] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1698] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1696] <... futex resumed>) = 0 [pid 1696] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1696] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1698] <... futex resumed>) = 1 [pid 1698] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1698] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1696] <... futex resumed>) = 0 [pid 1696] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1696] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1698] <... futex resumed>) = 1 [pid 1698] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1705] <... close resumed>) = 0 [pid 1699] <... ioctl resumed>) = 0 [pid 1705] mkdir("./file1", 0777 [pid 1698] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1699] close(4 [pid 1698] <... futex resumed>) = 1 [pid 1696] <... futex resumed>) = 0 [pid 1696] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1696] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1698] truncate("./file1", 1 [pid 1705] <... mkdir resumed>) = 0 [pid 1705] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1698] <... truncate resumed>) = 0 [pid 1698] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1698] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1696] <... futex resumed>) = 0 [pid 1696] exit_group(0) = ? [pid 1698] <... futex resumed>) = ? [pid 1698] +++ exited with 0 +++ [pid 1696] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1696, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 286] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 286] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 59.887869][ T1698] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 59.903075][ T1698] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 286] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 1702] <... openat resumed>) = 4 [pid 283] <... openat resumed>) = 3 [pid 1702] ioctl(4, LOOP_CLR_FD [pid 283] ioctl(3, LOOP_CLR_FD [pid 1702] <... ioctl resumed>) = 0 [pid 283] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1702] close(4 [pid 283] close(3 [pid 1702] <... close resumed>) = 0 [pid 283] <... close resumed>) = 0 [pid 1702] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1702] <... futex resumed>) = 1 [pid 1702] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 283] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1713 ./strace-static-x86_64: Process 1713 attached [pid 1713] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1713] chdir("./54") = 0 [pid 1713] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1713] setpgid(0, 0) = 0 [pid 1713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1713] write(3, "1000", 4) = 4 [pid 1713] close(3) = 0 [pid 1713] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1713] write(1, "executing program\n", 18) = 18 [pid 1713] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1713] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1713] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1713] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1713] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1699] <... close resumed>) = 0 [pid 1697] <... futex resumed>) = 0 [pid 1713] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1697] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1699] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1702] <... futex resumed>) = 0 [pid 1697] <... futex resumed>) = 1 [pid 1699] <... futex resumed>) = 1 [pid 1702] openat(AT_FDCWD, "./file1", O_RDWR [pid 1699] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1697] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1695] <... futex resumed>) = 0 [pid 1713] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1699] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1695] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1702] <... openat resumed>) = 4 [pid 1702] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1699] openat(AT_FDCWD, "./file1", O_RDWR [pid 1695] <... futex resumed>) = 0 [pid 1695] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1713] <... clone3 resumed> => {parent_tid=[1714]}, 88) = 1714 [pid 1702] <... futex resumed>) = 1 [pid 1699] <... openat resumed>) = 4 [pid 1697] <... futex resumed>) = 0 [pid 1713] rt_sigprocmask(SIG_SETMASK, [], [pid 1702] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1699] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1697] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1713] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1713] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1713] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1714 attached [pid 1714] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1714] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1714] memfd_create("syzkaller", 0) = 3 [pid 1714] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1702] <... pwrite64 resumed>) = 87490 [pid 1699] <... futex resumed>) = 1 [pid 1697] <... futex resumed>) = 0 [pid 1695] <... futex resumed>) = 0 [pid 1699] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1697] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1695] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1714] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1714] munmap(0x7f895cf98000, 138412032) = 0 [pid 1714] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1699] <... pwrite64 resumed>) = 87490 [pid 1695] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1702] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1699] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1697] <... futex resumed>) = 0 [pid 1697] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1697] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1702] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1699] <... futex resumed>) = 1 [pid 1695] <... futex resumed>) = 0 [pid 1695] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1702] <... openat resumed>) = 5 [pid 1699] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1695] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1702] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1699] <... openat resumed>) = 5 [pid 1697] <... futex resumed>) = 0 [pid 1702] <... futex resumed>) = 1 [pid 1697] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1702] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1699] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1697] <... futex resumed>) = 0 [pid 1697] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1695] <... futex resumed>) = 0 [pid 1699] <... futex resumed>) = 1 [pid 1695] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1699] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1695] <... futex resumed>) = 0 [pid 1695] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1699] <... pwrite64 resumed>) = 176128 [pid 1699] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1695] <... futex resumed>) = 0 [pid 1695] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1695] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1699] <... futex resumed>) = 1 [pid 1699] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1702] <... pwrite64 resumed>) = 176128 [pid 1702] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1702] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1697] <... futex resumed>) = 0 [pid 1697] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1697] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1702] <... futex resumed>) = 0 [pid 1702] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1699] <... pwrite64 resumed>) = 176128 [pid 1699] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1695] <... futex resumed>) = 0 [pid 1695] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1695] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1699] <... futex resumed>) = 1 [pid 1699] truncate("./file1", 1) = 0 [pid 1699] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1695] <... futex resumed>) = 0 [pid 1695] exit_group(0) = ? [pid 1699] <... futex resumed>) = ? [pid 1699] +++ exited with 0 +++ [pid 1695] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1695, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [ 59.976472][ T1699] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 59.976858][ T1702] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 59.992109][ T1699] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1702] <... pwrite64 resumed>) = 176128 [pid 1702] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1697] <... futex resumed>) = 0 [pid 1697] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1697] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1702] <... futex resumed>) = 1 [pid 1702] truncate("./file1", 1 [pid 286] <... umount2 resumed>) = 0 [pid 1702] <... truncate resumed>) = 0 [pid 1702] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1697] <... futex resumed>) = 0 [pid 1697] exit_group(0) = ? [pid 1702] <... futex resumed>) = ? [pid 1702] +++ exited with 0 +++ [pid 1697] +++ exited with 0 +++ [pid 1714] <... openat resumed>) = 4 [pid 286] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./55/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 286] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] close(4) = 0 [pid 286] rmdir("./55/file1") = 0 [pid 286] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1714] ioctl(4, LOOP_SET_FD, 3 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1697, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- [pid 286] newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./55/binderfs") = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] close(3) = 0 [pid 286] rmdir("./55") = 0 [pid 286] mkdir("./56", 0777) = 0 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 284] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 284] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1714] <... ioctl resumed>) = 0 [pid 1714] close(3) = 0 [pid 1714] close(4 [pid 286] <... openat resumed>) = 3 [pid 286] ioctl(3, LOOP_CLR_FD [pid 1714] <... close resumed>) = 0 [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1714] mkdir("./file1", 0777) = 0 [pid 286] close(3 [pid 1714] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1705] <... mount resumed>) = 0 [pid 1705] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1705] chdir("./file1") = 0 [ 60.008418][ T1702] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 60.042802][ T1705] EXT4-fs (loop2): Ignoring removed nobh option [ 60.050208][ T1705] EXT4-fs (loop2): Ignoring removed bh option [ 60.056714][ T1705] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1705] openat(AT_FDCWD, "/dev/loop2", O_RDWRexecuting program [pid 286] <... close resumed>) = 0 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1718 ./strace-static-x86_64: Process 1718 attached [pid 1718] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1718] chdir("./56") = 0 [pid 1718] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1718] setpgid(0, 0) = 0 [pid 1718] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1718] write(3, "1000", 4) = 4 [pid 1718] close(3) = 0 [pid 1718] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1718] write(1, "executing program\n", 18) = 18 [pid 1718] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1718] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1718] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1718] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1718] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1718] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1718] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0}./strace-static-x86_64: Process 1719 attached => {parent_tid=[1719]}, 88) = 1719 [pid 1719] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1719] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1719] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1718] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1718] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1719] <... futex resumed>) = 0 [pid 1718] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1719] memfd_create("syzkaller", 0) = 3 [pid 1719] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1719] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1719] munmap(0x7f895cf98000, 138412032) = 0 [pid 1719] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 1705] <... openat resumed>) = 4 [pid 287] <... umount2 resumed>) = 0 [pid 284] <... umount2 resumed>) = 0 [pid 1705] ioctl(4, LOOP_CLR_FD [pid 287] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1705] <... ioctl resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1705] close(4 [pid 287] newfstatat(AT_FDCWD, "./54/file1", [pid 284] newfstatat(AT_FDCWD, "./55/file1", [pid 1705] <... close resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1705] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1719] ioctl(4, LOOP_SET_FD, 3 [pid 1705] <... futex resumed>) = 1 [pid 1704] <... futex resumed>) = 0 [pid 287] openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 284] openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] <... openat resumed>) = 4 [pid 284] <... openat resumed>) = 4 [pid 287] newfstatat(4, "", [pid 284] newfstatat(4, "", [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, [pid 284] getdents64(4, [pid 1704] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, [pid 284] getdents64(4, [pid 287] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] close(4 [pid 284] close(4 [pid 1704] <... futex resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 284] <... close resumed>) = 0 [pid 287] rmdir("./54/file1" [pid 284] rmdir("./55/file1" [pid 1704] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... rmdir resumed>) = 0 [pid 287] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] <... rmdir resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] newfstatat(AT_FDCWD, "./54/binderfs", [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] newfstatat(AT_FDCWD, "./55/binderfs", [pid 1705] openat(AT_FDCWD, "./file1", O_RDWR [pid 287] unlink("./54/binderfs" [pid 284] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... unlink resumed>) = 0 [pid 284] unlink("./55/binderfs" [pid 287] getdents64(3, [pid 1705] <... openat resumed>) = 4 [pid 287] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] <... unlink resumed>) = 0 [pid 287] close(3 [pid 284] getdents64(3, [pid 287] <... close resumed>) = 0 [pid 284] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] rmdir("./54" [pid 284] close(3 [pid 287] <... rmdir resumed>) = 0 [pid 284] <... close resumed>) = 0 [pid 287] mkdir("./55", 0777 [pid 284] rmdir("./55" [pid 1719] <... ioctl resumed>) = 0 [pid 1705] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... mkdir resumed>) = 0 [pid 284] <... rmdir resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 284] mkdir("./56", 0777 [pid 287] <... openat resumed>) = 3 [pid 284] <... mkdir resumed>) = 0 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1721 [pid 1705] <... futex resumed>) = 1 [pid 1705] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1719] close(3) = 0 [pid 1719] close(4 [pid 284] <... openat resumed>) = 3 [pid 284] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 284] close(3) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1722 ./strace-static-x86_64: Process 1721 attached [pid 1721] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1704] <... futex resumed>) = 0 [pid 1721] chdir("./55") = 0 [pid 1721] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1721] setpgid(0, 0) = 0 [pid 1721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1721] write(3, "1000", 4) = 4 [pid 1721] close(3) = 0 [pid 1721] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1721] write(1, "executing program\n", 18executing program ) = 18 [pid 1721] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1721] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1719] <... close resumed>) = 0 [pid 1721] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1721] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1721] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1721] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1721] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1724]}, 88) = 1724 [pid 1721] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1721] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1721] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1722 attached [pid 1722] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1722] chdir("./56") = 0 [pid 1722] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1722] setpgid(0, 0) = 0 [pid 1722] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1722] write(3, "1000", 4) = 4 [pid 1722] close(3) = 0 [pid 1722] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1722] write(1, "executing program\n", 18executing program ) = 18 [pid 1722] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1722] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1722] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1722] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1719] mkdir("./file1", 0777 [pid 1704] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1722] <... mmap resumed>) = 0x7f8965398000 [pid 1705] <... futex resumed>) = 0 [pid 1704] <... futex resumed>) = 1 [pid 1722] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1719] <... mkdir resumed>) = 0 [pid 1705] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1704] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1722] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1722] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1726]}, 88) = 1726 [pid 1722] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1722] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1722] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1719] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1714] <... mount resumed>) = 0 [ 60.183138][ T1714] EXT4-fs (loop0): Ignoring removed nobh option [ 60.189785][ T1714] EXT4-fs (loop0): Ignoring removed bh option [ 60.211019][ T1714] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1714] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1714] chdir("./file1") = 0 ./strace-static-x86_64: Process 1724 attached [pid 1724] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1724] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1724] memfd_create("syzkaller", 0) = 3 [pid 1724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1714] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1714] ioctl(4, LOOP_CLR_FD [pid 1724] <... mmap resumed>) = 0x7f895cf98000 [pid 1714] <... ioctl resumed>) = 0 [pid 1705] <... pwrite64 resumed>) = 87490 [pid 1714] close(4 [pid 1705] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1714] <... close resumed>) = 0 [pid 1724] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1724] munmap(0x7f895cf98000, 138412032) = 0 [pid 1724] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 1724] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 1726 attached [pid 1726] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1726] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1714] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1714] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1713] <... futex resumed>) = 0 [pid 1714] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1713] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1714] openat(AT_FDCWD, "./file1", O_RDWR [pid 1713] <... futex resumed>) = 0 [pid 1705] <... futex resumed>) = 1 [pid 1704] <... futex resumed>) = 0 [pid 1704] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1726] memfd_create("syzkaller", 0 [pid 1704] <... futex resumed>) = 0 [pid 1713] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1714] <... openat resumed>) = 4 [pid 1705] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1704] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1714] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1705] <... openat resumed>) = 5 [pid 1726] <... memfd_create resumed>) = 3 [pid 1726] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1714] <... futex resumed>) = 1 [pid 1713] <... futex resumed>) = 0 [pid 1714] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1713] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1705] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1714] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1713] <... futex resumed>) = 0 [pid 1705] <... futex resumed>) = 1 [pid 1714] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1713] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1704] <... futex resumed>) = 0 [pid 1726] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1714] <... pwrite64 resumed>) = 87490 [pid 1705] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1704] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1714] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1726] <... write resumed>) = 524288 [pid 1726] munmap(0x7f895cf98000, 138412032) = 0 [pid 1726] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1724] <... ioctl resumed>) = 0 [pid 1724] close(3) = 0 [pid 1724] close(4 [pid 1704] <... futex resumed>) = 0 [pid 1714] <... futex resumed>) = 1 [pid 1713] <... futex resumed>) = 0 [pid 1705] <... pwrite64 resumed>) = 176128 [pid 1704] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1705] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1705] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1714] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1713] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1714] <... futex resumed>) = 0 [pid 1713] <... futex resumed>) = 1 [pid 1714] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1713] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1714] <... openat resumed>) = 5 [pid 1714] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1713] <... futex resumed>) = 0 [ 60.243612][ T1719] EXT4-fs (loop3): Ignoring removed nobh option [ 60.254579][ T1719] EXT4-fs (loop3): Ignoring removed bh option [ 60.274426][ T1705] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1714] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1713] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1704] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1704] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1704] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1705] <... futex resumed>) = 0 [pid 1705] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1714] <... pwrite64 resumed>) = 176128 [pid 1713] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1714] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1713] <... futex resumed>) = 0 [pid 1713] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1713] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1714] <... futex resumed>) = 1 [pid 1714] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1724] <... close resumed>) = 0 [pid 1705] <... pwrite64 resumed>) = 176128 [pid 1724] mkdir("./file1", 0777) = 0 [pid 1724] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1726] <... openat resumed>) = 4 [pid 1726] ioctl(4, LOOP_SET_FD, 3 [pid 1714] <... pwrite64 resumed>) = 176128 [pid 1705] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1714] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1704] <... futex resumed>) = 0 [pid 1704] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1704] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1714] <... futex resumed>) = 1 [pid 1705] <... futex resumed>) = 1 [pid 1714] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 60.274689][ T1719] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 60.295926][ T1714] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 60.302796][ T1705] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 60.316888][ T1714] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1705] truncate("./file1", 1) = 0 [pid 1705] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1704] <... futex resumed>) = 0 [pid 1704] exit_group(0) = ? [pid 1705] <... futex resumed>) = ? [pid 1705] +++ exited with 0 +++ [pid 1704] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1704, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 285] restart_syscall(<... resuming interrupted clone ...> [pid 1713] <... futex resumed>) = 0 [pid 1726] <... ioctl resumed>) = 0 [pid 1713] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1726] close(3 [pid 1719] <... mount resumed>) = 0 [pid 1714] <... futex resumed>) = 0 [pid 1713] <... futex resumed>) = 1 [pid 1726] <... close resumed>) = 0 [pid 1714] truncate("./file1", 1 [pid 1713] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1726] close(4 [pid 1719] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 285] <... restart_syscall resumed>) = 0 [pid 285] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1726] <... close resumed>) = 0 [pid 1719] <... openat resumed>) = 3 [pid 1726] mkdir("./file1", 0777) = 0 [pid 1714] <... truncate resumed>) = 0 [pid 1726] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1719] chdir("./file1" [pid 1714] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1719] <... chdir resumed>) = 0 [pid 1713] <... futex resumed>) = 0 [pid 1719] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1713] exit_group(0 [pid 1714] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1713] <... exit_group resumed>) = ? [pid 1719] <... openat resumed>) = 4 [pid 1719] ioctl(4, LOOP_CLR_FD [pid 1714] <... futex resumed>) = ? [pid 1714] +++ exited with 0 +++ [pid 1713] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1713, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 283] restart_syscall(<... resuming interrupted clone ...> [pid 1719] <... ioctl resumed>) = 0 [pid 283] <... restart_syscall resumed>) = 0 [pid 283] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1719] close(4) = 0 [pid 1719] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1718] <... futex resumed>) = 0 [pid 1718] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1718] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1719] openat(AT_FDCWD, "./file1", O_RDWR) = 4 [pid 1719] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1718] <... futex resumed>) = 0 [pid 1718] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1718] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1719] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900) = 87490 [pid 1719] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1718] <... futex resumed>) = 0 [pid 1718] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1718] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1719] <... futex resumed>) = 1 [pid 1719] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1719] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1718] <... futex resumed>) = 0 [pid 1718] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1718] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1719] <... futex resumed>) = 1 [ 60.346473][ T1724] EXT4-fs (loop4): Ignoring removed nobh option [ 60.365702][ T1726] EXT4-fs (loop1): Ignoring removed nobh option [ 60.369638][ T1724] EXT4-fs (loop4): Ignoring removed bh option [ 60.378672][ T1724] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 60.385180][ T1726] EXT4-fs (loop1): Ignoring removed bh option [pid 1719] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1719] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1719] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1718] <... futex resumed>) = 0 [pid 1718] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1718] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1719] <... futex resumed>) = 0 [pid 1719] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 283] <... umount2 resumed>) = 0 [pid 283] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./54/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] close(4) = 0 [pid 283] rmdir("./54/file1") = 0 [pid 283] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] unlink("./54/binderfs") = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] close(3) = 0 [pid 283] rmdir("./54") = 0 [pid 283] mkdir("./55", 0777) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1724] <... mount resumed>) = 0 [pid 1724] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1724] chdir("./file1") = 0 [pid 1724] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1726] <... mount resumed>) = 0 [pid 1726] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1726] chdir("./file1") = 0 [pid 1726] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1719] <... pwrite64 resumed>) = 176128 [pid 1719] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1719] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1718] <... futex resumed>) = 0 [pid 1718] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1718] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1719] <... futex resumed>) = 0 [pid 1719] truncate("./file1", 1) = 0 [pid 1719] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1718] <... futex resumed>) = 0 [pid 1718] exit_group(0) = ? [pid 1719] <... futex resumed>) = ? [pid 1719] +++ exited with 0 +++ [pid 1718] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1718, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 286] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 286] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 60.394684][ T1719] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 60.397543][ T1726] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 60.414023][ T1719] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 286] umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program executing program [pid 1726] <... openat resumed>) = 4 [pid 1724] <... openat resumed>) = 4 [pid 286] <... umount2 resumed>) = 0 [pid 283] <... openat resumed>) = 3 [pid 286] umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./56/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./56/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 1726] ioctl(4, LOOP_CLR_FD [pid 1724] ioctl(4, LOOP_CLR_FD [pid 285] <... umount2 resumed>) = 0 [pid 283] ioctl(3, LOOP_CLR_FD [pid 286] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] close(4) = 0 [pid 286] rmdir("./56/file1") = 0 [pid 286] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./56/binderfs") = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] close(3) = 0 [pid 286] rmdir("./56") = 0 [pid 286] mkdir("./57", 0777) = 0 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 286] ioctl(3, LOOP_CLR_FD) = 0 [pid 286] close(3) = 0 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1735 [pid 1726] <... ioctl resumed>) = 0 [pid 1724] <... ioctl resumed>) = 0 [pid 283] <... ioctl resumed>) = -1 ENXIO (No such device or address) ./strace-static-x86_64: Process 1735 attached [pid 1735] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1735] chdir("./57") = 0 [pid 1735] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1735] setpgid(0, 0) = 0 [pid 1735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1735] write(3, "1000", 4) = 4 [pid 1735] close(3) = 0 [pid 1735] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1735] write(1, "executing program\n", 18) = 18 [pid 1735] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1735] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1735] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1735] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1735] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1735] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1736]}, 88) = 1736 [pid 1735] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1726] close(4 [pid 1724] close(4 [pid 283] close(3 [pid 1726] <... close resumed>) = 0 [pid 1735] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1735] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1736 attached [pid 1736] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1736] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1736] memfd_create("syzkaller", 0) = 3 [pid 1736] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1724] <... close resumed>) = 0 [pid 1726] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] <... close resumed>) = 0 [pid 1726] <... futex resumed>) = 1 [pid 1724] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1722] <... futex resumed>) = 0 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1726] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1722] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1726] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1724] <... futex resumed>) = 1 [pid 1722] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 283] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1737 [pid 1721] <... futex resumed>) = 0 [pid 1726] openat(AT_FDCWD, "./file1", O_RDWR [pid 1724] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1721] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1724] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1721] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1724] openat(AT_FDCWD, "./file1", O_RDWR [pid 1726] <... openat resumed>) = 4 [pid 1736] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1726] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1722] <... futex resumed>) = 0 [pid 1724] <... openat resumed>) = 4 [pid 1726] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1722] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1724] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1722] <... futex resumed>) = 0 [pid 1722] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1724] <... futex resumed>) = 1 [pid 1721] <... futex resumed>) = 0 [pid 1721] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1721] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1736] <... write resumed>) = 524288 ./strace-static-x86_64: Process 1737 attached [pid 1737] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1737] chdir("./55") = 0 [pid 1737] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1737] setpgid(0, 0) = 0 [pid 1736] munmap(0x7f895cf98000, 138412032 [pid 1737] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1736] <... munmap resumed>) = 0 [pid 1726] <... pwrite64 resumed>) = 87490 [pid 1724] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1737] <... openat resumed>) = 3 [pid 1736] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 1737] write(3, "1000", 4 [pid 1736] ioctl(4, LOOP_SET_FD, 3 [pid 1737] <... write resumed>) = 4 [pid 1736] <... ioctl resumed>) = -1 EBUSY (Device or resource busy) [pid 1737] close(3 [pid 1736] ioctl(4, LOOP_CLR_FD [pid 1737] <... close resumed>) = 0 [pid 1736] <... ioctl resumed>) = 0 [pid 1737] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1737] write(1, "executing program\n", 18) = 18 [pid 1737] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1737] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1737] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1737] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1737] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1737] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1736] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 1736] close(4) = 0 [pid 1736] close(3 [pid 1724] <... pwrite64 resumed>) = 87490 [pid 1737] <... rt_sigprocmask resumed>[], 8) = 0 [pid 285] newfstatat(AT_FDCWD, "./54/file1", [pid 1737] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1737] <... clone3 resumed> => {parent_tid=[1738]}, 88) = 1738 [pid 1737] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1737] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1737] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1736] <... close resumed>) = 0 [pid 1736] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1735] <... futex resumed>) = 0 [pid 1735] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1735] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1736] <... futex resumed>) = 1 [pid 1736] openat(AT_FDCWD, "./file1", O_RDWR) = -1 ENOENT (No such file or directory) [pid 1736] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1735] <... futex resumed>) = 0 [pid 1735] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1735] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1736] <... futex resumed>) = 1 [pid 1736] pwrite64(-1, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900) = -1 EBADF (Bad file descriptor) [pid 1736] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1735] <... futex resumed>) = 0 [pid 1735] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1735] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1736] <... futex resumed>) = 1 [pid 1736] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 3 [pid 1736] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1735] <... futex resumed>) = 0 [pid 1735] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1735] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1736] <... futex resumed>) = 1 [pid 1736] pwrite64(3, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 285] umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 285] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] close(4) = 0 [pid 285] rmdir("./54/file1") = 0 [pid 285] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] unlink("./54/binderfs") = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] close(3) = 0 [pid 285] rmdir("./54") = 0 [pid 285] mkdir("./55", 0777) = 0 [pid 1726] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1724] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1726] <... futex resumed>) = 1 [pid 1724] <... futex resumed>) = 1 [pid 1722] <... futex resumed>) = 0 [pid 1726] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1724] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1722] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] <... openat resumed>) = 3 [pid 1722] <... futex resumed>) = 0 [pid 1722] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1721] <... futex resumed>) = 0 [pid 1721] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1721] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1726] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 285] ioctl(3, LOOP_CLR_FD [pid 1724] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1726] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1724] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 285] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1726] <... openat resumed>) = 5 [pid 285] close(3 [pid 1724] <... openat resumed>) = 5 [pid 285] <... close resumed>) = 0 [pid 1726] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1724] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1726] <... futex resumed>) = 1 [pid 1724] <... futex resumed>) = 1 [pid 1722] <... futex resumed>) = 0 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1722] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1721] <... futex resumed>) = 0 [pid 1722] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1721] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1721] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}executing program [pid 1726] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1724] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864./strace-static-x86_64: Process 1739 attached [pid 1739] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1739] chdir("./55") = 0 [pid 1739] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1739] setpgid(0, 0) = 0 [pid 1739] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1739] write(3, "1000", 4) = 4 [pid 1739] close(3) = 0 [pid 1739] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1739] write(1, "executing program\n", 18) = 18 [pid 1739] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1739] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1739] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1739] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1739] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1739] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1739] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1740]}, 88) = 1740 [pid 1739] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1739] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1739] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 285] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1739 [pid 1735] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1735] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 1735] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 1735] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965377000 [pid 1735] mprotect(0x7f8965378000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1735] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1735] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8965397990, parent_tid=0x7f8965397990, exit_signal=0, stack=0x7f8965377000, stack_size=0x20300, tls=0x7f89653976c0} => {parent_tid=[1741]}, 88) = 1741 [pid 1735] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1735] futex(0x7f89654836d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1735] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1721] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1721] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1721] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965377000 [pid 1721] mprotect(0x7f8965378000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1721] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1721] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8965397990, parent_tid=0x7f8965397990, exit_signal=0, stack=0x7f8965377000, stack_size=0x20300, tls=0x7f89653976c0} => {parent_tid=[1742]}, 88) = 1742 [pid 1721] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1721] futex(0x7f89654836d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1721] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1722] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1722] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1722] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965377000 [pid 1722] mprotect(0x7f8965378000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1722] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1722] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8965397990, parent_tid=0x7f8965397990, exit_signal=0, stack=0x7f8965377000, stack_size=0x20300, tls=0x7f89653976c0} => {parent_tid=[1743]}, 88) = 1743 [pid 1722] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1722] futex(0x7f89654836d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1722] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1743 attached [pid 1743] set_robust_list(0x7f89653979a0, 24) = 0 [pid 1743] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1743] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864./strace-static-x86_64: Process 1738 attached ./strace-static-x86_64: Process 1742 attached ./strace-static-x86_64: Process 1741 attached ./strace-static-x86_64: Process 1740 attached [pid 1740] set_robust_list(0x7f89653b89a0, 24 [pid 1738] set_robust_list(0x7f89653b89a0, 24 [pid 1742] set_robust_list(0x7f89653979a0, 24 [pid 1741] set_robust_list(0x7f89653979a0, 24 [pid 1740] <... set_robust_list resumed>) = 0 [pid 1742] <... set_robust_list resumed>) = 0 [pid 1741] <... set_robust_list resumed>) = 0 [pid 1738] <... set_robust_list resumed>) = 0 [pid 1740] rt_sigprocmask(SIG_SETMASK, [], [pid 1738] rt_sigprocmask(SIG_SETMASK, [], [pid 1741] rt_sigprocmask(SIG_SETMASK, [], [pid 1738] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1740] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1741] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1742] rt_sigprocmask(SIG_SETMASK, [], [pid 1738] memfd_create("syzkaller", 0 [pid 1740] memfd_create("syzkaller", 0 [pid 1742] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1741] pwrite64(3, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1742] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1740] <... memfd_create resumed>) = 3 [pid 1738] <... memfd_create resumed>) = 3 [pid 1740] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1738] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1740] <... mmap resumed>) = 0x7f895cf98000 [pid 1738] <... mmap resumed>) = 0x7f895cf98000 [pid 1740] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1738] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1740] <... write resumed>) = 524288 [pid 1740] munmap(0x7f895cf98000, 138412032 [pid 1738] munmap(0x7f895cf98000, 138412032 [pid 1740] <... munmap resumed>) = 0 [pid 1738] <... munmap resumed>) = 0 [pid 1740] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1738] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1740] <... openat resumed>) = 4 [pid 1738] <... openat resumed>) = 4 [pid 1740] ioctl(4, LOOP_SET_FD, 3 [ 60.508848][ T1724] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 60.535185][ T1726] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1738] ioctl(4, LOOP_SET_FD, 3 [pid 1735] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1726] <... pwrite64 resumed>) = 176128 [pid 1724] <... pwrite64 resumed>) = 176128 [pid 1735] futex(0x7f89654836ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965356000 [pid 1735] mprotect(0x7f8965357000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1735] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1735] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8965376990, parent_tid=0x7f8965376990, exit_signal=0, stack=0x7f8965356000, stack_size=0x20300, tls=0x7f89653766c0} => {parent_tid=[1745]}, 88) = 1745 [pid 1735] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1735] futex(0x7f89654836e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1735] futex(0x7f89654836ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1743] <... pwrite64 resumed>) = 176128 [pid 1743] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1743] futex(0x7f89654836d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1721] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1721] futex(0x7f89654836ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1721] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965356000 [pid 1721] mprotect(0x7f8965357000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1721] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1721] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8965376990, parent_tid=0x7f8965376990, exit_signal=0, stack=0x7f8965356000, stack_size=0x20300, tls=0x7f89653766c0} => {parent_tid=[1746]}, 88) = 1746 [pid 1721] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1721] futex(0x7f89654836e8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1721] futex(0x7f89654836ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1726] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1722] <... futex resumed>) = 0 [pid 1722] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1726] <... futex resumed>) = 0 [pid 1724] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1722] <... futex resumed>) = 0 [pid 1722] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1726] truncate("./file1", 1 [pid 1724] <... futex resumed>) = 0 [pid 1724] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1726] <... truncate resumed>) = 0 [pid 1740] <... ioctl resumed>) = 0 [pid 1726] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1740] close(3 [pid 1726] <... futex resumed>) = 1 [pid 1722] <... futex resumed>) = 0 [pid 1722] exit_group(0 [pid 1726] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1745 attached [pid 1740] <... close resumed>) = 0 [pid 1743] <... futex resumed>) = ? [pid 1740] close(4 [pid 1722] <... exit_group resumed>) = ? [pid 1726] <... futex resumed>) = ? ./strace-static-x86_64: Process 1746 attached [pid 1743] +++ exited with 0 +++ [pid 1726] +++ exited with 0 +++ [pid 1722] +++ exited with 0 +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1722, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 1746] set_robust_list(0x7f89653769a0, 24 [pid 1745] set_robust_list(0x7f89653769a0, 24 [pid 1746] <... set_robust_list resumed>) = 0 [pid 1745] <... set_robust_list resumed>) = 0 [pid 284] restart_syscall(<... resuming interrupted clone ...> [pid 1746] rt_sigprocmask(SIG_SETMASK, [], [pid 1745] rt_sigprocmask(SIG_SETMASK, [], [pid 1746] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1745] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1738] <... ioctl resumed>) = 0 [pid 1740] <... close resumed>) = 0 [pid 284] <... restart_syscall resumed>) = 0 [pid 1740] mkdir("./file1", 0777) = 0 [pid 284] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1740] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [ 60.571996][ T1743] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 60.586885][ T1742] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1738] close(3) = 0 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1738] close(4) = 0 [pid 284] <... openat resumed>) = 3 [pid 1738] mkdir("./file1", 0777 [pid 284] newfstatat(3, "", [pid 1738] <... mkdir resumed>) = 0 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1738] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 1735] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1735] futex(0x7f89654836ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 284] umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1746] truncate("./file1", 1 [pid 1745] truncate("./file1", 1 [pid 1746] <... truncate resumed>) = 0 [pid 1742] <... pwrite64 resumed>) = 176128 [pid 1746] futex(0x7f89654836ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 1742] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1746] <... futex resumed>) = 1 [pid 1721] <... futex resumed>) = 0 [pid 1742] <... futex resumed>) = 0 [pid 1721] exit_group(0 [pid 1724] <... futex resumed>) = ? [pid 1721] <... exit_group resumed>) = ? [pid 1724] +++ exited with 0 +++ [pid 1736] <... pwrite64 resumed>) = 16773120 [pid 1736] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1736] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1746] +++ exited with 0 +++ [ 60.617469][ T1740] EXT4-fs (loop2): Ignoring removed nobh option [ 60.623760][ T1740] EXT4-fs (loop2): Ignoring removed bh option [ 60.631859][ T1738] EXT4-fs (loop0): Ignoring removed nobh option [ 60.647621][ T1738] EXT4-fs (loop0): Ignoring removed bh option [ 60.655129][ T1740] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1742] +++ exited with 0 +++ [pid 1721] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1721, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 287] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] <... umount2 resumed>) = 0 [pid 284] umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./56/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1738] <... mount resumed>) = 0 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1738] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1738] chdir("./file1") = 0 [pid 1738] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1738] ioctl(4, LOOP_CLR_FD) = 0 [pid 1738] close(4) = 0 [pid 1738] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1737] <... futex resumed>) = 0 [pid 1737] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1737] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1738] openat(AT_FDCWD, "./file1", O_RDWR) = 4 [pid 1738] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1737] <... futex resumed>) = 0 [pid 1737] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1737] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1738] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 284] openat(AT_FDCWD, "./56/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 284] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] getdents64(4, [pid 1738] <... pwrite64 resumed>) = 87490 [pid 1738] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1737] <... futex resumed>) = 0 [pid 1737] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1737] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1738] <... futex resumed>) = 1 [pid 1738] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1738] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 1737] <... futex resumed>) = 0 [pid 1737] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1737] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1738] <... futex resumed>) = 1 [pid 1738] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 284] close(4) = 0 [pid 284] rmdir("./56/file1") = 0 [pid 284] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] unlink("./56/binderfs") = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] close(3) = 0 [pid 284] rmdir("./56") = 0 [pid 284] mkdir("./57", 0777) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1740] <... mount resumed>) = 0 [pid 1741] <... pwrite64 resumed>) = 16773120 [pid 1740] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1741] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1738] <... pwrite64 resumed>) = 176128 [pid 1740] <... openat resumed>) = 3 [pid 1738] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1737] <... futex resumed>) = 0 [pid 1737] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1737] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1738] <... futex resumed>) = 1 [pid 1738] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1740] chdir("./file1" [pid 1741] <... futex resumed>) = 0 [ 60.667620][ T1738] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 60.708251][ T1738] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1741] futex(0x7f89654836d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1740] <... chdir resumed>) = 0 [pid 1740] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1738] <... pwrite64 resumed>) = 176128 [pid 1738] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1737] <... futex resumed>) = 0 [pid 1737] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1737] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1738] truncate("./file1", 1) = 0 [pid 1738] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1737] <... futex resumed>) = 0 [pid 1737] exit_group(0) = ? [pid 1740] <... openat resumed>) = 4 [pid 287] <... umount2 resumed>) = 0 [pid 284] <... openat resumed>) = 3 [pid 1740] ioctl(4, LOOP_CLR_FD [pid 284] ioctl(3, LOOP_CLR_FD [pid 1740] <... ioctl resumed>) = 0 [pid 284] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1740] close(4 [pid 284] close(3 [pid 1740] <... close resumed>) = 0 [pid 284] <... close resumed>) = 0 [pid 1740] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1740] <... futex resumed>) = 1 [pid 1739] <... futex resumed>) = 0 [pid 1740] openat(AT_FDCWD, "./file1", O_RDWR [pid 1739] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1752 [pid 1740] <... openat resumed>) = 4 [pid 1739] <... futex resumed>) = 0 [pid 287] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 1752 attached [pid 1740] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1739] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1752] set_robust_list(0x55557fe8a6a0, 24 [pid 1745] <... truncate resumed>) = 0 [pid 1752] <... set_robust_list resumed>) = 0 [pid 1745] futex(0x7f89654836ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 1752] chdir("./57" [pid 1745] <... futex resumed>) = 0 [pid 1740] <... futex resumed>) = 0 [pid 1739] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1738] +++ exited with 0 +++ [pid 1737] +++ exited with 0 +++ [pid 287] newfstatat(AT_FDCWD, "./55/file1", [pid 1735] exit_group(0 [pid 1741] <... futex resumed>) = ? [pid 1740] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1739] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1736] <... futex resumed>) = ? [pid 1735] <... exit_group resumed>) = ? [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1752] <... chdir resumed>) = 0 [pid 1741] +++ exited with 0 +++ [pid 1739] <... futex resumed>) = 0 [pid 1736] +++ exited with 0 +++ [pid 1752] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1752] setpgid(0, 0) = 0 [pid 1752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1740] <... pwrite64 resumed>) = 87490 [pid 1739] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1737, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 1752] <... openat resumed>) = 3 [pid 1752] write(3, "1000", 4) = 4 [pid 1752] close(3) = 0 [pid 1752] symlink("/dev/binderfs", "./binderfs" [pid 283] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1752] <... symlink resumed>) = 0 [pid 283] <... openat resumed>) = 3 [pid 287] <... openat resumed>) = 4 [pid 283] newfstatat(3, "", [pid 1752] write(1, "executing program\n", 18 [pid 287] newfstatat(4, "", [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 executing program [pid 1752] <... write resumed>) = 18 [pid 283] getdents64(3, [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1752] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 283] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 287] getdents64(4, [pid 283] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1752] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1752] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1752] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1752] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1752] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1753]}, 88) = 1753 [pid 287] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 1752] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1752] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1752] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1745] +++ exited with 0 +++ [pid 1735] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1735, si_uid=0, si_status=0, si_utime=0, si_stime=25} --- [pid 286] restart_syscall(<... resuming interrupted clone ...> [pid 1740] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1740] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1753 attached [pid 1753] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1753] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1739] <... futex resumed>) = 0 [pid 1739] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1740] <... futex resumed>) = 0 [pid 1740] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1739] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1740] <... openat resumed>) = 5 [pid 1753] memfd_create("syzkaller", 0 [pid 1740] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] getdents64(4, [pid 1740] <... futex resumed>) = 1 [pid 1739] <... futex resumed>) = 0 [ 60.724265][ T1738] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1740] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1739] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 1740] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1739] <... futex resumed>) = 0 [pid 287] close(4 [pid 1740] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1739] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... close resumed>) = 0 [pid 1753] <... memfd_create resumed>) = 3 [pid 1753] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 286] <... restart_syscall resumed>) = 0 [pid 286] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 286] umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./57/file1", {st_mode=S_IFREG|000, st_size=1, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./57/file1") = 0 [pid 286] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./57/binderfs") = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] close(3) = 0 [pid 286] rmdir("./57") = 0 [pid 286] mkdir("./58", 0777) = 0 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 286] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 286] close(3) = 0 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1754 [pid 1753] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1753] munmap(0x7f895cf98000, 138412032) = 0 [pid 1753] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1753] ioctl(4, LOOP_SET_FD, 3 [pid 287] rmdir("./55/file1") = 0 [pid 287] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./55/binderfs") = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./55") = 0 [pid 287] mkdir("./56", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 1754 attached [pid 1754] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1753] <... ioctl resumed>) = 0 [pid 1740] <... pwrite64 resumed>) = 176128 [pid 1753] close(3) = 0 [pid 1753] close(4 [pid 287] <... openat resumed>) = 3 [pid 1740] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] ioctl(3, LOOP_CLR_FD [pid 1754] chdir("./58" [pid 1740] <... futex resumed>) = 1 [pid 1740] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1739] <... futex resumed>) = 0 [pid 1754] <... chdir resumed>) = 0 [pid 1754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1754] setpgid(0, 0 [pid 1739] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1754] <... setpgid resumed>) = 0 [pid 1740] <... futex resumed>) = 0 [pid 1739] <... futex resumed>) = 1 [pid 1739] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1740] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1754] <... openat resumed>) = 3 [pid 1754] write(3, "1000", 4) = 4 [pid 1754] close(3) = 0 [pid 1754] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1754] write(1, "executing program\n", 18executing program ) = 18 [pid 1754] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1754] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1754] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1754] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1754] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1754] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1756]}, 88) = 1756 [pid 1754] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1754] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1754] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1756 attached [pid 1756] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1756] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1756] memfd_create("syzkaller", 0) = 3 [pid 1756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1740] <... pwrite64 resumed>) = 176128 [pid 1740] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1739] <... futex resumed>) = 0 [pid 1740] truncate("./file1", 1 [pid 1739] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1739] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1756] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1740] <... truncate resumed>) = 0 [pid 1740] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1739] <... futex resumed>) = 0 [pid 1739] exit_group(0) = ? [pid 1756] <... write resumed>) = 524288 [pid 1756] munmap(0x7f895cf98000, 138412032 [pid 1740] +++ exited with 0 +++ [pid 1739] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1739, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 1756] <... munmap resumed>) = 0 [pid 285] restart_syscall(<... resuming interrupted clone ...> [pid 1756] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1753] <... close resumed>) = 0 [pid 1753] mkdir("./file1", 0777) = 0 [pid 1753] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 285] <... restart_syscall resumed>) = 0 [pid 285] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 60.781236][ T1740] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 60.798385][ T1740] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 285] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1756] <... openat resumed>) = 4 [pid 1756] ioctl(4, LOOP_SET_FD, 3 [pid 287] close(3 [pid 1756] <... ioctl resumed>) = 0 [pid 1756] close(3) = 0 [pid 1756] close(4 [pid 287] <... close resumed>) = 0 [pid 283] <... umount2 resumed>) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 283] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1758 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./55/file1", ./strace-static-x86_64: Process 1758 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1758] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 283] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 1758] chdir("./56" [pid 283] openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 1758] <... chdir resumed>) = 0 [pid 283] newfstatat(4, "", [pid 1758] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, [pid 1758] <... prctl resumed>) = 0 [pid 1758] setpgid(0, 0 [pid 283] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, [pid 1758] <... setpgid resumed>) = 0 [pid 283] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] close(4) = 0 [pid 283] rmdir("./55/file1" [pid 1758] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 283] <... rmdir resumed>) = 0 [pid 1758] write(3, "1000", 4 [pid 283] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1758] <... write resumed>) = 4 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1758] close(3 [pid 283] newfstatat(AT_FDCWD, "./55/binderfs", [pid 1758] <... close resumed>) = 0 [pid 283] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1758] symlink("/dev/binderfs", "./binderfs" [pid 283] unlink("./55/binderfs") = 0 [pid 283] getdents64(3, [pid 1758] <... symlink resumed>) = 0 [pid 283] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] close(3) = 0 [pid 283] rmdir("./55" [pid 1758] write(1, "executing program\n", 18executing program ) = 18 [pid 283] <... rmdir resumed>) = 0 [pid 283] mkdir("./56", 0777 [pid 1758] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 283] <... mkdir resumed>) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1758] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1758] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1758] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1758] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1758] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1758] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0}./strace-static-x86_64: Process 1759 attached => {parent_tid=[1759]}, 88) = 1759 [pid 1758] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1758] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1758] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1759] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1759] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1759] memfd_create("syzkaller", 0) = 3 [pid 1759] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1759] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1759] munmap(0x7f895cf98000, 138412032) = 0 [pid 1759] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1756] <... close resumed>) = 0 [pid 1756] mkdir("./file1", 0777) = 0 [pid 285] <... umount2 resumed>) = 0 [pid 1756] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 285] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./55/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] umount2("./55/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./55/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 285] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] close(4) = 0 [pid 285] rmdir("./55/file1") = 0 [pid 285] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] unlink("./55/binderfs") = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] close(3) = 0 [pid 285] rmdir("./55") = 0 [pid 285] mkdir("./56", 0777) = 0 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1759] <... openat resumed>) = 4 [pid 285] <... openat resumed>) = 3 [pid 283] <... openat resumed>) = 3 [pid 1759] ioctl(4, LOOP_SET_FD, 3 [pid 285] ioctl(3, LOOP_CLR_FD [pid 283] ioctl(3, LOOP_CLR_FD [pid 1759] <... ioctl resumed>) = 0 [pid 285] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 285] close(3 [pid 283] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1759] close(3 [pid 285] <... close resumed>) = 0 [pid 283] close(3 [pid 1759] <... close resumed>) = 0 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 283] <... close resumed>) = 0 [pid 1759] close(4 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1762 [pid 285] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1761 ./strace-static-x86_64: Process 1761 attached [pid 1761] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1761] chdir("./56") = 0 [pid 1761] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1761] setpgid(0, 0) = 0 [pid 1761] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1761] write(3, "1000", 4) = 4 [pid 1761] close(3) = 0 [pid 1761] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1761] write(1, "executing program\n", 18./strace-static-x86_64: Process 1762 attached executing program [pid 1762] set_robust_list(0x55557fe8a6a0, 24 [pid 1761] <... write resumed>) = 18 [pid 1762] <... set_robust_list resumed>) = 0 [ 61.027944][ T1756] EXT4-fs (loop3): Ignoring removed nobh option [ 61.035961][ T1753] EXT4-fs (loop1): Ignoring removed nobh option [ 61.036243][ T1756] EXT4-fs (loop3): Ignoring removed bh option [ 61.042221][ T1753] EXT4-fs (loop1): Ignoring removed bh option [ 61.048582][ T1756] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 61.058521][ T1753] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1762] chdir("./56" [pid 1761] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1761] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1761] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1761] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1761] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1761] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1761] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1763]}, 88) = 1763 [pid 1762] <... chdir resumed>) = 0 [pid 1761] rt_sigprocmask(SIG_SETMASK, [], [pid 1762] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1761] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1762] <... prctl resumed>) = 0 [pid 1761] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1762] setpgid(0, 0 [pid 1761] <... futex resumed>) = 0 [pid 1762] <... setpgid resumed>) = 0 [pid 1761] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1763 attached [pid 1763] set_robust_list(0x7f89653b89a0, 24 [pid 1762] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1763] <... set_robust_list resumed>) = 0 [pid 1763] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1762] <... openat resumed>) = 3 [pid 1762] write(3, "1000", 4) = 4 [pid 1762] close(3 [pid 1763] memfd_create("syzkaller", 0 [pid 1762] <... close resumed>) = 0 executing program [pid 1762] symlink("/dev/binderfs", "./binderfs" [pid 1763] <... memfd_create resumed>) = 3 [pid 1763] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1762] <... symlink resumed>) = 0 [pid 1762] write(1, "executing program\n", 18) = 18 [pid 1762] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1762] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1762] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1762] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1762] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1762] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1762] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1764]}, 88) = 1764 ./strace-static-x86_64: Process 1764 attached [pid 1762] rt_sigprocmask(SIG_SETMASK, [], [pid 1764] set_robust_list(0x7f89653b89a0, 24 [pid 1762] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1764] <... set_robust_list resumed>) = 0 [pid 1762] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1764] rt_sigprocmask(SIG_SETMASK, [], [pid 1762] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1764] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1764] memfd_create("syzkaller", 0) = 3 [pid 1764] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1763] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1764] <... mmap resumed>) = 0x7f895cf98000 [pid 1763] <... write resumed>) = 524288 [pid 1763] munmap(0x7f895cf98000, 138412032) = 0 [pid 1763] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1764] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1756] <... mount resumed>) = 0 [pid 1753] <... mount resumed>) = 0 [pid 1756] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1753] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1756] <... openat resumed>) = 3 [pid 1753] <... openat resumed>) = 3 [pid 1756] chdir("./file1" [pid 1753] chdir("./file1" [pid 1756] <... chdir resumed>) = 0 [pid 1753] <... chdir resumed>) = 0 [pid 1756] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1753] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1764] <... write resumed>) = 524288 [pid 1764] munmap(0x7f895cf98000, 138412032) = 0 [pid 1764] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1759] <... close resumed>) = 0 [pid 1763] <... openat resumed>) = 4 [pid 1756] <... openat resumed>) = 4 [pid 1753] <... openat resumed>) = 4 [pid 1763] ioctl(4, LOOP_SET_FD, 3 [pid 1756] ioctl(4, LOOP_CLR_FD [pid 1753] ioctl(4, LOOP_CLR_FD [pid 1756] <... ioctl resumed>) = 0 [pid 1753] <... ioctl resumed>) = 0 [pid 1756] close(4 [pid 1753] close(4 [pid 1759] mkdir("./file1", 0777) = 0 [pid 1759] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1763] <... ioctl resumed>) = 0 [pid 1764] <... openat resumed>) = 4 [pid 1756] <... close resumed>) = 0 [pid 1753] <... close resumed>) = 0 [pid 1764] ioctl(4, LOOP_SET_FD, 3 [pid 1756] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1753] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1763] close(3) = 0 [pid 1756] <... futex resumed>) = 1 [pid 1754] <... futex resumed>) = 0 [pid 1753] <... futex resumed>) = 1 [pid 1752] <... futex resumed>) = 0 [pid 1756] openat(AT_FDCWD, "./file1", O_RDWR [pid 1754] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1752] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1764] <... ioctl resumed>) = 0 [pid 1754] <... futex resumed>) = 0 [pid 1752] <... futex resumed>) = 0 [pid 1754] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1752] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1764] close(3 [pid 1763] close(4 [pid 1756] <... openat resumed>) = 4 [pid 1753] openat(AT_FDCWD, "./file1", O_RDWR [pid 1764] <... close resumed>) = 0 [pid 1764] close(4 [pid 1763] <... close resumed>) = 0 [pid 1756] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1753] <... openat resumed>) = 4 [pid 1763] mkdir("./file1", 0777 [pid 1756] <... futex resumed>) = 1 [pid 1754] <... futex resumed>) = 0 [pid 1753] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1763] <... mkdir resumed>) = 0 [pid 1754] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1756] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1753] <... futex resumed>) = 1 [pid 1752] <... futex resumed>) = 0 [pid 1763] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1756] <... pwrite64 resumed>) = 87490 [pid 1754] <... futex resumed>) = 0 [pid 1753] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1752] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1754] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1752] <... futex resumed>) = 0 [pid 1752] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1753] <... pwrite64 resumed>) = 87490 [pid 1753] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1752] <... futex resumed>) = 0 [pid 1752] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1752] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1753] <... futex resumed>) = 1 [pid 1753] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1753] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1752] <... futex resumed>) = 0 [pid 1752] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1752] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1753] <... futex resumed>) = 1 [pid 1753] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1756] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1754] <... futex resumed>) = 0 [pid 1754] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1754] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1756] <... futex resumed>) = 1 [pid 1756] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1756] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1754] <... futex resumed>) = 0 [pid 1754] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1754] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1756] <... futex resumed>) = 1 [pid 1756] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1753] <... pwrite64 resumed>) = 176128 [pid 1753] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 61.102670][ T1759] EXT4-fs (loop4): Ignoring removed nobh option [ 61.110351][ T1759] EXT4-fs (loop4): Ignoring removed bh option [ 61.117653][ T1759] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 61.136437][ T1753] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1753] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1759] <... mount resumed>) = 0 [pid 1759] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1759] chdir("./file1") = 0 [pid 1759] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1752] <... futex resumed>) = 0 [pid 1752] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1753] <... futex resumed>) = 0 [pid 1752] <... futex resumed>) = 1 [pid 1753] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1752] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1764] <... close resumed>) = 0 [pid 1759] <... openat resumed>) = 4 [pid 1759] ioctl(4, LOOP_CLR_FD) = 0 [pid 1759] close(4) = 0 [pid 1759] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1759] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1753] <... pwrite64 resumed>) = 176128 [pid 1758] <... futex resumed>) = 0 [pid 1754] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1764] mkdir("./file1", 0777 [pid 1758] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1754] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1753] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1752] <... futex resumed>) = 0 [pid 1764] <... mkdir resumed>) = 0 [pid 1759] <... futex resumed>) = 0 [pid 1758] <... futex resumed>) = 1 [pid 1754] <... futex resumed>) = 0 [pid 1764] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1759] openat(AT_FDCWD, "./file1", O_RDWR [pid 1758] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1752] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1752] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1753] <... futex resumed>) = 1 [pid 1753] truncate("./file1", 1) = 0 [pid 1753] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1752] <... futex resumed>) = 0 [pid 1752] exit_group(0) = ? [pid 1753] <... futex resumed>) = ? [pid 1753] +++ exited with 0 +++ [pid 1752] +++ exited with 0 +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1752, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 284] restart_syscall(<... resuming interrupted clone ...> [pid 1759] <... openat resumed>) = 4 [pid 1754] <... mmap resumed>) = 0x7f8965377000 [pid 1754] mprotect(0x7f8965378000, 131072, PROT_READ|PROT_WRITE [pid 1759] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1756] <... pwrite64 resumed>) = 176128 [pid 1754] <... mprotect resumed>) = 0 [pid 1754] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1754] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8965397990, parent_tid=0x7f8965397990, exit_signal=0, stack=0x7f8965377000, stack_size=0x20300, tls=0x7f89653976c0} => {parent_tid=[1773]}, 88) = 1773 [pid 1754] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1754] futex(0x7f89654836d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... restart_syscall resumed>) = 0 [pid 1754] <... futex resumed>) = 0 [pid 1754] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1759] <... futex resumed>) = 1 [pid 1758] <... futex resumed>) = 0 [pid 1759] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1758] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1759] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1758] <... futex resumed>) = 0 [pid 1759] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1758] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1773 attached [pid 1759] <... pwrite64 resumed>) = 87490 [pid 1756] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1759] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1758] <... futex resumed>) = 0 [pid 1758] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1758] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1759] <... futex resumed>) = 1 [pid 1759] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1759] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1758] <... futex resumed>) = 0 [pid 1758] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1758] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1759] <... futex resumed>) = 1 [ 61.137147][ T1756] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 61.156431][ T1753] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 61.182847][ T1763] EXT4-fs (loop2): Ignoring removed nobh option [ 61.189424][ T1763] EXT4-fs (loop2): Ignoring removed bh option [pid 1759] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1773] set_robust_list(0x7f89653979a0, 24 [pid 1756] <... futex resumed>) = 0 [pid 1773] <... set_robust_list resumed>) = 0 [pid 1756] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1773] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1773] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1759] <... pwrite64 resumed>) = 176128 [pid 1759] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1758] <... futex resumed>) = 0 [pid 1758] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1758] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1759] <... futex resumed>) = 1 [pid 1759] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 284] <... umount2 resumed>) = 0 [ 61.195716][ T1763] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 61.203658][ T1759] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 61.222700][ T1773] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 61.225598][ T1759] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1773] <... pwrite64 resumed>) = 176128 [pid 1754] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 284] umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1773] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1773] futex(0x7f89654836d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1763] <... mount resumed>) = 0 [pid 1763] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1763] chdir("./file1") = 0 [pid 1763] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1759] <... pwrite64 resumed>) = 176128 [pid 1754] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1759] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1759] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1758] <... futex resumed>) = 0 [pid 1754] <... futex resumed>) = 1 [pid 284] newfstatat(AT_FDCWD, "./57/file1", [pid 1758] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1758] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1754] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./57/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 284] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] close(4) = 0 [pid 284] rmdir("./57/file1") = 0 [pid 284] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] unlink("./57/binderfs") = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 1759] <... futex resumed>) = 0 [pid 1756] <... futex resumed>) = 0 [pid 284] close(3 [pid 1759] truncate("./file1", 1 [pid 1756] truncate("./file1", 1 [pid 284] <... close resumed>) = 0 [pid 1756] <... truncate resumed>) = 0 [pid 284] rmdir("./57") = 0 [pid 284] mkdir("./58", 0777) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1756] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1754] <... futex resumed>) = 0 [pid 1754] exit_group(0 [pid 1773] <... futex resumed>) = ? [pid 1754] <... exit_group resumed>) = ? [pid 1773] +++ exited with 0 +++ [pid 1756] <... futex resumed>) = ? [pid 1756] +++ exited with 0 +++ [pid 1754] +++ exited with 0 +++ [pid 1759] <... truncate resumed>) = 0 [pid 1759] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1758] <... futex resumed>) = 0 [pid 1758] exit_group(0) = ? [pid 1759] <... futex resumed>) = ? [pid 1759] +++ exited with 0 +++ [pid 1758] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1758, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 287] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1754, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 286] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 286] umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1764] <... mount resumed>) = 0 [pid 1764] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1764] chdir("./file1") = 0 [pid 1764] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 284] <... openat resumed>) = 3 [pid 284] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 284] close(3) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1778 [pid 1764] <... openat resumed>) = 4 [pid 1764] ioctl(4, LOOP_CLR_FD./strace-static-x86_64: Process 1778 attached [pid 1778] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1778] chdir("./58") = 0 [pid 1778] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1778] setpgid(0, 0) = 0 [pid 1778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1778] write(3, "1000", 4) = 4 [pid 1778] close(3) = 0 [pid 1778] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1778] write(1, "executing program\n", 18executing program ) = 18 [pid 1778] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1778] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1778] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1778] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1778] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1778] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1778] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1779]}, 88) = 1779 ./strace-static-x86_64: Process 1779 attached [pid 1779] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1779] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1779] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1778] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1778] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1779] <... futex resumed>) = 0 [pid 1779] memfd_create("syzkaller", 0) = 3 [pid 1778] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1779] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1779] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1779] munmap(0x7f895cf98000, 138412032) = 0 [ 61.255219][ T1764] EXT4-fs (loop0): Ignoring removed nobh option [ 61.261722][ T1764] EXT4-fs (loop0): Ignoring removed bh option [ 61.268049][ T1764] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1779] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1764] <... ioctl resumed>) = 0 [pid 1763] <... openat resumed>) = 4 [pid 287] <... umount2 resumed>) = 0 [pid 1763] ioctl(4, LOOP_CLR_FD) = 0 [pid 287] umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] <... umount2 resumed>) = 0 [pid 1764] close(4 [pid 1763] close(4) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1763] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1761] <... futex resumed>) = 0 [pid 287] newfstatat(AT_FDCWD, "./56/file1", [pid 1763] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1761] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1763] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1761] <... futex resumed>) = 0 [pid 1764] <... close resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1763] openat(AT_FDCWD, "./file1", O_RDWR [pid 1761] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1779] <... openat resumed>) = 4 [pid 1764] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1764] <... futex resumed>) = 1 [pid 1762] <... futex resumed>) = 0 [pid 286] newfstatat(AT_FDCWD, "./58/file1", [pid 1764] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1762] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1764] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1762] <... futex resumed>) = 0 [pid 286] umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1764] openat(AT_FDCWD, "./file1", O_RDWR [pid 1762] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./58/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1764] <... openat resumed>) = 4 [pid 1764] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1763] <... openat resumed>) = 4 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] <... openat resumed>) = 4 [pid 1764] <... futex resumed>) = 1 [pid 1762] <... futex resumed>) = 0 [pid 286] newfstatat(4, "", [pid 1764] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1762] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1764] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1762] <... futex resumed>) = 0 [pid 286] getdents64(4, [pid 1764] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1762] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 1779] ioctl(4, LOOP_SET_FD, 3 [pid 1764] <... pwrite64 resumed>) = 87490 [pid 1763] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] openat(AT_FDCWD, "./56/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 286] getdents64(4, [pid 1764] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1763] <... futex resumed>) = 1 [pid 1761] <... futex resumed>) = 0 [pid 287] <... openat resumed>) = 4 [pid 286] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 1764] <... futex resumed>) = 1 [pid 1763] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1762] <... futex resumed>) = 0 [pid 1761] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] newfstatat(4, "", [pid 286] close(4 [pid 1764] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1763] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1762] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1761] <... futex resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] <... close resumed>) = 0 [pid 1779] <... ioctl resumed>) = 0 [pid 1764] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1763] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1762] <... futex resumed>) = 0 [pid 1761] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] getdents64(4, [pid 286] rmdir("./58/file1" [pid 1764] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1762] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] <... rmdir resumed>) = 0 [pid 1764] <... openat resumed>) = 5 [pid 286] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1764] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1764] <... futex resumed>) = 1 [pid 1762] <... futex resumed>) = 0 [pid 286] newfstatat(AT_FDCWD, "./58/binderfs", [pid 1764] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1762] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1764] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1762] <... futex resumed>) = 0 [pid 286] unlink("./58/binderfs" [pid 1764] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1762] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] <... unlink resumed>) = 0 [pid 1763] <... pwrite64 resumed>) = 87490 [pid 287] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 286] getdents64(3, [pid 1763] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] getdents64(4, [pid 1763] <... futex resumed>) = 1 [pid 1761] <... futex resumed>) = 0 [pid 287] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 1763] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1761] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] close(4 [pid 1763] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1761] <... futex resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 1763] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1761] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] rmdir("./56/file1" [pid 1763] <... openat resumed>) = 5 [pid 287] <... rmdir resumed>) = 0 [pid 1763] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1763] <... futex resumed>) = 1 [pid 1761] <... futex resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 1763] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1761] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] newfstatat(AT_FDCWD, "./56/binderfs", [pid 1779] close(3 [pid 1763] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1761] <... futex resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] close(3 [pid 1763] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1761] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] unlink("./56/binderfs" [pid 1779] <... close resumed>) = 0 [pid 286] <... close resumed>) = 0 [pid 1779] close(4 [pid 286] rmdir("./58" [pid 1779] <... close resumed>) = 0 [pid 286] <... rmdir resumed>) = 0 [pid 1779] mkdir("./file1", 0777 [pid 286] mkdir("./59", 0777 [pid 1779] <... mkdir resumed>) = 0 [pid 286] <... mkdir resumed>) = 0 [pid 1779] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1763] <... pwrite64 resumed>) = 176128 [pid 287] <... unlink resumed>) = 0 [pid 1763] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] getdents64(3, [pid 286] <... openat resumed>) = 3 [pid 1763] <... futex resumed>) = 1 [pid 1761] <... futex resumed>) = 0 [pid 287] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 1763] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1761] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] close(3 [pid 1764] <... pwrite64 resumed>) = 176128 [pid 1761] <... futex resumed>) = 0 [pid 286] ioctl(3, LOOP_CLR_FD [pid 1764] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1764] <... futex resumed>) = 1 [pid 1762] <... futex resumed>) = 0 [pid 286] close(3 [pid 1764] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1762] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1761] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... close resumed>) = 0 [pid 286] <... close resumed>) = 0 [pid 1764] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1762] <... futex resumed>) = 0 [pid 287] rmdir("./56" [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1764] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [ 61.391277][ T1764] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 61.391666][ T1763] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 61.421866][ T1763] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata executing program [pid 1762] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 1781 attached [pid 1763] <... pwrite64 resumed>) = 176128 [pid 1781] set_robust_list(0x55557fe8a6a0, 24 [pid 1763] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1781] <... set_robust_list resumed>) = 0 [pid 1763] <... futex resumed>) = 1 [pid 1781] chdir("./59" [pid 1763] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1781] <... chdir resumed>) = 0 [pid 1781] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1781] setpgid(0, 0) = 0 [pid 1781] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1781] write(3, "1000", 4) = 4 [pid 1781] close(3) = 0 [pid 1781] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1781] write(1, "executing program\n", 18) = 18 [pid 1781] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1781] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1781] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1781] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1781] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1781] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1781] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1782]}, 88) = 1782 [pid 1781] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1781] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1781] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1782 attached [pid 1782] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1782] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1782] memfd_create("syzkaller", 0) = 3 [pid 1782] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1782] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1782] munmap(0x7f895cf98000, 138412032) = 0 [pid 1782] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 1782] ioctl(4, LOOP_SET_FD, 3 [pid 1761] <... futex resumed>) = 0 [pid 287] mkdir("./57", 0777 [pid 286] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1781 [pid 1761] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... mkdir resumed>) = 0 [pid 1763] <... futex resumed>) = 0 [pid 1761] <... futex resumed>) = 1 [pid 1763] truncate("./file1", 1 [pid 1761] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1763] <... truncate resumed>) = 0 [pid 1763] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1761] <... futex resumed>) = 0 [pid 1761] exit_group(0) = ? [pid 1763] <... futex resumed>) = ? [pid 1782] <... ioctl resumed>) = 0 [pid 1763] +++ exited with 0 +++ [pid 1761] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1761, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 285] restart_syscall(<... resuming interrupted clone ...> [pid 1764] <... pwrite64 resumed>) = 176128 [pid 1764] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1762] <... futex resumed>) = 0 [pid 1762] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1762] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1764] <... futex resumed>) = 1 [pid 1764] truncate("./file1", 1 [pid 287] <... openat resumed>) = 3 [pid 1782] close(3 [pid 287] ioctl(3, LOOP_CLR_FD [pid 1782] <... close resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1764] <... truncate resumed>) = 0 [pid 285] <... restart_syscall resumed>) = 0 [pid 285] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1764] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1762] <... futex resumed>) = 0 [pid 1762] exit_group(0) = ? [pid 1764] <... futex resumed>) = ? [pid 1764] +++ exited with 0 +++ [pid 1762] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1762, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 283] restart_syscall(<... resuming interrupted clone ...> [pid 1782] close(4 [pid 287] close(3 [pid 283] <... restart_syscall resumed>) = 0 [pid 283] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1779] <... mount resumed>) = 0 [pid 1779] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1779] chdir("./file1") = 0 [pid 1779] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1782] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1782] mkdir("./file1", 0777./strace-static-x86_64: Process 1786 attached ) = 0 [pid 1782] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 287] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1786 [pid 1786] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1786] chdir("./57") = 0 [pid 1786] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1786] setpgid(0, 0) = 0 [pid 1786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1786] write(3, "1000", 4) = 4 [pid 1786] close(3) = 0 [pid 1786] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1786] write(1, "executing program\n", 18) = 18 [pid 1786] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1786] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1786] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1786] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1786] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1786] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1786] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1787]}, 88) = 1787 [pid 1786] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1786] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1786] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1787 attached [pid 1787] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1787] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1787] memfd_create("syzkaller", 0) = 3 [pid 1787] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1787] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1787] munmap(0x7f895cf98000, 138412032) = 0 [ 61.432731][ T1764] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 61.445383][ T1779] EXT4-fs (loop1): Ignoring removed nobh option [ 61.461154][ T1779] EXT4-fs (loop1): Ignoring removed bh option [ 61.467509][ T1779] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1787] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1779] <... openat resumed>) = 4 [pid 1779] ioctl(4, LOOP_CLR_FD) = 0 [pid 1779] close(4) = 0 [pid 1779] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1778] <... futex resumed>) = 0 [pid 1779] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1778] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1779] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1778] <... futex resumed>) = 0 [pid 1779] openat(AT_FDCWD, "./file1", O_RDWR [pid 1778] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1787] <... openat resumed>) = 4 [pid 285] <... umount2 resumed>) = 0 [pid 285] umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./56/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./56/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 285] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] close(4) = 0 [pid 285] rmdir("./56/file1") = 0 [pid 285] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] unlink("./56/binderfs") = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] close(3) = 0 [pid 285] rmdir("./56") = 0 [pid 285] mkdir("./57", 0777) = 0 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 285] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 285] close(3) = 0 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1788 [pid 1787] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 1788 attached [pid 1788] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1779] <... openat resumed>) = 4 [pid 1788] chdir("./57") = 0 [pid 1788] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1788] setpgid(0, 0) = 0 [pid 1788] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1788] write(3, "1000", 4) = 4 [pid 1788] close(3) = 0 executing program [pid 1788] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1788] write(1, "executing program\n", 18) = 18 [pid 1788] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1788] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1788] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1788] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1788] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1788] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1788] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1790]}, 88) = 1790 [pid 1788] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1788] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1788] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1790 attached [pid 1790] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1790] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1790] memfd_create("syzkaller", 0) = 3 [pid 1790] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1779] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1787] <... ioctl resumed>) = 0 [pid 283] <... umount2 resumed>) = 0 [pid 1787] close(3) = 0 [pid 1787] close(4 [pid 283] umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./56/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] umount2("./56/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./56/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] close(4) = 0 [pid 283] rmdir("./56/file1") = 0 [pid 1779] <... futex resumed>) = 1 [pid 1778] <... futex resumed>) = 0 [pid 1779] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1778] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1790] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1778] <... futex resumed>) = 0 [pid 283] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1778] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1779] <... pwrite64 resumed>) = 87490 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] unlink("./56/binderfs" [pid 1779] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1778] <... futex resumed>) = 0 [pid 283] <... unlink resumed>) = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] close(3) = 0 [pid 1778] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 283] rmdir("./56" [pid 1778] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1779] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 283] <... rmdir resumed>) = 0 [pid 283] mkdir("./57", 0777 [pid 1779] <... openat resumed>) = 5 [pid 283] <... mkdir resumed>) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1779] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1778] <... futex resumed>) = 0 [pid 1779] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1778] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1790] <... write resumed>) = 524288 [pid 1778] <... futex resumed>) = 0 [pid 1790] munmap(0x7f895cf98000, 138412032 [pid 1778] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1790] <... munmap resumed>) = 0 [ 61.616848][ T1782] EXT4-fs (loop3): Ignoring removed nobh option [ 61.623884][ T1782] EXT4-fs (loop3): Ignoring removed bh option [ 61.630755][ T1782] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1790] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1787] <... close resumed>) = 0 [pid 1779] <... pwrite64 resumed>) = 176128 [pid 1779] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1779] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1787] mkdir("./file1", 0777) = 0 [pid 1787] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1778] <... futex resumed>) = 0 [pid 1778] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1778] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1779] <... futex resumed>) = 0 [pid 1779] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1782] <... mount resumed>) = 0 [pid 1782] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1782] chdir("./file1") = 0 [pid 1782] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1779] <... pwrite64 resumed>) = 176128 [pid 1779] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1779] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1778] <... futex resumed>) = 0 [pid 1778] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1778] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1779] <... futex resumed>) = 0 [pid 1779] truncate("./file1", 1) = 0 [pid 1779] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1778] <... futex resumed>) = 0 [pid 1778] exit_group(0) = ? [pid 1779] <... futex resumed>) = ? [pid 1779] +++ exited with 0 +++ [pid 1778] +++ exited with 0 +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1778, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 284] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 284] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1790] <... openat resumed>) = 4 [pid 1782] <... openat resumed>) = 4 [pid 283] <... openat resumed>) = 3 [pid 1790] ioctl(4, LOOP_SET_FD, 3 [pid 1782] ioctl(4, LOOP_CLR_FD [pid 283] ioctl(3, LOOP_CLR_FD [pid 1790] <... ioctl resumed>) = 0 [pid 1782] <... ioctl resumed>) = 0 [pid 283] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1782] close(4 [pid 283] close(3 [pid 1782] <... close resumed>) = 0 [pid 1782] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] <... close resumed>) = 0 [ 61.654376][ T1779] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 61.671822][ T1779] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1790] close(3) = 0 [pid 1790] close(4) = 0 [pid 1790] mkdir("./file1", 0777) = 0 [pid 1790] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1782] <... futex resumed>) = 1 [pid 1781] <... futex resumed>) = 0 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1781] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1782] openat(AT_FDCWD, "./file1", O_RDWR [pid 283] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1794 [pid 1781] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1782] <... openat resumed>) = 4 [pid 1782] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1781] <... futex resumed>) = 0 [pid 284] <... umount2 resumed>) = 0 [pid 1782] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1781] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1782] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1781] <... futex resumed>) = 0 [pid 1782] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1781] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1782] <... pwrite64 resumed>) = 87490 [pid 284] umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 1794 attached [pid 1782] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1794] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1794] chdir("./57") = 0 [pid 1794] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1794] setpgid(0, 0) = 0 [pid 1794] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1794] write(3, "1000", 4) = 4 [pid 1794] close(3) = 0 [pid 1794] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1794] write(1, "executing program\n", 18executing program ) = 18 [pid 1794] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1794] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1794] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1794] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1794] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1794] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1795]}, 88) = 1795 [pid 1794] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1794] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1794] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1782] <... futex resumed>) = 1 [pid 1782] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 284] newfstatat(AT_FDCWD, "./58/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./58/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 284] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] close(4) = 0 [pid 284] rmdir("./58/file1") = 0 [pid 284] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] unlink("./58/binderfs") = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] close(3) = 0 [pid 284] rmdir("./58") = 0 [pid 284] mkdir("./59", 0777) = 0 [ 61.730770][ T1787] EXT4-fs (loop4): Ignoring removed nobh option [ 61.739193][ T1790] EXT4-fs (loop2): Ignoring removed nobh option [ 61.746339][ T1790] EXT4-fs (loop2): Ignoring removed bh option [ 61.751822][ T1787] EXT4-fs (loop4): Ignoring removed bh option [ 61.753111][ T1790] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 284] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 284] close(3) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1781] <... futex resumed>) = 0 [pid 284] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1797 ./strace-static-x86_64: Process 1795 attached [pid 1795] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1795] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1795] memfd_create("syzkaller", 0 [pid 1781] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1782] <... futex resumed>) = 0 [pid 1781] <... futex resumed>) = 1 [pid 1782] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1781] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1782] <... openat resumed>) = 5 [pid 1795] <... memfd_create resumed>) = 3 [pid 1795] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1782] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1781] <... futex resumed>) = 0 [pid 1782] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1781] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1795] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1795] munmap(0x7f895cf98000, 138412032) = 0 [pid 1795] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1795] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 1797 attached [pid 1797] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1797] chdir("./59") = 0 [pid 1797] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1797] setpgid(0, 0) = 0 [pid 1797] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1797] write(3, "1000", 4) = 4 [pid 1797] close(3) = 0 [pid 1797] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1797] write(1, "executing program\n", 18executing program ) = 18 [pid 1797] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1797] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1797] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1797] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1797] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1797] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1797] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1801]}, 88) = 1801 [pid 1797] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1797] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1797] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1801 attached [pid 1801] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1801] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1801] memfd_create("syzkaller", 0) = 3 [pid 1801] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1801] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1781] <... futex resumed>) = 0 [pid 1781] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1795] <... ioctl resumed>) = 0 [pid 1790] <... mount resumed>) = 0 [pid 1795] close(3) = 0 [pid 1795] close(4) = 0 [pid 1795] mkdir("./file1", 0777) = 0 [pid 1795] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1790] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1790] chdir("./file1") = 0 [pid 1790] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 1801] <... write resumed>) = 524288 [pid 1790] ioctl(4, LOOP_CLR_FD [pid 1782] <... pwrite64 resumed>) = 176128 [pid 1801] munmap(0x7f895cf98000, 138412032) = 0 [pid 1801] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1801] ioctl(4, LOOP_SET_FD, 3 [pid 1782] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1781] <... futex resumed>) = 0 [pid 1781] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1781] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1782] <... futex resumed>) = 1 [pid 1782] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1787] <... mount resumed>) = 0 [ 61.759135][ T1787] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 61.793872][ T1782] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 61.815876][ T1795] EXT4-fs (loop0): Ignoring removed nobh option [pid 1787] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1801] <... ioctl resumed>) = 0 [pid 1801] close(3) = 0 [pid 1801] close(4 [pid 1787] <... openat resumed>) = 3 [pid 1787] chdir("./file1") = 0 [pid 1787] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1782] <... pwrite64 resumed>) = 176128 [pid 1782] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1781] <... futex resumed>) = 0 [pid 1781] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1781] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1782] <... futex resumed>) = 1 [pid 1782] truncate("./file1", 1) = 0 [pid 1782] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1781] <... futex resumed>) = 0 [pid 1781] exit_group(0) = ? [pid 1782] <... futex resumed>) = ? [pid 1782] +++ exited with 0 +++ [pid 1781] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1781, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 286] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 286] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 286] umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1801] <... close resumed>) = 0 [pid 1801] mkdir("./file1", 0777 [pid 1790] <... ioctl resumed>) = 0 [pid 1801] <... mkdir resumed>) = 0 [pid 1801] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1790] close(4 [pid 1795] <... mount resumed>) = 0 [pid 1795] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1795] chdir("./file1") = 0 [ 61.823378][ T1782] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 61.823730][ T1795] EXT4-fs (loop0): Ignoring removed bh option [ 61.844260][ T1795] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1795] openat(AT_FDCWD, "/dev/loop0", O_RDWRexecuting program ) = 4 [pid 1790] <... close resumed>) = 0 [pid 1787] <... openat resumed>) = 4 [pid 1795] ioctl(4, LOOP_CLR_FD) = 0 [pid 1795] close(4) = 0 [pid 1795] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1795] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1794] <... futex resumed>) = 0 [pid 1787] ioctl(4, LOOP_CLR_FD [pid 1794] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1790] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... umount2 resumed>) = 0 [pid 286] umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./59/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./59/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 286] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] close(4) = 0 [pid 286] rmdir("./59/file1") = 0 [pid 286] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./59/binderfs") = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] close(3) = 0 [pid 286] rmdir("./59") = 0 [pid 286] mkdir("./60", 0777) = 0 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 286] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 286] close(3) = 0 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1806 ./strace-static-x86_64: Process 1806 attached [pid 1806] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1806] chdir("./60") = 0 [pid 1806] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1806] setpgid(0, 0) = 0 [pid 1806] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1806] write(3, "1000", 4) = 4 [pid 1806] close(3) = 0 [pid 1806] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1806] write(1, "executing program\n", 18) = 18 [pid 1806] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1806] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1806] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1806] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1806] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1806] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1806] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1807]}, 88) = 1807 [pid 1806] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1806] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1806] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1795] <... futex resumed>) = 0 [pid 1794] <... futex resumed>) = 1 [pid 1787] <... ioctl resumed>) = 0 [pid 1795] openat(AT_FDCWD, "./file1", O_RDWR [pid 1794] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1790] <... futex resumed>) = 1 [pid 1788] <... futex resumed>) = 0 [pid 1787] close(4 [pid 1790] openat(AT_FDCWD, "./file1", O_RDWR [pid 1788] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1795] <... openat resumed>) = 4 [pid 1787] <... close resumed>) = 0 [pid 1788] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1807 attached [pid 1795] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1790] <... openat resumed>) = 4 [pid 1788] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1787] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1807] set_robust_list(0x7f89653b89a0, 24 [pid 1795] <... futex resumed>) = 1 [pid 1794] <... futex resumed>) = 0 [pid 1795] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1794] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1790] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1788] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1787] <... futex resumed>) = 1 [pid 1786] <... futex resumed>) = 0 [pid 1807] <... set_robust_list resumed>) = 0 [pid 1795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1794] <... futex resumed>) = 0 [pid 1790] <... futex resumed>) = 0 [pid 1788] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1787] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1786] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1807] rt_sigprocmask(SIG_SETMASK, [], [pid 1795] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1794] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1790] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1788] <... futex resumed>) = 0 [pid 1787] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1786] <... futex resumed>) = 0 [pid 1786] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1807] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1807] memfd_create("syzkaller", 0) = 3 [pid 1807] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1807] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1795] <... pwrite64 resumed>) = 87490 [pid 1807] munmap(0x7f895cf98000, 138412032) = 0 [pid 1807] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 1807] ioctl(4, LOOP_SET_FD, 3 [pid 1788] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1787] openat(AT_FDCWD, "./file1", O_RDWR) = 4 [pid 1787] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1786] <... futex resumed>) = 0 [pid 1787] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1786] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1787] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1786] <... futex resumed>) = 0 [pid 1787] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1786] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1795] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1790] <... pwrite64 resumed>) = 87490 [pid 1795] <... futex resumed>) = 1 [pid 1794] <... futex resumed>) = 0 [pid 1790] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1795] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1794] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1790] <... futex resumed>) = 1 [pid 1788] <... futex resumed>) = 0 [pid 1795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1794] <... futex resumed>) = 0 [pid 1790] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1788] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1795] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1794] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1790] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1788] <... futex resumed>) = 0 [pid 1787] <... pwrite64 resumed>) = 87490 [pid 1807] <... ioctl resumed>) = 0 [pid 1795] <... openat resumed>) = 5 [pid 1790] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1795] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1790] <... openat resumed>) = 5 [pid 1795] <... futex resumed>) = 1 [pid 1794] <... futex resumed>) = 0 [pid 1790] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1795] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1794] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1790] <... futex resumed>) = 0 [pid 1795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1794] <... futex resumed>) = 0 [pid 1790] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 61.966282][ T1801] EXT4-fs (loop1): Ignoring removed nobh option [ 61.972571][ T1801] EXT4-fs (loop1): Ignoring removed bh option [ 61.980822][ T1801] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1795] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1794] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1807] close(3 [pid 1801] <... mount resumed>) = 0 [pid 1788] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1787] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1807] <... close resumed>) = 0 [pid 1801] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1788] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1787] <... futex resumed>) = 1 [pid 1786] <... futex resumed>) = 0 [pid 1807] close(4 [pid 1801] <... openat resumed>) = 3 [pid 1788] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1787] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1786] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1801] chdir("./file1" [pid 1795] <... pwrite64 resumed>) = 176128 [pid 1790] <... futex resumed>) = 0 [pid 1788] <... futex resumed>) = 1 [pid 1787] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1786] <... futex resumed>) = 0 [pid 1801] <... chdir resumed>) = 0 [pid 1790] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1788] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1787] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1786] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1801] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1787] <... openat resumed>) = 5 [pid 1787] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1786] <... futex resumed>) = 0 [pid 1787] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1786] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1787] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1786] <... futex resumed>) = 0 [pid 1787] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1786] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1795] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1790] <... pwrite64 resumed>) = 176128 [pid 1790] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1794] <... futex resumed>) = 0 [pid 1794] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1794] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1788] <... futex resumed>) = 0 [pid 1788] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1788] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1795] <... futex resumed>) = 1 [pid 1790] <... futex resumed>) = 1 [pid 1795] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [ 62.013860][ T1795] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 62.034578][ T1790] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 62.034927][ T1787] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1790] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1795] <... pwrite64 resumed>) = 176128 [pid 1795] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1794] <... futex resumed>) = 0 [pid 1794] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1794] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1795] <... futex resumed>) = 1 [pid 1795] truncate("./file1", 1) = 0 [pid 1795] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1794] <... futex resumed>) = 0 [pid 1794] exit_group(0) = ? [pid 1795] <... futex resumed>) = ? [pid 1795] +++ exited with 0 +++ [pid 1794] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1794, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 283] restart_syscall(<... resuming interrupted clone ...> [pid 1787] <... pwrite64 resumed>) = 176128 [pid 1787] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1786] <... futex resumed>) = 0 [pid 1786] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1786] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1787] <... futex resumed>) = 1 [pid 1787] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1807] <... close resumed>) = 0 [pid 1801] <... openat resumed>) = 4 [pid 283] <... restart_syscall resumed>) = 0 [pid 1807] mkdir("./file1", 0777 [pid 1801] ioctl(4, LOOP_CLR_FD [pid 1807] <... mkdir resumed>) = 0 [pid 283] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1807] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1790] <... pwrite64 resumed>) = 176128 [pid 1790] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1790] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1788] <... futex resumed>) = 0 [pid 1788] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1788] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1790] <... futex resumed>) = 0 [pid 1790] truncate("./file1", 1) = 0 [pid 1790] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1788] <... futex resumed>) = 0 [pid 1788] exit_group(0) = ? [pid 1790] <... futex resumed>) = ? [pid 1790] +++ exited with 0 +++ [pid 1788] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1788, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 285] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 285] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1787] <... pwrite64 resumed>) = 176128 [pid 1787] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1787] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1786] <... futex resumed>) = 0 [pid 1786] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1787] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1787] truncate("./file1", 1 [pid 1786] <... futex resumed>) = 0 [pid 1786] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1787] <... truncate resumed>) = 0 [pid 1787] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1786] <... futex resumed>) = 0 [pid 1786] exit_group(0) = ? [pid 1787] <... futex resumed>) = ? [pid 1787] +++ exited with 0 +++ [pid 1786] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1786, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, [pid 1801] <... ioctl resumed>) = 0 [pid 287] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 1801] close(4 [ 62.054567][ T1795] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 62.063650][ T1790] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 62.085730][ T1787] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 287] umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1801] <... close resumed>) = 0 [pid 285] <... umount2 resumed>) = 0 [pid 285] umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./57/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./57/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 285] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] close(4) = 0 [pid 285] rmdir("./57/file1") = 0 [pid 285] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] unlink("./57/binderfs") = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] close(3) = 0 [pid 285] rmdir("./57") = 0 [pid 285] mkdir("./58", 0777) = 0 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1801] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1801] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1797] <... futex resumed>) = 0 [pid 1797] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1801] <... futex resumed>) = 0 [pid 1797] <... futex resumed>) = 1 [pid 1801] openat(AT_FDCWD, "./file1", O_RDWR [pid 1797] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1801] <... openat resumed>) = 4 [pid 1801] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1797] <... futex resumed>) = 0 [pid 1801] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1797] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1801] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1797] <... futex resumed>) = 0 [pid 1801] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1797] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1801] <... pwrite64 resumed>) = 87490 [pid 1801] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1797] <... futex resumed>) = 0 [pid 1801] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1797] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1801] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1797] <... futex resumed>) = 0 [pid 1801] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1797] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1801] <... openat resumed>) = 5 [pid 1801] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1797] <... futex resumed>) = 0 [pid 1801] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1797] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1801] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1797] <... futex resumed>) = 0 [pid 1801] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1797] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1801] <... pwrite64 resumed>) = 176128 [pid 1801] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1797] <... futex resumed>) = 0 [pid 1801] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1797] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 62.197763][ T1807] EXT4-fs (loop3): Ignoring removed nobh option [ 62.204502][ T1807] EXT4-fs (loop3): Ignoring removed bh option [ 62.210999][ T1807] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 62.214007][ T1801] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1797] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1801] <... pwrite64 resumed>) = 176128 [pid 1801] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1797] <... futex resumed>) = 0 [pid 1797] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1801] <... futex resumed>) = 1 [pid 1797] <... futex resumed>) = 0 [pid 1801] truncate("./file1", 1 [pid 1797] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 283] <... umount2 resumed>) = 0 [pid 1801] <... truncate resumed>) = 0 [pid 1801] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1797] <... futex resumed>) = 0 [pid 1797] exit_group(0) = ? [pid 1801] <... futex resumed>) = ? [pid 1801] +++ exited with 0 +++ [pid 1797] +++ exited with 0 +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1797, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 284] restart_syscall(<... resuming interrupted clone ...> [pid 287] <... umount2 resumed>) = 0 [pid 285] <... openat resumed>) = 3 [pid 284] <... restart_syscall resumed>) = 0 [pid 283] umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./57/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 1807] <... mount resumed>) = 0 [pid 285] ioctl(3, LOOP_CLR_FD [pid 283] openat(AT_FDCWD, "./57/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 283] newfstatat(4, "", [pid 285] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 284] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] close(3 [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, [pid 285] <... close resumed>) = 0 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 283] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 283] close(4) = 0 [pid 283] rmdir("./57/file1") = 0 [pid 283] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1813 [pid 284] <... openat resumed>) = 3 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(3, "", [pid 283] newfstatat(AT_FDCWD, "./57/binderfs", [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1807] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 283] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] unlink("./57/binderfs" [pid 1807] <... openat resumed>) = 3 [pid 284] getdents64(3, [pid 283] <... unlink resumed>) = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] close(3) = 0 [pid 283] rmdir("./57" [pid 1807] chdir("./file1" [pid 284] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] <... rmdir resumed>) = 0 [pid 283] mkdir("./58", 0777) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 283] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 283] close(3) = 0 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1807] <... chdir resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1814 [pid 1807] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 287] newfstatat(AT_FDCWD, "./57/file1", [pid 1807] <... openat resumed>) = 4 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1807] ioctl(4, LOOP_CLR_FD./strace-static-x86_64: Process 1814 attached [pid 1814] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1807] <... ioctl resumed>) = 0 [pid 287] umount2("./57/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1814] chdir("./58") = 0 [pid 1814] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1814] setpgid(0, 0) = 0 [pid 1807] close(4) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1814] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1807] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] openat(AT_FDCWD, "./57/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1807] <... futex resumed>) = 1 [pid 1806] <... futex resumed>) = 0 [pid 287] <... openat resumed>) = 4 [pid 1806] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1807] openat(AT_FDCWD, "./file1", O_RDWR [pid 1806] <... futex resumed>) = 0 [pid 287] newfstatat(4, "", [pid 1806] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1807] <... openat resumed>) = 4 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1807] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1814] <... openat resumed>) = 3 [pid 1807] <... futex resumed>) = 1 [pid 1806] <... futex resumed>) = 0 [pid 287] getdents64(4, executing program [pid 1806] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1807] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1806] <... futex resumed>) = 0 [pid 1814] write(3, "1000", 4 [pid 287] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 1806] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1814] <... write resumed>) = 4 [pid 1814] close(3) = 0 [pid 1814] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1814] write(1, "executing program\n", 18) = 18 [pid 1814] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1814] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1814] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1814] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1814] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1814] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1814] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1815]}, 88) = 1815 [pid 1814] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1814] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1814] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1815 attached [pid 1815] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1815] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1815] memfd_create("syzkaller", 0) = 3 [pid 1815] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1807] <... pwrite64 resumed>) = 87490 [pid 287] getdents64(4, [pid 1807] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] close(4 [pid 1807] <... futex resumed>) = 1 [pid 1806] <... futex resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 1806] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 287] rmdir("./57/file1" [pid 1806] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... rmdir resumed>) = 0 [pid 1807] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 287] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 1807] <... openat resumed>) = 5 [pid 287] newfstatat(AT_FDCWD, "./57/binderfs", [pid 1807] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1806] <... futex resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1806] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 287] unlink("./57/binderfs" [pid 1806] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... unlink resumed>) = 0 [pid 287] getdents64(3, [pid 1807] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 287] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 1815] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1815] munmap(0x7f895cf98000, 138412032) = 0 [pid 1815] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 1813 attached [pid 1813] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1813] chdir("./58") = 0 [pid 1813] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 287] rmdir("./57" [pid 1813] setpgid(0, 0) = 0 [pid 1813] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 287] <... rmdir resumed>) = 0 [pid 287] mkdir("./58", 0777 [pid 1813] <... openat resumed>) = 3 [pid 1813] write(3, "1000", 4) = 4 [pid 1813] close(3) = 0 [pid 1813] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 287] <... mkdir resumed>) = 0 [pid 1813] write(1, "executing program\n", 18) = 18 [pid 1813] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1813] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1813] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1813] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [ 62.238364][ T1801] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1813] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1813] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1813] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1816]}, 88) = 1816 [pid 1813] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1813] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1813] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1816 attached [pid 1807] <... pwrite64 resumed>) = 176128 [pid 1807] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1806] <... futex resumed>) = 0 [pid 1806] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1806] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1807] <... futex resumed>) = 1 [pid 1807] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1816] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1816] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1816] memfd_create("syzkaller", 0) = 3 [pid 1816] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1816] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1816] munmap(0x7f895cf98000, 138412032) = 0 [pid 1816] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1815] <... openat resumed>) = 4 [pid 284] <... umount2 resumed>) = 0 [pid 1815] ioctl(4, LOOP_SET_FD, 3 [pid 284] umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./59/file1", [pid 1807] <... pwrite64 resumed>) = 176128 [pid 1815] <... ioctl resumed>) = 0 [pid 1807] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1815] close(3 [pid 287] <... openat resumed>) = 3 [pid 1815] <... close resumed>) = 0 [pid 287] ioctl(3, LOOP_CLR_FD [pid 1815] close(4 [pid 284] umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1816] <... openat resumed>) = 4 [pid 1815] <... close resumed>) = 0 [pid 1807] <... futex resumed>) = 1 [pid 287] close(3 [pid 1816] ioctl(4, LOOP_SET_FD, 3 [pid 1815] mkdir("./file1", 0777 [pid 1807] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 287] <... close resumed>) = 0 [pid 1806] <... futex resumed>) = 0 [pid 1815] <... mkdir resumed>) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1806] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1806] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./59/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 284] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] close(4) = 0 [pid 284] rmdir("./59/file1") = 0 [pid 284] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] unlink("./59/binderfs") = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] close(3 [pid 1815] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1807] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 284] <... close resumed>) = 0 [pid 287] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1818 [pid 284] rmdir("./59" [pid 1807] truncate("./file1", 1 [pid 284] <... rmdir resumed>) = 0 [pid 284] mkdir("./60", 0777) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 1818 attached [pid 1818] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1818] chdir("./58") = 0 [pid 1816] <... ioctl resumed>) = 0 [pid 1807] <... truncate resumed>) = 0 [pid 284] <... openat resumed>) = 3 [pid 284] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 1807] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1818] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1816] close(3 [pid 1807] <... futex resumed>) = 1 [pid 1806] <... futex resumed>) = 0 [pid 284] close(3 [pid 1818] <... prctl resumed>) = 0 [pid 1816] <... close resumed>) = 0 [pid 1807] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1806] exit_group(0 [pid 284] <... close resumed>) = 0 [pid 1806] <... exit_group resumed>) = ? [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1820 ./strace-static-x86_64: Process 1820 attached [pid 1820] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1820] chdir("./60") = 0 [pid 1820] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1820] setpgid(0, 0) = 0 [pid 1820] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1820] write(3, "1000", 4) = 4 [pid 1820] close(3) = 0 [pid 1820] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1820] write(1, "executing program\n", 18executing program ) = 18 [pid 1820] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1820] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1807] <... futex resumed>) = ? [ 62.290446][ T1807] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 62.306919][ T1807] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1820] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1818] setpgid(0, 0 [pid 1816] close(4 [pid 1807] +++ exited with 0 +++ [pid 1806] +++ exited with 0 +++ [pid 1818] <... setpgid resumed>) = 0 [pid 1818] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1806, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 1820] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1820] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1820] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1818] write(3, "1000", 4) = 4 [pid 1818] close(3) = 0 [pid 1818] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1820] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1820] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1821]}, 88) = 1821 [pid 1820] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1820] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1820] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1818] write(1, "executing program\n", 18executing program ) = 18 [pid 1818] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1818] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1818] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1818] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 286] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 1821 attached ) = -1 EINVAL (Invalid argument) [pid 1818] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1818] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1818] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1822]}, 88) = 1822 [pid 1818] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1818] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1818] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 286] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 286] umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1821] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1821] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1821] memfd_create("syzkaller", 0) = 3 [pid 1821] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1821] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1821] munmap(0x7f895cf98000, 138412032) = 0 [pid 1821] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 1822 attached [pid 1822] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1822] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1822] memfd_create("syzkaller", 0) = 3 [pid 1822] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1822] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1816] <... close resumed>) = 0 [pid 1822] munmap(0x7f895cf98000, 138412032 [pid 1816] mkdir("./file1", 0777 [pid 1822] <... munmap resumed>) = 0 [pid 1822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1816] <... mkdir resumed>) = 0 [pid 1816] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1821] <... openat resumed>) = 4 [pid 1821] ioctl(4, LOOP_SET_FD, 3 [pid 1815] <... mount resumed>) = 0 [pid 1815] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1815] chdir("./file1") = 0 [pid 1815] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1822] <... openat resumed>) = 4 [pid 1822] ioctl(4, LOOP_SET_FD, 3 [pid 1821] <... ioctl resumed>) = 0 [pid 1821] close(3 [pid 286] <... umount2 resumed>) = 0 [pid 1821] <... close resumed>) = 0 [pid 1821] close(4 [pid 286] umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./60/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 62.344255][ T1815] EXT4-fs (loop0): Ignoring removed nobh option [ 62.350990][ T1815] EXT4-fs (loop0): Ignoring removed bh option [ 62.357781][ T1815] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 286] umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./60/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 286] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] close(4) = 0 [pid 286] rmdir("./60/file1") = 0 [pid 286] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./60/binderfs") = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] close(3 [pid 1822] <... ioctl resumed>) = 0 [pid 1821] <... close resumed>) = 0 [pid 1822] close(3 [pid 1821] mkdir("./file1", 0777 [pid 1822] <... close resumed>) = 0 [pid 286] <... close resumed>) = 0 [pid 286] rmdir("./60") = 0 [pid 286] mkdir("./61", 0777) = 0 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 286] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 286] close(3) = 0 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1827 ./strace-static-x86_64: Process 1827 attached [pid 1822] close(4 [pid 1821] <... mkdir resumed>) = 0 [pid 1821] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1827] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1827] chdir("./61") = 0 [pid 1827] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1827] setpgid(0, 0) = 0 [pid 1827] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1827] write(3, "1000", 4) = 4 [pid 1827] close(3) = 0 [pid 1827] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1827] write(1, "executing program\n", 18executing program ) = 18 [pid 1827] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1827] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1827] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1827] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1827] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1827] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1827] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1828]}, 88) = 1828 [pid 1827] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1827] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1827] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1828 attached [pid 1828] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1828] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1828] memfd_create("syzkaller", 0) = 3 [pid 1828] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1828] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1828] munmap(0x7f895cf98000, 138412032) = 0 [pid 1828] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1815] <... openat resumed>) = 4 [pid 1822] <... close resumed>) = 0 [pid 1815] ioctl(4, LOOP_CLR_FD [pid 1828] <... openat resumed>) = 4 [pid 1828] ioctl(4, LOOP_SET_FD, 3 [pid 1822] mkdir("./file1", 0777 [pid 1828] <... ioctl resumed>) = 0 [pid 1828] close(3) = 0 [pid 1828] close(4 [pid 1822] <... mkdir resumed>) = 0 [pid 1822] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1816] <... mount resumed>) = 0 [pid 1816] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1816] chdir("./file1") = 0 [ 62.421147][ T1816] EXT4-fs (loop2): Ignoring removed nobh option [ 62.433728][ T1816] EXT4-fs (loop2): Ignoring removed bh option [ 62.440745][ T1816] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 62.456469][ T1821] EXT4-fs (loop1): Ignoring removed nobh option [ 62.463273][ T1821] EXT4-fs (loop1): Ignoring removed bh option [pid 1816] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1821] <... mount resumed>) = 0 [pid 1821] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1821] chdir("./file1") = 0 [pid 1821] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1828] <... close resumed>) = 0 [pid 1815] <... ioctl resumed>) = 0 [pid 1815] close(4 [pid 1828] mkdir("./file1", 0777) = 0 [ 62.469802][ T1821] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1828] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1816] <... openat resumed>) = 4 [pid 1816] ioctl(4, LOOP_CLR_FD) = 0 [pid 1816] close(4) = 0 [pid 1816] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1813] <... futex resumed>) = 0 [pid 1816] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1813] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1816] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1813] <... futex resumed>) = 0 [pid 1816] openat(AT_FDCWD, "./file1", O_RDWR [pid 1813] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1821] <... openat resumed>) = 4 [pid 1816] <... openat resumed>) = 4 [pid 1821] ioctl(4, LOOP_CLR_FD) = 0 [pid 1821] close(4) = 0 [pid 1821] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1821] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1816] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1816] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1820] <... futex resumed>) = 0 [pid 1820] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1820] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1821] <... futex resumed>) = 0 [pid 1821] openat(AT_FDCWD, "./file1", O_RDWR [pid 1813] <... futex resumed>) = 0 [pid 1813] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1816] <... futex resumed>) = 0 [pid 1813] <... futex resumed>) = 1 [pid 1816] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1813] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1821] <... openat resumed>) = 4 [pid 1816] <... pwrite64 resumed>) = 87490 [pid 1816] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1813] <... futex resumed>) = 0 [pid 1816] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1813] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1816] <... openat resumed>) = 5 [pid 1813] <... futex resumed>) = 0 [pid 1816] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1813] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1816] <... futex resumed>) = 0 [pid 1813] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1816] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1813] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1816] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1813] <... futex resumed>) = 0 [pid 1816] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1813] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1821] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1820] <... futex resumed>) = 0 [pid 1821] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1820] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1821] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1820] <... futex resumed>) = 0 [pid 1821] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1820] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1821] <... pwrite64 resumed>) = 87490 [pid 1821] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1820] <... futex resumed>) = 0 [pid 1820] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1820] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1821] <... futex resumed>) = 1 [pid 1821] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1821] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1820] <... futex resumed>) = 0 [pid 1820] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1820] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1821] <... futex resumed>) = 1 [pid 1821] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1816] <... pwrite64 resumed>) = 176128 [pid 1816] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1813] <... futex resumed>) = 0 [pid 1813] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1813] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1816] <... futex resumed>) = 1 [ 62.549700][ T1828] EXT4-fs (loop3): Ignoring removed nobh option [ 62.556723][ T1828] EXT4-fs (loop3): Ignoring removed bh option [ 62.563321][ T1828] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 62.566074][ T1816] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1816] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1821] <... pwrite64 resumed>) = 176128 [pid 1821] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1820] <... futex resumed>) = 0 [pid 1820] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1820] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1821] <... futex resumed>) = 1 [pid 1821] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1816] <... pwrite64 resumed>) = 176128 [pid 1815] <... close resumed>) = 0 [pid 1828] <... mount resumed>) = 0 [pid 1816] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1815] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1816] <... futex resumed>) = 1 [pid 1815] <... futex resumed>) = 1 [pid 1813] <... futex resumed>) = 0 [pid 1816] truncate("./file1", 1 [pid 1815] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1813] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1828] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1816] <... truncate resumed>) = 0 [pid 1814] <... futex resumed>) = 0 [pid 1813] <... futex resumed>) = 0 [pid 1828] <... openat resumed>) = 3 [pid 1814] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1828] chdir("./file1" [ 62.584039][ T1821] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 62.591975][ T1816] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 62.605771][ T1821] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 62.636406][ T1822] EXT4-fs (loop4): Ignoring removed nobh option [pid 1813] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1828] <... chdir resumed>) = 0 [pid 1821] <... pwrite64 resumed>) = 176128 [pid 1816] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1815] <... futex resumed>) = 0 [pid 1814] <... futex resumed>) = 1 [pid 1815] openat(AT_FDCWD, "./file1", O_RDWR [pid 1814] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1828] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 1828] ioctl(4, LOOP_CLR_FD) = 0 [pid 1828] close(4) = 0 [pid 1828] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1827] <... futex resumed>) = 0 [pid 1827] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1827] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1828] openat(AT_FDCWD, "./file1", O_RDWR [pid 1821] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1820] <... futex resumed>) = 0 [pid 1820] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1820] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1821] <... futex resumed>) = 1 [pid 1821] truncate("./file1", 1 [pid 1816] <... futex resumed>) = 1 [pid 1816] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1815] <... openat resumed>) = 4 [pid 1813] <... futex resumed>) = 0 [pid 1828] <... openat resumed>) = 4 [pid 1815] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1813] exit_group(0 [pid 1828] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1815] <... futex resumed>) = 1 [pid 1814] <... futex resumed>) = 0 [pid 1813] <... exit_group resumed>) = ? [pid 1828] <... futex resumed>) = 1 [pid 1827] <... futex resumed>) = 0 [pid 1815] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1814] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1828] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1827] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1814] <... futex resumed>) = 0 [pid 1828] <... pwrite64 resumed>) = 87490 [pid 1827] <... futex resumed>) = 0 [pid 1814] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1827] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1815] <... pwrite64 resumed>) = 87490 [pid 1816] <... futex resumed>) = ? [pid 1816] +++ exited with 0 +++ [pid 1815] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1814] <... futex resumed>) = 0 [pid 1814] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1814] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1815] <... futex resumed>) = 1 [pid 1815] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1815] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1814] <... futex resumed>) = 0 [pid 1814] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1814] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1815] <... futex resumed>) = 1 [pid 1815] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1828] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1821] <... truncate resumed>) = 0 [pid 1813] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1813, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 285] restart_syscall(<... resuming interrupted clone ...> [pid 1828] <... futex resumed>) = 1 [pid 1828] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1821] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1821] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1827] <... futex resumed>) = 0 [pid 1827] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1827] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1828] <... futex resumed>) = 0 [pid 1820] <... futex resumed>) = 0 [pid 1828] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1820] exit_group(0 [pid 1828] <... openat resumed>) = 5 [pid 1820] <... exit_group resumed>) = ? [pid 1821] <... futex resumed>) = ? [pid 1821] +++ exited with 0 +++ [pid 1815] <... pwrite64 resumed>) = 176128 [pid 1815] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1815] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1828] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1827] <... futex resumed>) = 0 [pid 1827] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1827] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1828] <... futex resumed>) = 1 [pid 1828] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1820] +++ exited with 0 +++ [pid 1814] <... futex resumed>) = 0 [pid 1814] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1820, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 1814] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] restart_syscall(<... resuming interrupted clone ...> [pid 1815] <... futex resumed>) = 0 [pid 285] <... restart_syscall resumed>) = 0 [pid 284] <... restart_syscall resumed>) = 0 [pid 285] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1822] <... mount resumed>) = 0 [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1822] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 285] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1822] <... openat resumed>) = 3 [pid 285] <... openat resumed>) = 3 [pid 284] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1822] chdir("./file1" [pid 285] newfstatat(3, "", [pid 1822] <... chdir resumed>) = 0 [pid 284] <... openat resumed>) = 3 [pid 1822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] newfstatat(3, "", [ 62.645317][ T1822] EXT4-fs (loop4): Ignoring removed bh option [ 62.652732][ T1822] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 62.663316][ T1815] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1815] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1828] <... pwrite64 resumed>) = 176128 [pid 1822] <... openat resumed>) = 4 [pid 285] getdents64(3, [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1822] ioctl(4, LOOP_CLR_FD [pid 285] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] getdents64(3, [pid 1822] <... ioctl resumed>) = 0 [pid 285] umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 1822] close(4 [pid 284] umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1822] <... close resumed>) = 0 [pid 1822] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1818] <... futex resumed>) = 0 [pid 1822] openat(AT_FDCWD, "./file1", O_RDWR [pid 1818] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1818] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1828] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1827] <... futex resumed>) = 0 [pid 1827] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1827] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1828] <... futex resumed>) = 1 [pid 1828] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1822] <... openat resumed>) = 4 [pid 1815] <... pwrite64 resumed>) = 176128 [pid 1822] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1822] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1815] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1814] <... futex resumed>) = 0 [pid 1814] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1814] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1815] <... futex resumed>) = 1 [pid 1815] truncate("./file1", 1) = 0 [pid 1815] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1814] <... futex resumed>) = 0 [pid 1814] exit_group(0) = ? [pid 1815] <... futex resumed>) = ? [pid 1815] +++ exited with 0 +++ [pid 1814] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1814, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 283] restart_syscall(<... resuming interrupted clone ...> [pid 1818] <... futex resumed>) = 0 [pid 1818] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1822] <... futex resumed>) = 0 [pid 1818] <... futex resumed>) = 1 [pid 1822] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1818] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1822] <... pwrite64 resumed>) = 87490 [pid 1822] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1818] <... futex resumed>) = 0 [pid 1818] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1818] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1822] <... futex resumed>) = 1 [pid 1822] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1822] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1818] <... futex resumed>) = 0 [pid 1818] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1818] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1822] <... futex resumed>) = 1 [pid 1822] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 283] <... restart_syscall resumed>) = 0 [pid 283] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1822] <... pwrite64 resumed>) = 176128 [pid 1822] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1818] <... futex resumed>) = 0 [pid 1818] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1818] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1822] <... futex resumed>) = 1 [ 62.687661][ T1828] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 62.688603][ T1815] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 62.712543][ T1828] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 62.733456][ T1822] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1822] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1827] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1827] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1827] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965377000 [pid 1827] mprotect(0x7f8965378000, 131072, PROT_READ|PROT_WRITE [pid 1828] <... pwrite64 resumed>) = 176128 [pid 1827] <... mprotect resumed>) = 0 [pid 1828] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1827] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1828] <... futex resumed>) = 0 [pid 1827] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1828] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1827] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8965397990, parent_tid=0x7f8965397990, exit_signal=0, stack=0x7f8965377000, stack_size=0x20300, tls=0x7f89653976c0} => {parent_tid=[1838]}, 88) = 1838 [pid 1827] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1827] futex(0x7f89654836d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1827] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1838 attached [pid 1838] set_robust_list(0x7f89653979a0, 24) = 0 [pid 1838] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1838] truncate("./file1", 1 [pid 1822] <... pwrite64 resumed>) = 176128 [pid 1822] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1818] <... futex resumed>) = 0 [pid 1822] <... futex resumed>) = 1 [pid 1818] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1822] truncate("./file1", 1 [pid 1818] <... futex resumed>) = 0 [pid 1818] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1838] <... truncate resumed>) = 0 [pid 1838] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1827] <... futex resumed>) = 0 [pid 1827] exit_group(0 [pid 1828] <... futex resumed>) = ? [pid 1827] <... exit_group resumed>) = ? [pid 1828] +++ exited with 0 +++ [pid 1838] <... futex resumed>) = ? [pid 1838] +++ exited with 0 +++ [pid 1827] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1827, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 286] restart_syscall(<... resuming interrupted clone ...> [pid 1822] <... truncate resumed>) = 0 [pid 1822] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1822] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1818] <... futex resumed>) = 0 [pid 1818] exit_group(0) = ? [pid 1822] <... futex resumed>) = ? [pid 1822] +++ exited with 0 +++ [pid 1818] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1818, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 286] <... restart_syscall resumed>) = 0 [pid 286] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] <... openat resumed>) = 3 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, [pid 287] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] <... umount2 resumed>) = 0 [pid 283] umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./58/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./58/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] close(4) = 0 [pid 283] rmdir("./58/file1") = 0 [pid 283] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] unlink("./58/binderfs") = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] close(3) = 0 [pid 283] rmdir("./58") = 0 [pid 283] mkdir("./59", 0777) = 0 [ 62.750367][ T1822] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWRexecuting program ) = 3 [pid 283] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 283] close(3 [pid 284] <... umount2 resumed>) = 0 [pid 283] <... close resumed>) = 0 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1839 [pid 285] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 1839 attached [pid 1839] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1839] chdir("./59") = 0 [pid 1839] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1839] setpgid(0, 0) = 0 [pid 1839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1839] write(3, "1000", 4) = 4 [pid 1839] close(3) = 0 [pid 1839] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1839] write(1, "executing program\n", 18) = 18 [pid 1839] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1839] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1839] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1839] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1839] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1839] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1839] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 285] umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = 0 [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1839] <... clone3 resumed> => {parent_tid=[1840]}, 88) = 1840 [pid 1839] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1839] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] newfstatat(AT_FDCWD, "./58/file1", [pid 284] newfstatat(AT_FDCWD, "./60/file1", [pid 1839] <... futex resumed>) = 0 [pid 1839] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1840 attached [pid 1840] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1840] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1840] memfd_create("syzkaller", 0) = 3 [pid 1840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 286] <... umount2 resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] newfstatat(AT_FDCWD, "./58/file1", [pid 286] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] umount2("./58/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] openat(AT_FDCWD, "./58/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 284] umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./61/file1", [pid 285] <... openat resumed>) = 4 [pid 287] openat(AT_FDCWD, "./58/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] newfstatat(4, "", [pid 287] <... openat resumed>) = 4 [pid 286] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] openat(AT_FDCWD, "./60/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] newfstatat(4, "", [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] <... openat resumed>) = 4 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(4, [pid 287] getdents64(4, [pid 286] openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 284] newfstatat(4, "", [pid 285] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 286] <... openat resumed>) = 4 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(4, [pid 287] getdents64(4, [pid 284] getdents64(4, [pid 285] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] newfstatat(4, "", [pid 284] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] close(4 [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] close(4 [pid 284] getdents64(4, [pid 287] <... close resumed>) = 0 [pid 285] <... close resumed>) = 0 [pid 287] rmdir("./58/file1" [pid 286] getdents64(4, [pid 285] rmdir("./58/file1" [pid 284] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 285] <... rmdir resumed>) = 0 [pid 287] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] close(4 [pid 286] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] <... close resumed>) = 0 [pid 287] newfstatat(AT_FDCWD, "./58/binderfs", [pid 286] getdents64(4, [pid 285] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] rmdir("./60/file1" [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] <... rmdir resumed>) = 0 [pid 287] unlink("./58/binderfs" [pid 286] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] newfstatat(AT_FDCWD, "./58/binderfs", [pid 284] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] <... unlink resumed>) = 0 [pid 285] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] getdents64(3, [pid 286] close(4 [pid 285] unlink("./58/binderfs" [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] <... close resumed>) = 0 [pid 285] <... unlink resumed>) = 0 [pid 287] close(3 [pid 286] rmdir("./61/file1" [pid 285] getdents64(3, [pid 284] newfstatat(AT_FDCWD, "./60/binderfs", [pid 287] <... close resumed>) = 0 [pid 286] <... rmdir resumed>) = 0 [pid 287] rmdir("./58" [pid 285] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 284] unlink("./60/binderfs" [pid 287] mkdir("./59", 0777 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] close(3 [pid 284] <... unlink resumed>) = 0 [pid 285] <... close resumed>) = 0 [pid 287] <... mkdir resumed>) = 0 [pid 285] rmdir("./58" [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 286] newfstatat(AT_FDCWD, "./61/binderfs", [pid 284] getdents64(3, [pid 285] <... rmdir resumed>) = 0 [pid 284] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] <... openat resumed>) = 3 [pid 284] close(3 [pid 287] ioctl(3, LOOP_CLR_FD [pid 286] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] mkdir("./59", 0777 [pid 284] <... close resumed>) = 0 [pid 284] rmdir("./60" [pid 285] <... mkdir resumed>) = 0 [pid 284] <... rmdir resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 286] unlink("./61/binderfs" [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 284] mkdir("./61", 0777 [pid 287] close(3 [pid 284] <... mkdir resumed>) = 0 [pid 285] <... openat resumed>) = 3 [pid 1840] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1840] munmap(0x7f895cf98000, 138412032) = 0 [pid 1840] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1840] ioctl(4, LOOP_SET_FD, 3 [pid 286] <... unlink resumed>) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] close(3) = 0 [pid 286] rmdir("./61") = 0 [pid 286] mkdir("./62", 0777) = 0 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1840] <... ioctl resumed>) = 0 [pid 1840] close(3) = 0 [pid 1840] close(4 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 285] ioctl(3, LOOP_CLR_FD [pid 286] <... openat resumed>) = 3 [pid 284] <... openat resumed>) = 3 [pid 285] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 285] close(3) = 0 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 286] ioctl(3, LOOP_CLR_FD [pid 284] ioctl(3, LOOP_CLR_FD [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 284] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 286] close(3 [pid 284] close(3 [pid 286] <... close resumed>) = 0 [pid 284] <... close resumed>) = 0 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 285] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1842 [pid 287] <... close resumed>) = 0 [pid 1840] <... close resumed>) = 0 [pid 284] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1844 [pid 286] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1843 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1842 attached [pid 1842] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1842] chdir("./59") = 0 [pid 1842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1840] mkdir("./file1", 0777) = 0 [pid 1840] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 287] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1845 ./strace-static-x86_64: Process 1845 attached [pid 1842] setpgid(0, 0 [pid 1845] set_robust_list(0x55557fe8a6a0, 24 [pid 1842] <... setpgid resumed>) = 0 [pid 1845] <... set_robust_list resumed>) = 0 [pid 1842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1845] chdir("./59" [pid 1842] <... openat resumed>) = 3 [pid 1845] <... chdir resumed>) = 0 [pid 1842] write(3, "1000", 4 [pid 1845] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1842] <... write resumed>) = 4 [pid 1845] <... prctl resumed>) = 0 [pid 1842] close(3./strace-static-x86_64: Process 1844 attached ./strace-static-x86_64: Process 1843 attached [pid 1843] set_robust_list(0x55557fe8a6a0, 24 [pid 1844] set_robust_list(0x55557fe8a6a0, 24 [pid 1843] <... set_robust_list resumed>) = 0 [pid 1843] chdir("./62" [pid 1842] <... close resumed>) = 0 [pid 1845] setpgid(0, 0 [pid 1842] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1845] <... setpgid resumed>) = 0 [pid 1842] write(1, "executing program\n", 18 [pid 1845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1842] <... write resumed>) = 18 [pid 1842] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1844] <... set_robust_list resumed>) = 0 [pid 1842] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1845] <... openat resumed>) = 3 [pid 1842] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1844] chdir("./61" [pid 1843] <... chdir resumed>) = 0 [pid 1844] <... chdir resumed>) = 0 [pid 1843] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1844] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1843] <... prctl resumed>) = 0 [pid 1844] <... prctl resumed>) = 0 [pid 1843] setpgid(0, 0 [pid 1845] write(3, "1000", 4 [pid 1842] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1845] <... write resumed>) = 4 [pid 1842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1845] close(3 [pid 1843] <... setpgid resumed>) = 0 [pid 1843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1844] setpgid(0, 0) = 0 [pid 1844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1843] <... openat resumed>) = 3 [pid 1844] <... openat resumed>) = 3 [pid 1843] write(3, "1000", 4) = 4 [pid 1843] close(3) = 0 [pid 1844] write(3, "1000", 4 [pid 1843] symlink("/dev/binderfs", "./binderfs" [pid 1845] <... close resumed>) = 0 [pid 1842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1845] symlink("/dev/binderfs", "./binderfs" [pid 1842] <... mmap resumed>) = 0x7f8965398000 [pid 1844] <... write resumed>) = 4 [pid 1842] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1842] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1845] <... symlink resumed>) = 0 [pid 1842] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1843] <... symlink resumed>) = 0 [pid 1844] close(3) = 0 [pid 1844] symlink("/dev/binderfs", "./binderfs" [pid 1842] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1845] write(1, "executing program\n", 18executing program ) = 18 [pid 1842] <... clone3 resumed> => {parent_tid=[1846]}, 88) = 1846 [pid 1845] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1842] rt_sigprocmask(SIG_SETMASK, [], [pid 1845] <... futex resumed>) = 0 [pid 1842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1845] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1842] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1845] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1842] <... futex resumed>) = 0 ./strace-static-x86_64: Process 1846 attached [pid 1845] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1842] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1846] set_robust_list(0x7f89653b89a0, 24 [pid 1845] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1844] <... symlink resumed>) = 0 [pid 1843] write(1, "executing program\n", 18executing program ) = 18 [pid 1844] write(1, "executing program\n", 18executing program ) = 18 [pid 1844] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1844] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1843] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1843] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1843] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1844] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1843] <... mmap resumed>) = 0x7f8965398000 [pid 1844] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1843] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 1844] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1843] <... mprotect resumed>) = 0 [pid 1844] <... mmap resumed>) = 0x7f8965398000 [pid 1844] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1843] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1844] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1844] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1843] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1843] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1848]}, 88) = 1848 [pid 1843] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1844] <... clone3 resumed> => {parent_tid=[1847]}, 88) = 1847 [pid 1843] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1844] rt_sigprocmask(SIG_SETMASK, [], [pid 1843] <... futex resumed>) = 0 [pid 1844] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1843] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1844] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1844] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1846] <... set_robust_list resumed>) = 0 [pid 1846] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1846] memfd_create("syzkaller", 0) = 3 [pid 1846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 ./strace-static-x86_64: Process 1848 attached ./strace-static-x86_64: Process 1847 attached [pid 1845] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1846] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1846] munmap(0x7f895cf98000, 138412032) = 0 [pid 1846] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 1846] ioctl(4, LOOP_SET_FD, 3 [pid 1848] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1848] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1848] memfd_create("syzkaller", 0) = 3 [pid 1848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1848] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1848] munmap(0x7f895cf98000, 138412032) = 0 [pid 1848] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1847] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1847] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1847] memfd_create("syzkaller", 0) = 3 [pid 1847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1847] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1845] <... mmap resumed>) = 0x7f8965398000 [pid 1845] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1847] <... write resumed>) = 524288 [pid 1845] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1847] munmap(0x7f895cf98000, 138412032 [pid 1845] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1845] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1847] <... munmap resumed>) = 0 [pid 1847] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1845] <... clone3 resumed> => {parent_tid=[1850]}, 88) = 1850 [pid 1845] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1845] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1845] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1850 attached [pid 1850] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1850] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1846] <... ioctl resumed>) = 0 [pid 1850] memfd_create("syzkaller", 0) = 3 [pid 1850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1848] <... openat resumed>) = 4 [pid 1848] ioctl(4, LOOP_SET_FD, 3 [pid 1847] <... openat resumed>) = 4 [pid 1846] close(3 [pid 1847] ioctl(4, LOOP_SET_FD, 3 [pid 1846] <... close resumed>) = 0 [pid 1846] close(4 [pid 1848] <... ioctl resumed>) = 0 [pid 1848] close(3 [pid 1850] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1848] <... close resumed>) = 0 [pid 1847] <... ioctl resumed>) = 0 [pid 1846] <... close resumed>) = 0 [pid 1848] close(4 [pid 1847] close(3 [pid 1846] mkdir("./file1", 0777 [pid 1847] <... close resumed>) = 0 [pid 1846] <... mkdir resumed>) = 0 [pid 1847] close(4 [pid 1846] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1850] <... write resumed>) = 524288 [pid 1850] munmap(0x7f895cf98000, 138412032) = 0 [pid 1850] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1848] <... close resumed>) = 0 [pid 1847] <... close resumed>) = 0 [pid 1850] <... openat resumed>) = 4 [pid 1848] mkdir("./file1", 0777 [pid 1847] mkdir("./file1", 0777 [pid 1848] <... mkdir resumed>) = 0 [ 63.106655][ T1840] EXT4-fs (loop0): Ignoring removed nobh option [ 63.126161][ T1840] EXT4-fs (loop0): Ignoring removed bh option [ 63.132322][ T1840] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1848] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1850] ioctl(4, LOOP_SET_FD, 3 [pid 1847] <... mkdir resumed>) = 0 [pid 1847] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1840] <... mount resumed>) = 0 [pid 1850] <... ioctl resumed>) = 0 [pid 1850] close(3) = 0 [pid 1840] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1850] close(4 [pid 1840] <... openat resumed>) = 3 [ 63.169193][ T1846] EXT4-fs (loop2): Ignoring removed nobh option [ 63.175825][ T1846] EXT4-fs (loop2): Ignoring removed bh option [ 63.180530][ T1848] EXT4-fs (loop3): Ignoring removed nobh option [ 63.182888][ T1846] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 63.201759][ T1848] EXT4-fs (loop3): Ignoring removed bh option [ 63.203745][ T1847] EXT4-fs (loop1): Ignoring removed nobh option [pid 1840] chdir("./file1") = 0 [pid 1840] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1846] <... mount resumed>) = 0 [pid 1846] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1846] chdir("./file1") = 0 [ 63.208349][ T1848] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 63.214617][ T1847] EXT4-fs (loop1): Ignoring removed bh option [ 63.228609][ T1846] EXT4-fs mount: 162 callbacks suppressed [ 63.228625][ T1846] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [pid 1846] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1850] <... close resumed>) = 0 [pid 1848] <... mount resumed>) = 0 [pid 1850] mkdir("./file1", 0777) = 0 [pid 1850] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1848] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1848] chdir("./file1") = 0 [ 63.232366][ T1847] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 63.241302][ T1848] EXT4-fs (loop3): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [pid 1848] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1847] <... mount resumed>) = 0 [pid 1847] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1847] chdir("./file1") = 0 [pid 1847] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1848] <... openat resumed>) = 4 [pid 1846] <... openat resumed>) = 4 [pid 1840] <... openat resumed>) = 4 [pid 1847] <... openat resumed>) = 4 [pid 1846] ioctl(4, LOOP_CLR_FD [pid 1840] ioctl(4, LOOP_CLR_FD [pid 1847] ioctl(4, LOOP_CLR_FD [ 63.266394][ T1847] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [pid 1848] ioctl(4, LOOP_CLR_FD) = 0 [pid 1846] <... ioctl resumed>) = 0 [pid 1840] <... ioctl resumed>) = 0 [pid 1848] close(4 [pid 1846] close(4 [pid 1840] close(4 [pid 1848] <... close resumed>) = 0 [pid 1846] <... close resumed>) = 0 [pid 1840] <... close resumed>) = 0 [pid 1848] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1846] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1840] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1848] <... futex resumed>) = 1 [pid 1846] <... futex resumed>) = 1 [pid 1843] <... futex resumed>) = 0 [pid 1842] <... futex resumed>) = 0 [pid 1840] <... futex resumed>) = 1 [pid 1839] <... futex resumed>) = 0 [pid 1848] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1846] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1843] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1842] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1840] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1839] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1848] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1843] <... futex resumed>) = 0 [pid 1842] <... futex resumed>) = 0 [pid 1840] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1839] <... futex resumed>) = 0 [pid 1848] openat(AT_FDCWD, "./file1", O_RDWR [pid 1846] openat(AT_FDCWD, "./file1", O_RDWR [pid 1843] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1842] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1840] openat(AT_FDCWD, "./file1", O_RDWR [pid 1839] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1848] <... openat resumed>) = 4 [pid 1846] <... openat resumed>) = 4 [pid 1840] <... openat resumed>) = 4 [pid 1848] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1846] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1840] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1848] <... futex resumed>) = 1 [pid 1846] <... futex resumed>) = 1 [pid 1843] <... futex resumed>) = 0 [pid 1842] <... futex resumed>) = 0 [pid 1840] <... futex resumed>) = 1 [pid 1839] <... futex resumed>) = 0 [pid 1848] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1846] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1843] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1842] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1840] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1839] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1848] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1843] <... futex resumed>) = 0 [pid 1842] <... futex resumed>) = 0 [pid 1840] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1839] <... futex resumed>) = 0 [pid 1848] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1846] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1843] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1842] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1840] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1839] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1840] <... pwrite64 resumed>) = 87490 [pid 1840] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1839] <... futex resumed>) = 0 [pid 1840] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1839] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1840] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1839] <... futex resumed>) = 0 [pid 1840] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1839] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1840] <... openat resumed>) = 5 [pid 1840] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1839] <... futex resumed>) = 0 [pid 1840] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1839] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1840] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1839] <... futex resumed>) = 0 [pid 1840] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1839] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1848] <... pwrite64 resumed>) = 87490 [pid 1846] <... pwrite64 resumed>) = 87490 [pid 1848] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1846] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1848] <... futex resumed>) = 1 [pid 1846] <... futex resumed>) = 1 [pid 1843] <... futex resumed>) = 0 [pid 1842] <... futex resumed>) = 0 [pid 1848] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1846] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1843] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1842] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1848] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1843] <... futex resumed>) = 0 [pid 1842] <... futex resumed>) = 0 [pid 1848] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1847] <... ioctl resumed>) = 0 [pid 1846] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1843] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1842] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1848] <... openat resumed>) = 5 [pid 1847] close(4 [pid 1846] <... openat resumed>) = 5 [pid 1848] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1847] <... close resumed>) = 0 [pid 1846] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1848] <... futex resumed>) = 1 [pid 1847] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1846] <... futex resumed>) = 1 [pid 1843] <... futex resumed>) = 0 [pid 1842] <... futex resumed>) = 0 [pid 1848] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1847] <... futex resumed>) = 1 [pid 1846] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1844] <... futex resumed>) = 0 [pid 1843] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1842] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1848] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1847] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1844] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1843] <... futex resumed>) = 0 [pid 1842] <... futex resumed>) = 0 [ 63.374499][ T1850] EXT4-fs (loop4): Ignoring removed nobh option [ 63.389791][ T1840] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 63.397913][ T1850] EXT4-fs (loop4): Ignoring removed bh option [pid 1848] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1847] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1846] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1844] <... futex resumed>) = 0 [pid 1843] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1842] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1840] <... pwrite64 resumed>) = 176128 [pid 1840] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1840] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1847] openat(AT_FDCWD, "./file1", O_RDWR) = 4 [pid 1847] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1847] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1844] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1839] <... futex resumed>) = 0 [pid 1848] <... pwrite64 resumed>) = 176128 [pid 1844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1839] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1848] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1848] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1844] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1847] <... futex resumed>) = 0 [pid 1844] <... futex resumed>) = 1 [pid 1847] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1844] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1847] <... pwrite64 resumed>) = 87490 [pid 1847] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1844] <... futex resumed>) = 0 [pid 1844] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1844] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1847] <... futex resumed>) = 1 [pid 1847] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1847] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1844] <... futex resumed>) = 0 [pid 1844] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1844] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1847] <... futex resumed>) = 1 [pid 1847] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1843] <... futex resumed>) = 0 [pid 1840] <... futex resumed>) = 0 [pid 1839] <... futex resumed>) = 1 [pid 1843] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1840] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1839] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1848] <... futex resumed>) = 0 [pid 1843] <... futex resumed>) = 1 [ 63.416397][ T1850] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 63.420836][ T1848] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 63.444590][ T1846] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 63.455722][ T1847] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1848] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1847] <... pwrite64 resumed>) = 176128 [pid 1846] <... pwrite64 resumed>) = 176128 [pid 1843] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1847] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1846] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1847] <... futex resumed>) = 1 [pid 1846] <... futex resumed>) = 1 [pid 1842] <... futex resumed>) = 0 [pid 1847] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1846] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1842] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1844] <... futex resumed>) = 0 [pid 1842] <... futex resumed>) = 0 [pid 1842] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1840] <... pwrite64 resumed>) = 176128 [pid 1840] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1840] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1844] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1847] <... futex resumed>) = 0 [pid 1844] <... futex resumed>) = 1 [ 63.460693][ T1840] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 63.474132][ T1848] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 63.489892][ T1846] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1847] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1844] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1850] <... mount resumed>) = 0 [pid 1843] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1839] <... futex resumed>) = 0 [pid 1843] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1839] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1843] <... futex resumed>) = 0 [pid 1839] <... futex resumed>) = 1 [pid 1843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1839] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1843] <... mmap resumed>) = 0x7f8965377000 [pid 1843] mprotect(0x7f8965378000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1843] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1843] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8965397990, parent_tid=0x7f8965397990, exit_signal=0, stack=0x7f8965377000, stack_size=0x20300, tls=0x7f89653976c0} => {parent_tid=[1864]}, 88) = 1864 [pid 1843] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1843] futex(0x7f89654836d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1843] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1850] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1850] chdir("./file1") = 0 [pid 1850] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 1850] ioctl(4, LOOP_CLR_FD) = 0 [pid 1850] close(4 [pid 1848] <... pwrite64 resumed>) = 176128 [pid 1840] <... futex resumed>) = 0 [pid 1848] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1840] truncate("./file1", 1 [pid 1848] <... futex resumed>) = 0 [pid 1840] <... truncate resumed>) = 0 [pid 1848] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 1864 attached [pid 1850] <... close resumed>) = 0 [pid 1846] <... pwrite64 resumed>) = 176128 [pid 1840] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1864] set_robust_list(0x7f89653979a0, 24 [pid 1850] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1846] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1864] <... set_robust_list resumed>) = 0 [pid 1850] <... futex resumed>) = 1 [pid 1847] <... pwrite64 resumed>) = 176128 [pid 1846] <... futex resumed>) = 1 [pid 1845] <... futex resumed>) = 0 [pid 1842] <... futex resumed>) = 0 [pid 1840] <... futex resumed>) = 1 [pid 1839] <... futex resumed>) = 0 [pid 1864] rt_sigprocmask(SIG_SETMASK, [], [pid 1850] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1846] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1845] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1842] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1840] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1839] exit_group(0 [pid 1864] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1850] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1845] <... futex resumed>) = 0 [pid 1842] <... futex resumed>) = 0 [pid 1840] <... futex resumed>) = ? [pid 1839] <... exit_group resumed>) = ? [pid 1864] truncate("./file1", 1 [pid 1850] openat(AT_FDCWD, "./file1", O_RDWR [pid 1846] truncate("./file1", 1 [pid 1845] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1842] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1847] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1844] <... futex resumed>) = 0 [pid 1844] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1844] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1847] <... futex resumed>) = 1 [pid 1840] +++ exited with 0 +++ [pid 1839] +++ exited with 0 +++ [pid 1847] truncate("./file1", 1 [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1839, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- [pid 1864] <... truncate resumed>) = 0 [pid 1847] <... truncate resumed>) = 0 [pid 283] restart_syscall(<... resuming interrupted clone ...> [pid 1847] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1844] <... futex resumed>) = 0 [pid 1844] exit_group(0) = ? [pid 1847] <... futex resumed>) = ? [pid 1847] +++ exited with 0 +++ [pid 1844] +++ exited with 0 +++ [pid 1850] <... openat resumed>) = 4 [pid 1850] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1850] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1864] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1843] <... futex resumed>) = 0 [pid 1843] exit_group(0) = ? [pid 1864] <... futex resumed>) = ? [pid 1864] +++ exited with 0 +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1844, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- [pid 284] restart_syscall(<... resuming interrupted clone ...> [pid 1845] <... futex resumed>) = 0 [pid 1845] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1850] <... futex resumed>) = 0 [pid 1845] <... futex resumed>) = 1 [pid 1850] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1845] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1846] <... truncate resumed>) = 0 [pid 1848] <... futex resumed>) = ? [pid 1846] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1848] +++ exited with 0 +++ [pid 1846] <... futex resumed>) = 1 [pid 1843] +++ exited with 0 +++ [pid 1842] <... futex resumed>) = 0 [pid 1842] exit_group(0) = ? [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1843, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- [pid 286] restart_syscall(<... resuming interrupted clone ...> [pid 1846] +++ exited with 0 +++ [pid 1842] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1842, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 285] restart_syscall(<... resuming interrupted clone ...> [pid 286] <... restart_syscall resumed>) = 0 [pid 283] <... restart_syscall resumed>) = 0 [pid 284] <... restart_syscall resumed>) = 0 [pid 285] <... restart_syscall resumed>) = 0 [pid 284] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 283] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 284] <... openat resumed>) = 3 [pid 283] <... openat resumed>) = 3 [pid 284] newfstatat(3, "", [pid 283] newfstatat(3, "", [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1850] <... pwrite64 resumed>) = 87490 [pid 284] getdents64(3, [pid 283] getdents64(3, [pid 1850] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1845] <... futex resumed>) = 0 [pid 1845] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1845] <... futex resumed>) = 0 [pid 1845] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1850] <... futex resumed>) = 1 [pid 1850] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 285] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 286] <... openat resumed>) = 3 [pid 285] <... openat resumed>) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] newfstatat(3, "", [pid 286] getdents64(3, [pid 1850] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1845] <... futex resumed>) = 0 [pid 1845] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1845] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1850] <... futex resumed>) = 1 [pid 1850] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, [pid 286] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 63.502559][ T1850] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 63.519109][ T1847] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 286] umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1850] <... pwrite64 resumed>) = 176128 [pid 1850] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1850] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1845] <... futex resumed>) = 0 [pid 1845] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1845] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1850] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1850] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 283] <... umount2 resumed>) = 0 [pid 283] umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./59/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./59/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] close(4) = 0 [pid 283] rmdir("./59/file1") = 0 [pid 283] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] unlink("./59/binderfs") = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] close(3) = 0 [pid 283] rmdir("./59") = 0 [pid 283] mkdir("./60", 0777) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1850] <... pwrite64 resumed>) = 176128 [pid 1850] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1845] <... futex resumed>) = 0 [pid 1845] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1850] truncate("./file1", 1 [pid 1845] <... futex resumed>) = 0 [pid 1845] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1850] <... truncate resumed>) = 0 [pid 1850] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1845] <... futex resumed>) = 0 [pid 1845] exit_group(0) = ? [pid 1850] +++ exited with 0 +++ [pid 1845] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1845, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 63.579364][ T1850] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 63.599905][ T1850] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 287] umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 283] <... openat resumed>) = 3 [pid 283] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 283] close(3) = 0 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1865 ./strace-static-x86_64: Process 1865 attached [pid 1865] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1865] chdir("./60") = 0 [pid 1865] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1865] setpgid(0, 0 [pid 284] <... umount2 resumed>) = 0 [pid 1865] <... setpgid resumed>) = 0 [pid 1865] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1865] write(3, "1000", 4) = 4 [pid 1865] close(3) = 0 [pid 1865] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1865] write(1, "executing program\n", 18) = 18 [pid 1865] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1865] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1865] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1865] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1865] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1865] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1865] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1866]}, 88) = 1866 [pid 1865] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1865] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1865] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1866 attached [pid 284] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1866] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1866] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1866] memfd_create("syzkaller", 0) = 3 [pid 1866] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./61/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 284] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] close(4) = 0 [pid 284] rmdir("./61/file1") = 0 [pid 284] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1866] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 286] <... umount2 resumed>) = 0 [pid 285] <... umount2 resumed>) = 0 [pid 1866] <... write resumed>) = 524288 [pid 1866] munmap(0x7f895cf98000, 138412032) = 0 [pid 1866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1866] ioctl(4, LOOP_SET_FD, 3 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./59/file1", [pid 286] newfstatat(AT_FDCWD, "./62/file1", [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./59/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 286] openat(AT_FDCWD, "./62/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 284] unlink("./61/binderfs" [pid 286] <... openat resumed>) = 4 [pid 285] <... openat resumed>) = 4 [pid 284] <... unlink resumed>) = 0 [pid 286] newfstatat(4, "", [pid 285] newfstatat(4, "", [pid 284] getdents64(3, [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, [pid 284] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] close(3 [pid 286] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] getdents64(4, [pid 286] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] <... close resumed>) = 0 [pid 286] close(4 [pid 285] getdents64(4, [pid 286] <... close resumed>) = 0 [pid 285] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] rmdir("./61" [pid 286] rmdir("./62/file1" [pid 285] close(4 [pid 284] <... rmdir resumed>) = 0 [pid 286] <... rmdir resumed>) = 0 [pid 285] <... close resumed>) = 0 [pid 286] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] rmdir("./59/file1" [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] mkdir("./62", 0777 [pid 286] newfstatat(AT_FDCWD, "./62/binderfs", [pid 285] <... rmdir resumed>) = 0 [pid 284] <... mkdir resumed>) = 0 [pid 286] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] unlink("./62/binderfs" [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 286] <... unlink resumed>) = 0 [pid 285] newfstatat(AT_FDCWD, "./59/binderfs", [pid 286] getdents64(3, [pid 285] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] unlink("./59/binderfs" [pid 286] close(3 [pid 1866] <... ioctl resumed>) = 0 [pid 286] <... close resumed>) = 0 [pid 285] <... unlink resumed>) = 0 [pid 286] rmdir("./62" [pid 285] getdents64(3, [pid 286] <... rmdir resumed>) = 0 [pid 285] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] mkdir("./63", 0777 [pid 285] close(3 [pid 286] <... mkdir resumed>) = 0 [pid 285] <... close resumed>) = 0 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 285] rmdir("./59") = 0 [pid 285] mkdir("./60", 0777 [pid 1866] close(3 [pid 285] <... mkdir resumed>) = 0 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1866] <... close resumed>) = 0 [pid 1866] close(4 [pid 287] <... umount2 resumed>) = 0 [pid 286] <... openat resumed>) = 3 [pid 285] <... openat resumed>) = 3 [pid 284] <... openat resumed>) = 3 [pid 1866] <... close resumed>) = 0 [pid 286] ioctl(3, LOOP_CLR_FD [pid 285] ioctl(3, LOOP_CLR_FD [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 285] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 284] ioctl(3, LOOP_CLR_FD [pid 286] close(3 [pid 285] close(3 [pid 1866] mkdir("./file1", 0777 [pid 287] umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] <... close resumed>) = 0 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1868 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./59/file1", ./strace-static-x86_64: Process 1868 attached [pid 1866] <... mkdir resumed>) = 0 [pid 1866] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1868] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1868] chdir("./63" [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1868] <... chdir resumed>) = 0 [pid 287] umount2("./59/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1868] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1868] setpgid(0, 0 [pid 287] openat(AT_FDCWD, "./59/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 1868] <... setpgid resumed>) = 0 [pid 1868] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 287] newfstatat(4, "", [pid 1868] <... openat resumed>) = 3 [pid 1868] write(3, "1000", 4) = 4 [pid 1868] close(3) = 0 [pid 1868] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1868] write(1, "executing program\n", 18) = 18 [pid 287] getdents64(4, [pid 1868] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1868] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1868] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1868] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 287] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 1868] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 287] getdents64(4, [pid 1868] <... mprotect resumed>) = 0 [pid 287] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 1868] rt_sigprocmask(SIG_BLOCK, ~[], [pid 287] close(4 [pid 1868] <... rt_sigprocmask resumed>[], 8) = 0 [pid 287] <... close resumed>) = 0 [pid 1868] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 287] rmdir("./59/file1"./strace-static-x86_64: Process 1869 attached [pid 1868] <... clone3 resumed> => {parent_tid=[1869]}, 88) = 1869 [pid 1869] set_robust_list(0x7f89653b89a0, 24 [pid 1868] rt_sigprocmask(SIG_SETMASK, [], [pid 287] <... rmdir resumed>) = 0 [pid 1868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1868] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1868] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1869] <... set_robust_list resumed>) = 0 [pid 1869] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1869] memfd_create("syzkaller", 0) = 3 [pid 1869] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 287] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./59/binderfs") = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] close(3 [pid 1869] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 287] <... close resumed>) = 0 [pid 287] rmdir("./59") = 0 [pid 287] mkdir("./60", 0777 [pid 1869] <... write resumed>) = 524288 [pid 1869] munmap(0x7f895cf98000, 138412032) = 0 [pid 1869] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 287] <... mkdir resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1869] <... openat resumed>) = 4 [pid 285] <... close resumed>) = 0 [pid 284] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1869] ioctl(4, LOOP_SET_FD, 3 [pid 287] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1871 [pid 284] close(3 [pid 1869] <... ioctl resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 284] <... close resumed>) = 0 [pid 1869] close(3 [pid 287] close(3 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 1871 attached [pid 1869] <... close resumed>) = 0 [pid 287] <... close resumed>) = 0 [pid 1869] close(4 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 284] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1872 [pid 1869] <... close resumed>) = 0 [pid 1869] mkdir("./file1", 0777 [pid 287] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1873 [pid 1869] <... mkdir resumed>) = 0 [pid 1869] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"..../strace-static-x86_64: Process 1873 attached ./strace-static-x86_64: Process 1872 attached [pid 1871] set_robust_list(0x55557fe8a6a0, 24 [pid 1873] set_robust_list(0x55557fe8a6a0, 24 [pid 1872] set_robust_list(0x55557fe8a6a0, 24 [pid 1871] <... set_robust_list resumed>) = 0 [pid 1873] <... set_robust_list resumed>) = 0 [pid 1872] <... set_robust_list resumed>) = 0 [pid 1871] chdir("./60" [pid 1873] chdir("./60" [pid 1872] chdir("./62" [pid 1871] <... chdir resumed>) = 0 [pid 1873] <... chdir resumed>) = 0 [pid 1872] <... chdir resumed>) = 0 [pid 1873] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1872] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1871] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1873] <... prctl resumed>) = 0 [pid 1872] <... prctl resumed>) = 0 [pid 1871] <... prctl resumed>) = 0 [pid 1871] setpgid(0, 0) = 0 [pid 1871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1871] write(3, "1000", 4) = 4 [pid 1871] close(3) = 0 [pid 1871] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 1871] write(1, "executing program\n", 18) = 18 [pid 1871] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1871] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1871] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1871] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1871] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1873] setpgid(0, 0 [pid 1871] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1873] <... setpgid resumed>) = 0 [pid 1872] setpgid(0, 0 [pid 1871] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1875]}, 88) = 1875 [pid 1871] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1871] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1871] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1875 attached [pid 1875] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1875] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1875] memfd_create("syzkaller", 0) = 3 [pid 1875] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1875] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1873] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1872] <... setpgid resumed>) = 0 [pid 1873] <... openat resumed>) = 3 [pid 1872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1873] write(3, "1000", 4) = 4 [pid 1872] <... openat resumed>) = 3 [pid 1875] <... write resumed>) = 524288 [pid 1875] munmap(0x7f895cf98000, 138412032) = 0 [pid 1875] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 1875] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1875] close(3) = 0 [pid 1875] close(4) = 0 [pid 1875] mkdir("./file1", 0777) = 0 [pid 1875] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1873] close(3 [pid 1872] write(3, "1000", 4 [pid 1873] <... close resumed>) = 0 [pid 1872] <... write resumed>) = 4 [pid 1873] symlink("/dev/binderfs", "./binderfs" [ 63.788152][ T1866] EXT4-fs (loop0): Ignoring removed nobh option [ 63.794444][ T1866] EXT4-fs (loop0): Ignoring removed bh option [ 63.800781][ T1866] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 63.814469][ T1869] EXT4-fs (loop3): Ignoring removed nobh option [ 63.821150][ T1869] EXT4-fs (loop3): Ignoring removed bh option [pid 1872] close(3 [pid 1873] <... symlink resumed>) = 0 [pid 1872] <... close resumed>) = 0 executing program [pid 1873] write(1, "executing program\n", 18 [pid 1872] symlink("/dev/binderfs", "./binderfs" [pid 1873] <... write resumed>) = 18 [pid 1872] <... symlink resumed>) = 0 [pid 1873] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1872] write(1, "executing program\n", 18executing program [pid 1873] <... futex resumed>) = 0 [pid 1872] <... write resumed>) = 18 [pid 1873] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1872] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1873] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1872] <... futex resumed>) = 0 [pid 1873] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1872] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1873] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1872] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1866] <... mount resumed>) = 0 [pid 1873] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1872] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1873] <... mmap resumed>) = 0x7f8965398000 [pid 1872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1873] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 1872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1873] <... mprotect resumed>) = 0 [pid 1872] <... mmap resumed>) = 0x7f8965398000 [pid 1873] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1872] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 1873] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1872] <... mprotect resumed>) = 0 [pid 1873] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1872] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1873] <... clone3 resumed> => {parent_tid=[1878]}, 88) = 1878 [pid 1872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1873] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1872] <... clone3 resumed> => {parent_tid=[1879]}, 88) = 1879 [pid 1873] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1872] rt_sigprocmask(SIG_SETMASK, [], [pid 1873] <... futex resumed>) = 0 [pid 1872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1873] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1872] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1872] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1866] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1866] chdir("./file1") = 0 [pid 1866] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1866] ioctl(4, LOOP_CLR_FD) = 0 [pid 1866] close(4./strace-static-x86_64: Process 1879 attached ./strace-static-x86_64: Process 1878 attached ) = 0 [pid 1866] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1865] <... futex resumed>) = 0 [pid 1865] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1865] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1866] <... futex resumed>) = 1 [pid 1866] openat(AT_FDCWD, "./file1", O_RDWR) = 4 [pid 1866] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1865] <... futex resumed>) = 0 [pid 1865] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1865] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1866] <... futex resumed>) = 1 [pid 1866] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900) = 87490 [pid 1866] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1865] <... futex resumed>) = 0 [pid 1865] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1865] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1866] <... futex resumed>) = 1 [pid 1866] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1866] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1865] <... futex resumed>) = 0 [pid 1865] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1865] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1866] <... futex resumed>) = 1 [ 63.828158][ T1869] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 63.845947][ T1866] EXT4-fs (loop0): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 63.846886][ T1875] EXT4-fs (loop2): Ignoring removed nobh option [ 63.876916][ T1875] EXT4-fs (loop2): Ignoring removed bh option [pid 1866] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1879] set_robust_list(0x7f89653b89a0, 24 [pid 1878] set_robust_list(0x7f89653b89a0, 24 [pid 1879] <... set_robust_list resumed>) = 0 [pid 1879] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1879] memfd_create("syzkaller", 0) = 3 [pid 1879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1879] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1879] munmap(0x7f895cf98000, 138412032) = 0 [pid 1879] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1879] ioctl(4, LOOP_SET_FD, 3 [pid 1878] <... set_robust_list resumed>) = 0 [pid 1878] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1878] memfd_create("syzkaller", 0) = 3 [pid 1878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1878] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1878] munmap(0x7f895cf98000, 138412032) = 0 [pid 1878] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1879] <... ioctl resumed>) = 0 [pid 1878] <... openat resumed>) = 4 [pid 1866] <... pwrite64 resumed>) = 176128 [pid 1879] close(3 [pid 1878] ioctl(4, LOOP_SET_FD, 3 [pid 1879] <... close resumed>) = 0 [pid 1879] close(4 [pid 1878] <... ioctl resumed>) = 0 [pid 1865] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1866] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1878] close(3 [pid 1869] <... mount resumed>) = 0 [pid 1866] <... futex resumed>) = 0 [ 63.895073][ T1875] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 63.895617][ T1866] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 63.919763][ T1869] EXT4-fs (loop3): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [pid 1865] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1878] <... close resumed>) = 0 [pid 1866] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1865] <... futex resumed>) = 0 [pid 1878] close(4 [pid 1865] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1875] <... mount resumed>) = 0 [pid 1869] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1875] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1869] chdir("./file1" [pid 1875] <... openat resumed>) = 3 [pid 1869] <... chdir resumed>) = 0 [pid 1869] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1875] chdir("./file1") = 0 [pid 1875] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1866] <... pwrite64 resumed>) = 176128 [pid 1866] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1865] <... futex resumed>) = 0 [pid 1865] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1865] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1866] <... futex resumed>) = 1 [pid 1866] truncate("./file1", 1) = 0 [pid 1866] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1866] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1865] <... futex resumed>) = 0 [pid 1865] exit_group(0) = ? [pid 1866] <... futex resumed>) = ? [pid 1866] +++ exited with 0 +++ [pid 1865] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1865, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 283] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 283] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1879] <... close resumed>) = 0 [pid 1879] mkdir("./file1", 0777) = 0 [ 63.947571][ T1875] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 63.947643][ T1866] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1879] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1878] <... close resumed>) = 0 [pid 1869] <... openat resumed>) = 4 [pid 1878] mkdir("./file1", 0777 [pid 1875] <... openat resumed>) = 4 [pid 1875] ioctl(4, LOOP_CLR_FD [pid 1878] <... mkdir resumed>) = 0 [pid 1869] ioctl(4, LOOP_CLR_FD [pid 1878] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1875] <... ioctl resumed>) = 0 [pid 1875] close(4) = 0 [pid 1875] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1871] <... futex resumed>) = 0 [pid 1875] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 283] <... umount2 resumed>) = 0 [pid 283] umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./60/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1871] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./60/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] close(4) = 0 [pid 283] rmdir("./60/file1") = 0 [pid 283] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] unlink("./60/binderfs") = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] close(3) = 0 [pid 283] rmdir("./60") = 0 [pid 283] mkdir("./61", 0777) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 283] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 283] close(3) = 0 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1886 ./strace-static-x86_64: Process 1886 attached [pid 1886] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1886] chdir("./61" [pid 1875] <... futex resumed>) = 0 [pid 1871] <... futex resumed>) = 1 [pid 1875] openat(AT_FDCWD, "./file1", O_RDWR [pid 1871] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1886] <... chdir resumed>) = 0 [pid 1875] <... openat resumed>) = 4 [pid 1886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1875] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1886] setpgid(0, 0) = 0 [pid 1886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1886] write(3, "1000", 4) = 4 [pid 1886] close(3) = 0 [pid 1886] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1886] write(1, "executing program\n", 18executing program ) = 18 [pid 1886] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1886] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1886] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1869] <... ioctl resumed>) = 0 [pid 1869] close(4) = 0 [pid 1869] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1868] <... futex resumed>) = 0 [pid 1868] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1868] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1869] <... futex resumed>) = 1 [pid 1869] openat(AT_FDCWD, "./file1", O_RDWR) = 4 [pid 1869] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1868] <... futex resumed>) = 0 [pid 1868] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1868] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1869] <... futex resumed>) = 1 [pid 1869] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900) = 87490 [pid 1886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1886] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1886] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1886] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1887]}, 88) = 1887 [pid 1886] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1886] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1886] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1875] <... futex resumed>) = 1 [pid 1871] <... futex resumed>) = 0 [pid 1875] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1871] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1869] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1868] <... futex resumed>) = 0 [pid 1868] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1868] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1869] <... futex resumed>) = 1 [pid 1869] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1869] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1868] <... futex resumed>) = 0 [pid 1868] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1868] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1869] <... futex resumed>) = 1 [pid 1869] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1875] <... pwrite64 resumed>) = 87490 [pid 1871] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1875] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1871] <... futex resumed>) = 0 [pid 1871] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1875] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1871] <... futex resumed>) = 0 [pid 1871] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1875] <... openat resumed>) = 5 [pid 1875] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1871] <... futex resumed>) = 0 [ 64.113677][ T1878] EXT4-fs (loop4): Ignoring removed nobh option [ 64.125477][ T1879] EXT4-fs (loop1): Ignoring removed nobh option [ 64.131035][ T1878] EXT4-fs (loop4): Ignoring removed bh option [ 64.147413][ T1869] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata ./strace-static-x86_64: Process 1887 attached [pid 1875] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1871] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1887] set_robust_list(0x7f89653b89a0, 24 [pid 1875] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1871] <... futex resumed>) = 0 [pid 1887] <... set_robust_list resumed>) = 0 [pid 1875] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1871] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1887] rt_sigprocmask(SIG_SETMASK, [], [pid 1869] <... pwrite64 resumed>) = 176128 [pid 1869] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1868] <... futex resumed>) = 0 [pid 1868] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1868] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1869] <... futex resumed>) = 1 [pid 1869] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1887] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1869] <... pwrite64 resumed>) = 176128 [pid 1869] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1868] <... futex resumed>) = 0 [pid 1868] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1868] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1869] <... futex resumed>) = 1 [pid 1869] truncate("./file1", 1) = 0 [pid 1869] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1868] <... futex resumed>) = 0 [pid 1868] exit_group(0) = ? [pid 1869] <... futex resumed>) = ? [pid 1869] +++ exited with 0 +++ [pid 1868] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1868, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [ 64.155106][ T1879] EXT4-fs (loop1): Ignoring removed bh option [ 64.162358][ T1878] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 64.182589][ T1869] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 64.189031][ T1875] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 286] restart_syscall(<... resuming interrupted clone ...> [pid 1887] memfd_create("syzkaller", 0 [pid 1875] <... pwrite64 resumed>) = 176128 [pid 286] <... restart_syscall resumed>) = 0 [pid 1887] <... memfd_create resumed>) = 3 [pid 1887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 286] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1887] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 286] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1887] <... write resumed>) = 524288 [pid 1887] munmap(0x7f895cf98000, 138412032) = 0 [pid 1887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1887] ioctl(4, LOOP_SET_FD, 3 [pid 1875] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1871] <... futex resumed>) = 0 [pid 1871] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1871] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1875] <... futex resumed>) = 1 [pid 1875] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1887] <... ioctl resumed>) = 0 [pid 1887] close(3) = 0 [pid 1887] close(4) = 0 [pid 1887] mkdir("./file1", 0777) = 0 [pid 1887] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1875] <... pwrite64 resumed>) = 176128 [pid 1875] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1871] <... futex resumed>) = 0 [pid 1871] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1871] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1875] <... futex resumed>) = 1 [pid 1875] truncate("./file1", 1) = 0 [pid 1875] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1871] <... futex resumed>) = 0 [pid 1871] exit_group(0) = ? [pid 1875] <... futex resumed>) = ? [ 64.202815][ T1879] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 64.219709][ T1875] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 64.241043][ T1887] EXT4-fs (loop0): Ignoring removed nobh option [ 64.248673][ T1887] EXT4-fs (loop0): Ignoring removed bh option [pid 1875] +++ exited with 0 +++ [pid 1871] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1871, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 285] restart_syscall(<... resuming interrupted clone ...> [pid 1878] <... mount resumed>) = 0 [pid 285] <... restart_syscall resumed>) = 0 [pid 1878] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1878] chdir("./file1") = 0 [pid 1878] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 285] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 64.256793][ T1878] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 64.257013][ T1887] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 285] umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1879] <... mount resumed>) = 0 [pid 1879] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1879] chdir("./file1") = 0 [pid 1879] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1887] <... mount resumed>) = 0 [pid 1887] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1887] chdir("./file1") = 0 [pid 1887] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1878] <... openat resumed>) = 4 [pid 286] <... umount2 resumed>) = 0 [pid 1878] ioctl(4, LOOP_CLR_FD) = 0 [pid 1878] close(4) = 0 [pid 1878] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1873] <... futex resumed>) = 0 [pid 1878] openat(AT_FDCWD, "./file1", O_RDWR [pid 1873] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1873] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1878] <... openat resumed>) = 4 [pid 1878] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1873] <... futex resumed>) = 0 [pid 1878] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1873] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1879] <... openat resumed>) = 4 [pid 1873] <... futex resumed>) = 0 [pid 286] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1873] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./63/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1879] ioctl(4, LOOP_CLR_FD [pid 286] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 286] getdents64(4, [pid 1878] <... pwrite64 resumed>) = 87490 [pid 286] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] close(4) = 0 [pid 286] rmdir("./63/file1") = 0 [pid 286] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./63/binderfs") = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] close(3) = 0 [pid 286] rmdir("./63" [pid 1878] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... rmdir resumed>) = 0 [pid 286] mkdir("./64", 0777 [pid 1878] <... futex resumed>) = 1 [pid 1873] <... futex resumed>) = 0 [pid 1873] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1873] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] <... mkdir resumed>) = 0 [pid 1878] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1878] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1873] <... futex resumed>) = 0 [pid 1878] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1873] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1878] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1873] <... futex resumed>) = 0 [pid 1878] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [ 64.281988][ T1879] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 64.325966][ T1887] EXT4-fs (loop0): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [pid 1873] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1878] <... pwrite64 resumed>) = 176128 [pid 1878] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1873] <... futex resumed>) = 0 [pid 1873] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1873] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1878] <... futex resumed>) = 1 [pid 1878] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1878] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1873] <... futex resumed>) = 0 [pid 1873] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1887] <... openat resumed>) = 4 [pid 1879] <... ioctl resumed>) = 0 [pid 1873] <... futex resumed>) = 0 [pid 1873] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] <... openat resumed>) = 3 [pid 1887] ioctl(4, LOOP_CLR_FD [pid 1879] close(4 [pid 1878] <... futex resumed>) = 1 [pid 1878] truncate("./file1", 1 [pid 285] <... umount2 resumed>) = 0 [pid 1879] <... close resumed>) = 0 [pid 286] ioctl(3, LOOP_CLR_FD [pid 1887] <... ioctl resumed>) = 0 [pid 1878] <... truncate resumed>) = 0 [pid 1878] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1873] <... futex resumed>) = 0 [pid 1873] exit_group(0) = ? [pid 1878] <... futex resumed>) = ? [pid 1887] close(4 [pid 1879] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1878] +++ exited with 0 +++ [pid 1873] +++ exited with 0 +++ [pid 285] umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./60/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./60/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 285] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] close(4) = 0 [pid 285] rmdir("./60/file1") = 0 [pid 285] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] unlink("./60/binderfs") = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] close(3) = 0 [pid 285] rmdir("./60" [pid 1887] <... close resumed>) = 0 [pid 1879] <... futex resumed>) = 1 [pid 1872] <... futex resumed>) = 0 [pid 286] close(3 [pid 1887] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1879] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1872] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1873, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 1879] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1887] <... futex resumed>) = 1 [pid 1872] <... futex resumed>) = 0 [pid 286] <... close resumed>) = 0 [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 1887] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1879] openat(AT_FDCWD, "./file1", O_RDWR [pid 1872] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1886] <... futex resumed>) = 0 [pid 1886] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1886] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1887] <... futex resumed>) = 0 [pid 1887] openat(AT_FDCWD, "./file1", O_RDWR [pid 285] <... rmdir resumed>) = 0 [pid 1879] <... openat resumed>) = 4 [pid 285] mkdir("./61", 0777 [pid 1887] <... openat resumed>) = 4 [pid 1879] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1887] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1895 [pid 1879] <... futex resumed>) = 1 [pid 1887] <... futex resumed>) = 1 [pid 1886] <... futex resumed>) = 0 [pid 1872] <... futex resumed>) = 0 [pid 1887] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1886] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1879] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1872] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1887] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1886] <... futex resumed>) = 0 [pid 1879] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1872] <... futex resumed>) = 0 [pid 1887] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1886] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1879] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1872] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] <... mkdir resumed>) = 0 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 285] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 285] close(3) = 0 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1896 ./strace-static-x86_64: Process 1895 attached [pid 1895] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1895] chdir("./64") = 0 [pid 1895] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1895] setpgid(0, 0 [pid 287] <... restart_syscall resumed>) = 0 [pid 1879] <... pwrite64 resumed>) = 87490 [pid 287] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 1879] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1879] <... futex resumed>) = 1 [pid 1872] <... futex resumed>) = 0 [pid 1872] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1879] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1872] <... futex resumed>) = 0 [pid 1872] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1879] <... openat resumed>) = 5 [pid 1879] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1872] <... futex resumed>) = 0 [pid 1872] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1879] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1872] <... futex resumed>) = 0 [pid 1872] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1896 attached [pid 1896] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1896] chdir("./61") = 0 [pid 1896] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1896] setpgid(0, 0) = 0 [pid 1896] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1896] write(3, "1000", 4) = 4 [pid 1896] close(3) = 0 [pid 1896] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1896] write(1, "executing program\n", 18executing program ) = 18 [pid 1896] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1896] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1896] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1896] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1896] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1896] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1896] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1897]}, 88) = 1897 [pid 1896] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1896] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 64.370994][ T1878] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 64.386738][ T1878] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1896] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1897 attached [pid 1897] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1897] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1897] memfd_create("syzkaller", 0) = 3 [pid 1897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1897] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1897] munmap(0x7f895cf98000, 138412032) = 0 [pid 1897] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1895] <... setpgid resumed>) = 0 [pid 1895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1895] write(3, "1000", 4) = 4 [pid 1895] close(3) = 0 [pid 1895] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1895] write(1, "executing program\n", 18executing program ) = 18 [pid 1895] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1895] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1895] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1895] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1895] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1895] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1895] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1898]}, 88) = 1898 [pid 1895] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1895] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1895] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1898 attached [pid 1898] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1898] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1898] memfd_create("syzkaller", 0) = 3 [pid 1898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1898] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1887] <... pwrite64 resumed>) = 87490 [pid 1887] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1898] <... write resumed>) = 524288 [pid 1898] munmap(0x7f895cf98000, 138412032 [pid 1887] <... futex resumed>) = 1 [pid 1886] <... futex resumed>) = 0 [pid 1887] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1886] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1886] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1887] <... openat resumed>) = 5 [pid 1887] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1887] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1886] <... futex resumed>) = 0 [pid 1898] <... munmap resumed>) = 0 [pid 1886] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1879] <... pwrite64 resumed>) = 176128 [pid 1898] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1886] <... futex resumed>) = 1 [pid 1886] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1879] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1879] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1887] <... futex resumed>) = 0 [pid 1887] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1872] <... futex resumed>) = 0 [pid 1872] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1872] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1879] <... futex resumed>) = 0 [pid 1879] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1879] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1872] <... futex resumed>) = 0 [pid 1872] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1872] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./60/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./60/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./60/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./60/file1") = 0 [pid 287] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./60/binderfs") = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./60") = 0 [pid 287] mkdir("./61", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1899 [pid 1879] <... futex resumed>) = 1 [pid 1879] truncate("./file1", 1) = 0 [pid 1879] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1872] <... futex resumed>) = 0 [pid 1872] exit_group(0) = ? [pid 1879] <... futex resumed>) = ? [pid 1879] +++ exited with 0 +++ [pid 1897] <... openat resumed>) = 4 [pid 1872] +++ exited with 0 +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1872, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- [pid 284] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 1899 attached [pid 1899] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1899] chdir("./61") = 0 [pid 1899] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1899] setpgid(0, 0) = 0 [pid 1899] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1899] write(3, "1000", 4) = 4 [pid 1899] close(3) = 0 [pid 1899] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1899] write(1, "executing program\n", 18executing program ) = 18 [pid 1899] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1899] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1899] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 284] <... restart_syscall resumed>) = 0 [pid 284] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", [pid 1898] <... openat resumed>) = 4 [pid 1897] ioctl(4, LOOP_SET_FD, 3 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1898] ioctl(4, LOOP_SET_FD, 3 [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1899] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1899] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1899] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1899] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1899] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1901]}, 88) = 1901 [pid 1899] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1899] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1901 attached [pid 1901] set_robust_list(0x7f89653b89a0, 24 [pid 1899] <... futex resumed>) = 0 [pid 1898] <... ioctl resumed>) = 0 [pid 1897] <... ioctl resumed>) = 0 [pid 1887] <... pwrite64 resumed>) = 176128 [pid 1887] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1887] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1901] <... set_robust_list resumed>) = 0 [pid 1897] close(3 [pid 1901] rt_sigprocmask(SIG_SETMASK, [], [pid 1886] <... futex resumed>) = 0 [pid 1897] <... close resumed>) = 0 [pid 1898] close(3 [pid 1899] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1901] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1901] memfd_create("syzkaller", 0 [pid 1886] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1897] close(4 [pid 1898] <... close resumed>) = 0 [pid 1901] <... memfd_create resumed>) = 3 [pid 1901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1898] close(4 [pid 1887] <... futex resumed>) = 0 [pid 1886] <... futex resumed>) = 1 [pid 1886] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 64.428667][ T1879] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 64.448959][ T1879] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 64.452178][ T1887] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1887] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1901] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1901] munmap(0x7f895cf98000, 138412032) = 0 [pid 1901] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1887] <... pwrite64 resumed>) = 176128 [pid 1887] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1887] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1886] <... futex resumed>) = 0 [pid 1886] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1886] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1887] <... futex resumed>) = 0 [pid 1887] truncate("./file1", 1) = 0 [pid 1887] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1886] <... futex resumed>) = 0 [pid 1886] exit_group(0) = ? [pid 1887] <... futex resumed>) = ? [pid 1887] +++ exited with 0 +++ [pid 1886] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1886, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 283] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 283] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] <... umount2 resumed>) = 0 [pid 284] umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./62/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./62/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 284] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] close(4) = 0 [pid 284] rmdir("./62/file1") = 0 [pid 284] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] unlink("./62/binderfs") = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] close(3) = 0 [pid 284] rmdir("./62") = 0 [pid 284] mkdir("./63", 0777) = 0 [ 64.491486][ T1887] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1897] <... close resumed>) = 0 [pid 1897] mkdir("./file1", 0777) = 0 [pid 1897] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1898] <... close resumed>) = 0 [pid 1898] mkdir("./file1", 0777) = 0 [pid 1898] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1901] <... openat resumed>) = 4 [pid 1901] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 1901] close(3) = 0 [pid 1901] close(4) = 0 [pid 1901] mkdir("./file1", 0777) = 0 [pid 1901] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 284] <... openat resumed>) = 3 [pid 284] ioctl(3, LOOP_CLR_FD [pid 283] <... umount2 resumed>) = 0 [pid 284] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 283] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] close(3 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] <... close resumed>) = 0 [pid 283] newfstatat(AT_FDCWD, "./61/file1", [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1904 [pid 283] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] close(4) = 0 [pid 283] rmdir("./61/file1") = 0 [pid 283] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 64.664010][ T1901] EXT4-fs (loop4): Ignoring removed nobh option [ 64.665952][ T1897] EXT4-fs (loop2): Ignoring removed nobh option [ 64.670958][ T1901] EXT4-fs (loop4): Ignoring removed bh option [ 64.676835][ T1898] EXT4-fs (loop3): Ignoring removed nobh option [ 64.682838][ T1901] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 64.703597][ T1897] EXT4-fs (loop2): Ignoring removed bh option [pid 283] newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] unlink("./61/binderfs") = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] close(3) = 0 [pid 283] rmdir("./61") = 0 [pid 283] mkdir("./62", 0777) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 283] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 283] close(3) = 0 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1906 ./strace-static-x86_64: Process 1904 attached ./strace-static-x86_64: Process 1906 attached [pid 1906] set_robust_list(0x55557fe8a6a0, 24 [pid 1904] set_robust_list(0x55557fe8a6a0, 24 [pid 1906] <... set_robust_list resumed>) = 0 [pid 1904] <... set_robust_list resumed>) = 0 [pid 1906] chdir("./62" [pid 1904] chdir("./63") = 0 [pid 1906] <... chdir resumed>) = 0 [pid 1906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1906] setpgid(0, 0 [pid 1904] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1904] setpgid(0, 0 [pid 1906] <... setpgid resumed>) = 0 [pid 1906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1904] <... setpgid resumed>) = 0 executing program executing program [pid 1904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1906] <... openat resumed>) = 3 [pid 1904] <... openat resumed>) = 3 [pid 1904] write(3, "1000", 4) = 4 [pid 1906] write(3, "1000", 4 [pid 1904] close(3 [pid 1906] <... write resumed>) = 4 [pid 1904] <... close resumed>) = 0 [pid 1906] close(3) = 0 [pid 1904] symlink("/dev/binderfs", "./binderfs" [pid 1906] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1906] write(1, "executing program\n", 18 [pid 1904] <... symlink resumed>) = 0 [pid 1906] <... write resumed>) = 18 [pid 1904] write(1, "executing program\n", 18 [pid 1906] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1904] <... write resumed>) = 18 [pid 1904] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1906] <... futex resumed>) = 0 [pid 1906] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1904] <... futex resumed>) = 0 [pid 1906] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1904] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1906] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1904] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1906] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1904] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1906] <... mmap resumed>) = 0x7f8965398000 [pid 1904] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1906] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 1904] <... mmap resumed>) = 0x7f8965398000 [pid 1906] <... mprotect resumed>) = 0 [pid 1904] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1906] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1904] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1906] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1904] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1904] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1906] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1904] <... clone3 resumed> => {parent_tid=[1908]}, 88) = 1908 [pid 1904] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1904] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1904] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1906] <... clone3 resumed> => {parent_tid=[1907]}, 88) = 1907 [pid 1906] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1906] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1906] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1908 attached [pid 1908] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1908] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1908] memfd_create("syzkaller", 0) = 3 [pid 1908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 ./strace-static-x86_64: Process 1907 attached [pid 1907] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1908] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1907] rt_sigprocmask(SIG_SETMASK, [], [pid 1908] <... write resumed>) = 524288 [pid 1908] munmap(0x7f895cf98000, 138412032) = 0 [pid 1908] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1908] ioctl(4, LOOP_SET_FD, 3 [pid 1907] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1907] memfd_create("syzkaller", 0) = 3 [pid 1907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1907] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1907] munmap(0x7f895cf98000, 138412032) = 0 [ 64.710987][ T1897] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 64.724067][ T1898] EXT4-fs (loop3): Ignoring removed bh option [ 64.730799][ T1898] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1907] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1898] <... mount resumed>) = 0 [pid 1898] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1898] chdir("./file1") = 0 [pid 1898] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1901] <... mount resumed>) = 0 [pid 1901] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1901] chdir("./file1") = 0 [pid 1901] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1908] <... ioctl resumed>) = 0 [pid 1907] <... openat resumed>) = 4 [pid 1907] ioctl(4, LOOP_SET_FD, 3 [pid 1898] <... openat resumed>) = 4 [pid 1898] ioctl(4, LOOP_CLR_FD [pid 1908] close(3) = 0 [pid 1908] close(4 [pid 1907] <... ioctl resumed>) = 0 [pid 1907] close(3) = 0 [pid 1907] close(4 [pid 1908] <... close resumed>) = 0 [pid 1901] <... openat resumed>) = 4 [pid 1898] <... ioctl resumed>) = 0 [pid 1908] mkdir("./file1", 0777 [pid 1898] close(4 [pid 1908] <... mkdir resumed>) = 0 [pid 1908] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [ 64.746132][ T1901] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 64.762587][ T1898] EXT4-fs (loop3): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [pid 1901] ioctl(4, LOOP_CLR_FD [pid 1897] <... mount resumed>) = 0 [pid 1897] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1897] chdir("./file1") = 0 [pid 1897] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1907] <... close resumed>) = 0 [pid 1898] <... close resumed>) = 0 [pid 1907] mkdir("./file1", 0777 [pid 1898] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1907] <... mkdir resumed>) = 0 [pid 1907] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1898] <... futex resumed>) = 1 [pid 1895] <... futex resumed>) = 0 [pid 1898] openat(AT_FDCWD, "./file1", O_RDWR [pid 1895] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1895] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1898] <... openat resumed>) = 4 [pid 1898] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1895] <... futex resumed>) = 0 [pid 1898] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1895] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1898] <... pwrite64 resumed>) = 87490 [pid 1895] <... futex resumed>) = 0 [pid 1895] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1898] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1895] <... futex resumed>) = 0 [pid 1895] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1895] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1898] <... futex resumed>) = 1 [pid 1898] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1898] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1895] <... futex resumed>) = 0 [pid 1895] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1895] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1898] <... futex resumed>) = 1 [pid 1898] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1898] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1895] <... futex resumed>) = 0 [pid 1895] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1895] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1898] <... futex resumed>) = 1 [ 64.771108][ T1897] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 64.825622][ T1908] EXT4-fs (loop1): Ignoring removed nobh option [ 64.832725][ T1908] EXT4-fs (loop1): Ignoring removed bh option [ 64.836276][ T1898] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 64.839106][ T1908] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1898] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1901] <... ioctl resumed>) = 0 [pid 1897] <... openat resumed>) = 4 [pid 1901] close(4 [pid 1897] ioctl(4, LOOP_CLR_FD [pid 1901] <... close resumed>) = 0 [pid 1897] <... ioctl resumed>) = 0 [pid 1901] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1897] close(4 [pid 1901] <... futex resumed>) = 1 [pid 1899] <... futex resumed>) = 0 [pid 1897] <... close resumed>) = 0 [pid 1901] openat(AT_FDCWD, "./file1", O_RDWR [pid 1899] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1897] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1901] <... openat resumed>) = 4 [pid 1899] <... futex resumed>) = 0 [pid 1897] <... futex resumed>) = 1 [pid 1901] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1899] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1897] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1901] <... futex resumed>) = 0 [pid 1899] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1901] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1899] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1901] <... pwrite64 resumed>) = 87490 [pid 1899] <... futex resumed>) = 0 [pid 1899] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1901] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1899] <... futex resumed>) = 0 [pid 1899] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1899] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1901] <... futex resumed>) = 1 [pid 1901] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1901] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1899] <... futex resumed>) = 0 [pid 1899] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1899] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1901] <... futex resumed>) = 1 [pid 1901] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1896] <... futex resumed>) = 0 [pid 1896] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1897] <... futex resumed>) = 0 [pid 1896] <... futex resumed>) = 1 [pid 1897] openat(AT_FDCWD, "./file1", O_RDWR [pid 1896] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1897] <... openat resumed>) = 4 [pid 1901] <... pwrite64 resumed>) = 176128 [pid 1897] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1901] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1897] <... futex resumed>) = 1 [pid 1896] <... futex resumed>) = 0 [pid 1897] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1899] <... futex resumed>) = 0 [pid 1899] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1899] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1901] <... futex resumed>) = 1 [pid 1901] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1897] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1896] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1897] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1896] <... futex resumed>) = 0 [pid 1896] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1897] <... pwrite64 resumed>) = 87490 [pid 1895] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1895] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1895] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965377000 [pid 1895] mprotect(0x7f8965378000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1895] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1895] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8965397990, parent_tid=0x7f8965397990, exit_signal=0, stack=0x7f8965377000, stack_size=0x20300, tls=0x7f89653976c0} => {parent_tid=[1917]}, 88) = 1917 [pid 1895] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1895] futex(0x7f89654836d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1895] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1897] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1896] <... futex resumed>) = 0 [pid 1896] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1896] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1897] <... futex resumed>) = 1 [pid 1897] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1897] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1896] <... futex resumed>) = 0 [pid 1896] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1896] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1897] <... futex resumed>) = 1 [pid 1897] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864./strace-static-x86_64: Process 1917 attached [pid 1917] set_robust_list(0x7f89653979a0, 24 [pid 1901] <... pwrite64 resumed>) = 176128 [pid 1917] <... set_robust_list resumed>) = 0 [pid 1917] rt_sigprocmask(SIG_SETMASK, [], [pid 1901] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1898] <... pwrite64 resumed>) = 176128 [pid 1917] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1901] <... futex resumed>) = 1 [pid 1899] <... futex resumed>) = 0 [pid 1917] truncate("./file1", 1 [pid 1901] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1899] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1898] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 64.854881][ T1898] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 64.880607][ T1901] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 64.898343][ T1901] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1898] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1917] <... truncate resumed>) = 0 [pid 1901] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1899] <... futex resumed>) = 0 [pid 1917] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1901] truncate("./file1", 1 [pid 1899] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1917] <... futex resumed>) = 1 [pid 1895] <... futex resumed>) = 0 [pid 1895] exit_group(0 [pid 1898] <... futex resumed>) = ? [pid 1895] <... exit_group resumed>) = ? [pid 1898] +++ exited with 0 +++ [pid 1917] +++ exited with 0 +++ [pid 1895] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1895, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- [pid 1901] <... truncate resumed>) = 0 [pid 1901] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1901] <... futex resumed>) = 1 [pid 1899] <... futex resumed>) = 0 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1899] exit_group(0 [pid 286] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1899] <... exit_group resumed>) = ? [pid 286] <... openat resumed>) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 286] umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1901] +++ exited with 0 +++ [pid 1899] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1899, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 1897] <... pwrite64 resumed>) = 176128 [pid 1897] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1896] <... futex resumed>) = 0 [pid 1896] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1896] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1897] <... futex resumed>) = 1 [ 64.914711][ T1907] EXT4-fs (loop0): Ignoring removed nobh option [ 64.927655][ T1897] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 64.936864][ T1907] EXT4-fs (loop0): Ignoring removed bh option [ 64.944130][ T1897] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1897] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1908] <... mount resumed>) = 0 [pid 1897] <... pwrite64 resumed>) = 176128 [pid 1896] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1908] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1897] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1896] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1908] <... openat resumed>) = 3 [pid 1897] <... futex resumed>) = 0 [pid 1896] <... futex resumed>) = 0 [pid 287] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1908] chdir("./file1" [pid 1896] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1897] truncate("./file1", 1 [pid 1908] <... chdir resumed>) = 0 [pid 287] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1908] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 287] <... openat resumed>) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1897] <... truncate resumed>) = 0 [pid 1897] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1896] <... futex resumed>) = 0 [pid 1896] exit_group(0) = ? [pid 1897] +++ exited with 0 +++ [pid 1896] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1896, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 285] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 285] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 64.950080][ T1908] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 64.962941][ T1907] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 285] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1907] <... mount resumed>) = 0 [pid 1907] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1907] chdir("./file1") = 0 [pid 1907] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1908] <... openat resumed>) = 4 [pid 286] <... umount2 resumed>) = 0 [pid 1908] ioctl(4, LOOP_CLR_FD) = 0 [pid 286] umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1908] close(4) = 0 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1908] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1904] <... futex resumed>) = 0 [pid 1908] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 286] newfstatat(AT_FDCWD, "./64/file1", [pid 1908] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1904] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1908] openat(AT_FDCWD, "./file1", O_RDWR [pid 1904] <... futex resumed>) = 0 [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1908] <... openat resumed>) = 4 [pid 1904] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1908] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1904] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1908] <... futex resumed>) = 0 [pid 1904] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1908] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1904] <... futex resumed>) = 0 [pid 286] openat(AT_FDCWD, "./64/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1904] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] <... openat resumed>) = 4 [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 286] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] close(4) = 0 [pid 286] rmdir("./64/file1") = 0 [pid 286] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./64/binderfs") = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] close(3 [pid 1908] <... pwrite64 resumed>) = 87490 [pid 286] <... close resumed>) = 0 [pid 1908] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] rmdir("./64" [pid 1908] <... futex resumed>) = 1 [pid 1904] <... futex resumed>) = 0 [pid 286] <... rmdir resumed>) = 0 [pid 1908] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1904] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] mkdir("./65", 0777 [pid 1908] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1904] <... futex resumed>) = 0 [pid 286] <... mkdir resumed>) = 0 [pid 1908] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1904] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1908] <... openat resumed>) = 5 [pid 1908] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1904] <... futex resumed>) = 0 [pid 1908] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1904] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1908] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1904] <... futex resumed>) = 0 [ 65.006381][ T1907] EXT4-fs (loop0): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [pid 1908] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1904] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1908] <... pwrite64 resumed>) = 176128 [pid 1908] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1904] <... futex resumed>) = 0 [pid 1908] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1904] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1908] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1904] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1908] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1908] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1904] <... futex resumed>) = 0 [pid 1904] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1908] truncate("./file1", 1 [pid 1904] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1908] <... truncate resumed>) = 0 [pid 1908] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1904] <... futex resumed>) = 0 [pid 1904] exit_group(0) = ? [pid 1908] <... futex resumed>) = ? [pid 1908] +++ exited with 0 +++ [pid 1904] +++ exited with 0 +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1904, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 284] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 284] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1907] <... openat resumed>) = 4 [pid 286] <... openat resumed>) = 3 [pid 1907] ioctl(4, LOOP_CLR_FD [pid 286] ioctl(3, LOOP_CLR_FD [pid 1907] <... ioctl resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 1907] close(4 [pid 287] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./61/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./61/file1") = 0 [pid 287] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./61/binderfs") = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./61") = 0 [pid 287] mkdir("./62", 0777) = 0 [ 65.079233][ T1908] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 65.095152][ T1908] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1907] <... close resumed>) = 0 [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 285] <... umount2 resumed>) = 0 [pid 284] <... umount2 resumed>) = 0 [pid 1907] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] close(3 [pid 285] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1907] <... futex resumed>) = 1 [pid 1906] <... futex resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 286] <... close resumed>) = 0 [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1907] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1906] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] ioctl(3, LOOP_CLR_FD [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 285] newfstatat(AT_FDCWD, "./61/file1", [pid 1907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1906] <... futex resumed>) = 0 [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] umount2("./61/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./63/file1", [pid 1907] openat(AT_FDCWD, "./file1", O_RDWR [pid 1906] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 285] openat(AT_FDCWD, "./61/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] getdents64(4, [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1907] <... openat resumed>) = 4 [pid 287] close(3 [pid 286] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1921 [pid 285] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1907] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... close resumed>) = 0 [pid 285] getdents64(4, [pid 284] <... openat resumed>) = 4 [pid 1907] <... futex resumed>) = 1 [pid 1906] <... futex resumed>) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 285] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] newfstatat(4, "", [pid 1907] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1906] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] close(4 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1906] <... futex resumed>) = 0 [pid 285] <... close resumed>) = 0 [pid 284] getdents64(4, [pid 1907] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1906] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] rmdir("./61/file1" [pid 284] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] <... rmdir resumed>) = 0 [pid 284] getdents64(4, [pid 285] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] close(4 [pid 285] newfstatat(AT_FDCWD, "./61/binderfs", [pid 284] <... close resumed>) = 0 [pid 285] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] rmdir("./63/file1" [pid 285] unlink("./61/binderfs" [pid 284] <... rmdir resumed>) = 0 [pid 285] <... unlink resumed>) = 0 [pid 284] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] getdents64(3, [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] newfstatat(AT_FDCWD, "./63/binderfs", [pid 285] close(3 [pid 284] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] <... close resumed>) = 0 [pid 284] unlink("./63/binderfs" [pid 285] rmdir("./61" [pid 284] <... unlink resumed>) = 0 [pid 1907] <... pwrite64 resumed>) = 87490 [pid 287] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1922 [pid 285] <... rmdir resumed>) = 0 [pid 284] getdents64(3, [pid 285] mkdir("./62", 0777 [pid 284] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 1907] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] <... mkdir resumed>) = 0 [pid 284] close(3 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 284] <... close resumed>) = 0 [pid 1907] <... futex resumed>) = 1 [pid 1906] <... futex resumed>) = 0 [pid 285] <... openat resumed>) = 3 [pid 284] rmdir("./63" [pid 1907] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1906] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] ioctl(3, LOOP_CLR_FD [pid 284] <... rmdir resumed>) = 0 [pid 1907] <... openat resumed>) = 5 [pid 1906] <... futex resumed>) = 0 [pid 285] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 284] mkdir("./64", 0777 [pid 1907] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1906] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] close(3 [pid 284] <... mkdir resumed>) = 0 [pid 1907] <... futex resumed>) = 0 [pid 1906] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 285] <... close resumed>) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1907] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1906] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 284] <... openat resumed>) = 3 [pid 1907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1906] <... futex resumed>) = 0 [pid 284] ioctl(3, LOOP_CLR_FD [pid 1907] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1906] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1923 [pid 284] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 284] close(3./strace-static-x86_64: Process 1922 attached ) = 0 [pid 1922] set_robust_list(0x55557fe8a6a0, 24 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1922] <... set_robust_list resumed>) = 0 [pid 1922] chdir("./62" [pid 284] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1924 [pid 1922] <... chdir resumed>) = 0 [pid 1922] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1922] setpgid(0, 0) = 0 [pid 1922] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1922] write(3, "1000", 4) = 4 [pid 1922] close(3) = 0 [pid 1922] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1922] write(1, "executing program\n", 18) = 18 [pid 1922] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1922] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1922] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1922] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1922] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1922] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1922] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1925]}, 88) = 1925 [pid 1922] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1922] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1922] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1924 attached [pid 1924] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1924] chdir("./64") = 0 [pid 1924] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1924] setpgid(0, 0) = 0 [pid 1924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1924] write(3, "1000", 4) = 4 [pid 1924] close(3) = 0 [pid 1924] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1924] write(1, "executing program\n", 18executing program ) = 18 [pid 1924] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1924] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1924] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1924] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1924] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1924] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1924] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1926]}, 88) = 1926 [pid 1924] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1924] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1924] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1926 attached [pid 1926] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1926] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1926] memfd_create("syzkaller", 0) = 3 [pid 1926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1926] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1926] munmap(0x7f895cf98000, 138412032) = 0 [pid 1926] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1926] ioctl(4, LOOP_SET_FD, 3) = 0 ./strace-static-x86_64: Process 1921 attached [pid 1926] close(3) = 0 [pid 1926] close(4./strace-static-x86_64: Process 1923 attached [pid 1923] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1923] chdir("./62" [pid 1921] set_robust_list(0x55557fe8a6a0, 24 [pid 1923] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 1925 attached [pid 1921] <... set_robust_list resumed>) = 0 [pid 1925] set_robust_list(0x7f89653b89a0, 24 [pid 1921] chdir("./65" [pid 1907] <... pwrite64 resumed>) = 176128 [pid 1925] <... set_robust_list resumed>) = 0 [pid 1923] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1921] <... chdir resumed>) = 0 [pid 1921] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1921] setpgid(0, 0) = 0 [pid 1925] rt_sigprocmask(SIG_SETMASK, [], [pid 1923] <... prctl resumed>) = 0 [pid 1907] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1925] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1925] memfd_create("syzkaller", 0) = 3 [pid 1925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1921] <... openat resumed>) = 3 executing program [pid 1923] setpgid(0, 0 [pid 1921] write(3, "1000", 4 [pid 1907] <... futex resumed>) = 1 [pid 1921] <... write resumed>) = 4 [pid 1921] close(3) = 0 [pid 1921] symlink("/dev/binderfs", "./binderfs" [pid 1906] <... futex resumed>) = 0 [pid 1906] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1906] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1921] <... symlink resumed>) = 0 [pid 1921] write(1, "executing program\n", 18) = 18 [pid 1921] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1921] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1921] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1921] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1921] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1921] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1921] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1925] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1921] <... clone3 resumed> => {parent_tid=[1928]}, 88) = 1928 [pid 1921] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1921] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1921] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1928 attached [pid 1928] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1928] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1928] memfd_create("syzkaller", 0) = 3 [pid 1928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1925] <... write resumed>) = 524288 [pid 1925] munmap(0x7f895cf98000, 138412032 [pid 1923] <... setpgid resumed>) = 0 [pid 1907] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1925] <... munmap resumed>) = 0 [pid 1925] openat(AT_FDCWD, "/dev/loop4", O_RDWRexecuting program [pid 1928] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1928] munmap(0x7f895cf98000, 138412032) = 0 [pid 1928] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1923] write(3, "1000", 4) = 4 [pid 1923] close(3) = 0 [pid 1923] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1923] write(1, "executing program\n", 18) = 18 [pid 1923] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1923] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1923] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1923] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1923] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1923] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1923] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1929]}, 88) = 1929 [pid 1923] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1923] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1923] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1929 attached [pid 1929] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1929] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1929] memfd_create("syzkaller", 0) = 3 [pid 1929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1929] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1929] munmap(0x7f895cf98000, 138412032) = 0 [pid 1929] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1907] <... pwrite64 resumed>) = 176128 [pid 1907] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1906] <... futex resumed>) = 0 [pid 1906] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1906] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1907] <... futex resumed>) = 1 [pid 1926] <... close resumed>) = 0 [pid 1928] <... openat resumed>) = 4 [pid 1926] mkdir("./file1", 0777 [pid 1928] ioctl(4, LOOP_SET_FD, 3 [pid 1926] <... mkdir resumed>) = 0 [pid 1926] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1907] truncate("./file1", 1 [pid 1928] <... ioctl resumed>) = 0 [pid 1928] close(3) = 0 [pid 1928] close(4 [pid 1929] <... openat resumed>) = 4 [pid 1929] ioctl(4, LOOP_SET_FD, 3 [pid 1907] <... truncate resumed>) = 0 [pid 1907] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1906] <... futex resumed>) = 0 [pid 1907] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1906] exit_group(0 [pid 1907] <... futex resumed>) = ? [pid 1906] <... exit_group resumed>) = ? [pid 1907] +++ exited with 0 +++ [pid 1906] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1906, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 283] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 1928] <... close resumed>) = 0 [pid 1925] <... openat resumed>) = 4 [pid 1928] mkdir("./file1", 0777) = 0 [pid 1928] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1925] ioctl(4, LOOP_SET_FD, 3 [pid 283] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 65.215972][ T1907] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 65.239653][ T1907] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 283] umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1929] <... ioctl resumed>) = 0 [pid 1929] close(3) = 0 [pid 1929] close(4) = 0 [pid 1929] mkdir("./file1", 0777 [pid 1925] <... ioctl resumed>) = 0 [pid 1929] <... mkdir resumed>) = 0 [pid 1925] close(3 [pid 1929] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1925] <... close resumed>) = 0 [ 65.365377][ T1928] EXT4-fs (loop3): Ignoring removed nobh option [ 65.367128][ T1929] EXT4-fs (loop2): Ignoring removed nobh option [ 65.373151][ T1926] EXT4-fs (loop1): Ignoring removed nobh option [ 65.378634][ T1929] EXT4-fs (loop2): Ignoring removed bh option [ 65.386550][ T1926] EXT4-fs (loop1): Ignoring removed bh option [ 65.390866][ T1929] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 65.396771][ T1928] EXT4-fs (loop3): Ignoring removed bh option [pid 1925] close(4) = 0 [pid 1925] mkdir("./file1", 0777) = 0 [pid 1925] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1929] <... mount resumed>) = 0 [pid 1929] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1929] chdir("./file1") = 0 [ 65.408901][ T1926] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 65.414905][ T1928] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 65.428493][ T1929] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [pid 1929] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1926] <... mount resumed>) = 0 [pid 1926] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1926] chdir("./file1") = 0 [pid 1926] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1928] <... mount resumed>) = 0 [pid 1928] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1928] chdir("./file1") = 0 [ 65.445314][ T1926] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 65.465722][ T1928] EXT4-fs (loop3): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [pid 1928] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1929] <... openat resumed>) = 4 [pid 1926] <... openat resumed>) = 4 [pid 283] <... umount2 resumed>) = 0 [pid 1929] ioctl(4, LOOP_CLR_FD [pid 1926] ioctl(4, LOOP_CLR_FD [pid 283] umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1929] <... ioctl resumed>) = 0 [pid 1926] <... ioctl resumed>) = 0 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1929] close(4 [pid 1926] close(4 [pid 1929] <... close resumed>) = 0 [pid 1926] <... close resumed>) = 0 [pid 283] newfstatat(AT_FDCWD, "./62/file1", [pid 1929] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1926] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1929] <... futex resumed>) = 1 [pid 1926] <... futex resumed>) = 1 [pid 1924] <... futex resumed>) = 0 [pid 1923] <... futex resumed>) = 0 [pid 283] umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1929] openat(AT_FDCWD, "./file1", O_RDWR [pid 1926] openat(AT_FDCWD, "./file1", O_RDWR [pid 1924] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1923] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1929] <... openat resumed>) = 4 [pid 1926] <... openat resumed>) = 4 [pid 1924] <... futex resumed>) = 0 [pid 1923] <... futex resumed>) = 0 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1929] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1926] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1924] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1923] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1929] <... futex resumed>) = 0 [pid 1926] <... futex resumed>) = 0 [pid 1924] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1923] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1929] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1926] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1924] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1923] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] openat(AT_FDCWD, "./62/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1924] <... futex resumed>) = 0 [pid 1923] <... futex resumed>) = 0 [pid 1924] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1923] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1929] <... pwrite64 resumed>) = 87490 [pid 1926] <... pwrite64 resumed>) = 87490 [pid 283] <... openat resumed>) = 4 [pid 283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] close(4 [pid 1929] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] <... close resumed>) = 0 [pid 1928] <... openat resumed>) = 4 [pid 1929] <... futex resumed>) = 1 [pid 1928] ioctl(4, LOOP_CLR_FD [pid 1926] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1923] <... futex resumed>) = 0 [pid 283] rmdir("./62/file1" [pid 1929] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1923] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1929] <... openat resumed>) = 5 [pid 1923] <... futex resumed>) = 0 [pid 1929] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1926] <... futex resumed>) = 1 [pid 1924] <... futex resumed>) = 0 [pid 1923] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 283] <... rmdir resumed>) = 0 [pid 1929] <... futex resumed>) = 0 [pid 1926] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1924] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1923] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 283] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1929] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1924] <... futex resumed>) = 0 [pid 1923] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1929] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1926] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1924] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1923] <... futex resumed>) = 0 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1929] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1926] <... openat resumed>) = 5 [pid 1923] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1928] <... ioctl resumed>) = 0 [pid 1926] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] newfstatat(AT_FDCWD, "./62/binderfs", [pid 1928] close(4 [pid 1926] <... futex resumed>) = 1 [pid 1924] <... futex resumed>) = 0 [pid 283] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1928] <... close resumed>) = 0 [pid 1926] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 65.503484][ T1925] EXT4-fs (loop4): Ignoring removed nobh option [ 65.517400][ T1925] EXT4-fs (loop4): Ignoring removed bh option [ 65.523539][ T1925] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1924] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1928] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1924] <... futex resumed>) = 0 [pid 283] unlink("./62/binderfs" [pid 1924] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1928] <... futex resumed>) = 1 [pid 1928] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULLexecuting program [pid 1926] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1921] <... futex resumed>) = 0 [pid 283] <... unlink resumed>) = 0 [pid 1921] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] getdents64(3, [pid 1921] <... futex resumed>) = 1 [pid 283] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 1921] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 283] close(3) = 0 [pid 283] rmdir("./62") = 0 [pid 283] mkdir("./63", 0777) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 283] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 283] close(3) = 0 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1941 ./strace-static-x86_64: Process 1941 attached [pid 1941] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1941] chdir("./63") = 0 [pid 1941] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1941] setpgid(0, 0) = 0 [pid 1941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1941] write(3, "1000", 4) = 4 [pid 1941] close(3) = 0 [pid 1941] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1941] write(1, "executing program\n", 18) = 18 [pid 1941] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1941] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1941] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1941] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1941] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1941] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1942]}, 88) = 1942 [pid 1941] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1941] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1941] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1942 attached [pid 1942] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1942] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1942] memfd_create("syzkaller", 0) = 3 [pid 1942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1942] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1942] munmap(0x7f895cf98000, 138412032) = 0 [pid 1942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 65.570745][ T1929] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 65.582673][ T1926] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1942] ioctl(4, LOOP_SET_FD, 3 [pid 1929] <... pwrite64 resumed>) = 176128 [pid 1928] <... futex resumed>) = 0 [pid 1929] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1928] openat(AT_FDCWD, "./file1", O_RDWR [pid 1929] <... futex resumed>) = 1 [pid 1928] <... openat resumed>) = 4 [pid 1923] <... futex resumed>) = 0 [pid 1929] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1928] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1923] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1928] <... futex resumed>) = 1 [pid 1925] <... mount resumed>) = 0 [pid 1923] <... futex resumed>) = 0 [pid 1921] <... futex resumed>) = 0 [pid 1928] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1921] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1928] <... pwrite64 resumed>) = 87490 [pid 1921] <... futex resumed>) = 0 [pid 1921] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1928] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1921] <... futex resumed>) = 0 [pid 1921] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1921] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1928] <... futex resumed>) = 1 [pid 1928] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1928] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1921] <... futex resumed>) = 0 [pid 1921] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1921] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1928] <... futex resumed>) = 1 [pid 1928] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1942] <... ioctl resumed>) = 0 [pid 1929] <... pwrite64 resumed>) = 176128 [pid 1926] <... pwrite64 resumed>) = 176128 [pid 1925] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1924] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1923] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1942] close(3 [pid 1926] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1924] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1942] <... close resumed>) = 0 [pid 1926] <... futex resumed>) = 0 [pid 1924] <... futex resumed>) = 0 [pid 1942] close(4 [pid 1926] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1924] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1929] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1928] <... pwrite64 resumed>) = 176128 [pid 1925] <... openat resumed>) = 3 [pid 1929] <... futex resumed>) = 1 [pid 1929] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1925] chdir("./file1") = 0 [pid 1925] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1928] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1921] <... futex resumed>) = 0 [pid 1921] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1921] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1928] <... futex resumed>) = 1 [pid 1928] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1926] <... pwrite64 resumed>) = 176128 [pid 1923] <... futex resumed>) = 0 [pid 1923] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1923] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1926] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1926] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1929] <... futex resumed>) = 0 [pid 1929] truncate("./file1", 1) = 0 [pid 1929] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1923] <... futex resumed>) = 0 [ 65.595782][ T1925] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 65.601603][ T1929] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 65.632181][ T1928] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 65.653306][ T1926] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1923] exit_group(0) = ? [pid 1929] <... futex resumed>) = ? [pid 1929] +++ exited with 0 +++ [pid 1923] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1923, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 285] restart_syscall(<... resuming interrupted clone ...> [pid 1924] <... futex resumed>) = 0 [pid 1924] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1924] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1926] <... futex resumed>) = 0 [pid 1926] truncate("./file1", 1) = 0 [pid 1926] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1924] <... futex resumed>) = 0 [pid 1924] exit_group(0) = ? [pid 1926] <... futex resumed>) = ? [pid 1926] +++ exited with 0 +++ [pid 1924] +++ exited with 0 +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1924, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 284] restart_syscall(<... resuming interrupted clone ...> [pid 285] <... restart_syscall resumed>) = 0 [pid 284] <... restart_syscall resumed>) = 0 [pid 285] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 284] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 285] <... openat resumed>) = 3 [pid 284] <... openat resumed>) = 3 [pid 285] newfstatat(3, "", [pid 284] newfstatat(3, "", [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, [pid 284] getdents64(3, [pid 285] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1928] <... pwrite64 resumed>) = 176128 [pid 1928] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1928] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1921] <... futex resumed>) = 0 [pid 1921] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1921] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1928] <... futex resumed>) = 0 [pid 1928] truncate("./file1", 1 [pid 1942] <... close resumed>) = 0 [pid 1925] <... openat resumed>) = 4 [pid 1942] mkdir("./file1", 0777 [pid 1925] ioctl(4, LOOP_CLR_FD [pid 1942] <... mkdir resumed>) = 0 [pid 1942] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1928] <... truncate resumed>) = 0 [pid 1928] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1921] <... futex resumed>) = 0 [pid 1921] exit_group(0) = ? [pid 1928] <... futex resumed>) = ? [pid 1928] +++ exited with 0 +++ [pid 1921] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1921, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 286] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 286] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 65.655668][ T1928] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 286] umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1925] <... ioctl resumed>) = 0 [pid 1925] close(4) = 0 [pid 286] <... umount2 resumed>) = 0 [pid 285] <... umount2 resumed>) = 0 [pid 284] <... umount2 resumed>) = 0 [pid 1925] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1925] <... futex resumed>) = 1 [pid 1922] <... futex resumed>) = 0 [pid 286] umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1925] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1922] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1925] <... futex resumed>) = 0 [pid 1922] <... futex resumed>) = 1 [pid 1925] openat(AT_FDCWD, "./file1", O_RDWR [pid 1922] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./65/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./65/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 286] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] close(4) = 0 [pid 286] rmdir("./65/file1") = 0 [pid 286] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./65/binderfs") = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] close(3) = 0 [pid 286] rmdir("./65") = 0 [pid 286] mkdir("./66", 0777) = 0 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 286] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 286] close(3) = 0 [pid 285] newfstatat(AT_FDCWD, "./62/file1", [pid 284] newfstatat(AT_FDCWD, "./64/file1", [pid 1925] <... openat resumed>) = 4 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1925] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1925] <... futex resumed>) = 1 [pid 1922] <... futex resumed>) = 0 [pid 286] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1944 [pid 285] umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1925] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1922] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1922] <... futex resumed>) = 0 [pid 285] openat(AT_FDCWD, "./62/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 1944 attached [pid 1925] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1922] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] <... openat resumed>) = 4 [pid 284] openat(AT_FDCWD, "./64/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1944] set_robust_list(0x55557fe8a6a0, 24 [pid 285] newfstatat(4, "", [pid 284] <... openat resumed>) = 4 [pid 1944] <... set_robust_list resumed>) = 0 [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] newfstatat(4, "", [pid 1944] chdir("./66" [pid 285] getdents64(4, [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1944] <... chdir resumed>) = 0 [pid 285] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] getdents64(4, [pid 1944] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 285] getdents64(4, [pid 284] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 1944] <... prctl resumed>) = 0 [pid 285] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] getdents64(4, [pid 1944] setpgid(0, 0 [pid 285] close(4 [pid 284] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 1944] <... setpgid resumed>) = 0 [pid 285] <... close resumed>) = 0 [pid 284] close(4 [pid 1944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 285] rmdir("./62/file1" [pid 284] <... close resumed>) = 0 [pid 1944] <... openat resumed>) = 3 [pid 285] <... rmdir resumed>) = 0 [pid 284] rmdir("./64/file1" [pid 1944] write(3, "1000", 4 [pid 285] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] <... rmdir resumed>) = 0 [pid 1944] <... write resumed>) = 4 [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1944] close(3 [pid 285] newfstatat(AT_FDCWD, "./62/binderfs", [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1944] <... close resumed>) = 0 [pid 285] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] newfstatat(AT_FDCWD, "./64/binderfs", [pid 1944] symlink("/dev/binderfs", "./binderfs" [pid 1925] <... pwrite64 resumed>) = 87490 [pid 285] unlink("./62/binderfs" [pid 284] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1944] <... symlink resumed>) = 0 [pid 1925] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] <... unlink resumed>) = 0 [pid 284] unlink("./64/binderfs"executing program [pid 1944] write(1, "executing program\n", 18 [pid 1925] <... futex resumed>) = 1 [pid 1922] <... futex resumed>) = 0 [pid 285] getdents64(3, [pid 284] <... unlink resumed>) = 0 [pid 1944] <... write resumed>) = 18 [pid 1925] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1922] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] getdents64(3, [pid 1944] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1922] <... futex resumed>) = 0 [pid 285] close(3 [pid 284] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 1944] <... futex resumed>) = 0 [pid 285] <... close resumed>) = 0 [pid 284] close(3 [pid 1944] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 285] rmdir("./62" [pid 284] <... close resumed>) = 0 [pid 1944] <... rt_sigaction resumed>NULL, 8) = 0 [pid 285] <... rmdir resumed>) = 0 [pid 284] rmdir("./64" [pid 1944] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 285] mkdir("./63", 0777 [pid 284] <... rmdir resumed>) = 0 [pid 1944] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 285] <... mkdir resumed>) = 0 [pid 284] mkdir("./65", 0777 [pid 1944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 284] <... mkdir resumed>) = 0 [pid 1944] <... mmap resumed>) = 0x7f8965398000 [pid 285] <... openat resumed>) = 3 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1944] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 285] ioctl(3, LOOP_CLR_FD [pid 284] <... openat resumed>) = 3 [pid 1944] <... mprotect resumed>) = 0 [pid 285] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 284] ioctl(3, LOOP_CLR_FD [pid 1944] rt_sigprocmask(SIG_BLOCK, ~[], [pid 285] close(3 [pid 284] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1944] <... rt_sigprocmask resumed>[], 8) = 0 [pid 285] <... close resumed>) = 0 [pid 284] close(3 [pid 1944] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 284] <... close resumed>) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1944] <... clone3 resumed> => {parent_tid=[1947]}, 88) = 1947 [pid 285] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1948 [pid 1944] rt_sigprocmask(SIG_SETMASK, [], [pid 284] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1949 [pid 1944] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1944] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1944] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1925] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1925] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1925] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1922] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 1922] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1925] <... futex resumed>) = 0 [pid 1922] <... futex resumed>) = 1 [ 65.826353][ T1942] EXT4-fs (loop0): Ignoring removed nobh option [ 65.833928][ T1942] EXT4-fs (loop0): Ignoring removed bh option [ 65.841030][ T1942] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1925] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1922] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1949 attached ./strace-static-x86_64: Process 1948 attached ./strace-static-x86_64: Process 1947 attached [pid 1942] <... mount resumed>) = 0 [pid 1949] set_robust_list(0x55557fe8a6a0, 24 [pid 1948] set_robust_list(0x55557fe8a6a0, 24 [pid 1947] set_robust_list(0x7f89653b89a0, 24 [pid 1942] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1949] <... set_robust_list resumed>) = 0 [pid 1948] <... set_robust_list resumed>) = 0 [pid 1947] <... set_robust_list resumed>) = 0 [pid 1942] <... openat resumed>) = 3 [pid 1949] chdir("./65" [pid 1948] chdir("./63" [pid 1947] rt_sigprocmask(SIG_SETMASK, [], [pid 1942] chdir("./file1" [pid 1949] <... chdir resumed>) = 0 [pid 1948] <... chdir resumed>) = 0 [pid 1947] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1942] <... chdir resumed>) = 0 [pid 1949] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1948] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1947] memfd_create("syzkaller", 0 [pid 1949] <... prctl resumed>) = 0 [pid 1948] <... prctl resumed>) = 0 [pid 1947] <... memfd_create resumed>) = 3 [pid 1942] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1949] setpgid(0, 0 [pid 1948] setpgid(0, 0 [pid 1947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1949] <... setpgid resumed>) = 0 [pid 1948] <... setpgid resumed>) = 0 [pid 1947] <... mmap resumed>) = 0x7f895cf98000 [pid 1942] <... openat resumed>) = 4 [pid 1949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1947] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1949] <... openat resumed>) = 3 [pid 1948] <... openat resumed>) = 3 [pid 1947] <... write resumed>) = 524288 [pid 1942] ioctl(4, LOOP_CLR_FD [pid 1949] write(3, "1000", 4 [pid 1948] write(3, "1000", 4 [pid 1947] munmap(0x7f895cf98000, 138412032 [pid 1949] <... write resumed>) = 4 [pid 1948] <... write resumed>) = 4 [pid 1947] <... munmap resumed>) = 0 [pid 1942] <... ioctl resumed>) = 0 [pid 1949] close(3 [pid 1948] close(3 [pid 1947] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1949] <... close resumed>) = 0 [pid 1948] <... close resumed>) = 0 [pid 1947] <... openat resumed>) = 4 [pid 1942] close(4 [pid 1949] symlink("/dev/binderfs", "./binderfs" [pid 1948] symlink("/dev/binderfs", "./binderfs" [pid 1947] ioctl(4, LOOP_SET_FD, 3 [pid 1949] <... symlink resumed>) = 0 [pid 1948] <... symlink resumed>) = 0 [pid 1942] <... close resumed>) = 0 executing program [pid 1949] write(1, "executing program\n", 18executing program [pid 1948] write(1, "executing program\n", 18 [pid 1942] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1949] <... write resumed>) = 18 [pid 1948] <... write resumed>) = 18 [pid 1942] <... futex resumed>) = 1 [pid 1941] <... futex resumed>) = 0 [pid 1949] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1948] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1942] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1941] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1925] <... pwrite64 resumed>) = 176128 [pid 1949] <... futex resumed>) = 0 [pid 1948] <... futex resumed>) = 0 [pid 1947] <... ioctl resumed>) = 0 [pid 1942] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1941] <... futex resumed>) = 0 [pid 1925] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1949] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1948] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 1947] close(3 [pid 1941] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1925] <... futex resumed>) = 1 [pid 1922] <... futex resumed>) = 0 [pid 1949] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1948] <... rt_sigaction resumed>NULL, 8) = 0 [pid 1947] <... close resumed>) = 0 [pid 1925] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1922] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1949] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1948] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 1925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1947] close(4 [pid 1922] <... futex resumed>) = 0 [pid 1949] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1948] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1925] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1922] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1949] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 1947] <... close resumed>) = 0 [pid 1942] openat(AT_FDCWD, "./file1", O_RDWR [pid 1949] <... mmap resumed>) = 0x7f8965398000 [pid 1948] <... mmap resumed>) = 0x7f8965398000 [pid 1947] mkdir("./file1", 0777 [pid 1942] <... openat resumed>) = 4 [pid 1949] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 1948] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 1947] <... mkdir resumed>) = 0 [pid 1942] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1949] <... mprotect resumed>) = 0 [pid 1948] <... mprotect resumed>) = 0 [pid 1947] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1942] <... futex resumed>) = 1 [pid 1941] <... futex resumed>) = 0 [pid 1949] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1948] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1942] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1941] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1949] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1948] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1942] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1941] <... futex resumed>) = 0 [pid 1925] <... pwrite64 resumed>) = 176128 [pid 1949] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1948] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1942] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1941] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1925] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1942] <... pwrite64 resumed>) = 87490 [pid 1949] <... clone3 resumed> => {parent_tid=[1951]}, 88) = 1951 [pid 1948] <... clone3 resumed> => {parent_tid=[1952]}, 88) = 1952 [pid 1942] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1949] rt_sigprocmask(SIG_SETMASK, [], [pid 1948] rt_sigprocmask(SIG_SETMASK, [], [pid 1925] <... futex resumed>) = 1 [pid 1922] <... futex resumed>) = 0 [pid 1949] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1948] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1942] <... futex resumed>) = 1 [pid 1941] <... futex resumed>) = 0 [pid 1925] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1922] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1949] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1948] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1942] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1941] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1922] <... futex resumed>) = 0 [pid 1949] <... futex resumed>) = 0 [ 65.863513][ T1942] EXT4-fs (loop0): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 65.881052][ T1925] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 65.904633][ T1925] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 65.920817][ T1947] EXT4-fs (loop3): Ignoring removed nobh option [pid 1948] <... futex resumed>) = 0 [pid 1942] <... openat resumed>) = 5 [pid 1941] <... futex resumed>) = 0 [pid 1925] truncate("./file1", 1 [pid 1922] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1949] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1948] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1942] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1941] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1925] <... truncate resumed>) = 0 [pid 1942] <... futex resumed>) = 0 [pid 1941] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1942] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1941] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1925] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1941] <... futex resumed>) = 0 [pid 1941] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1925] <... futex resumed>) = 1 [pid 1922] <... futex resumed>) = 0 [pid 1925] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1922] exit_group(0 [pid 1925] <... futex resumed>) = ? [pid 1922] <... exit_group resumed>) = ? [pid 1925] +++ exited with 0 +++ [pid 1922] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1922, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 287] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 1952 attached [pid 1952] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1952] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1952] memfd_create("syzkaller", 0) = 3 [pid 1952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1952] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288./strace-static-x86_64: Process 1951 attached [pid 1951] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1951] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1951] memfd_create("syzkaller", 0) = 3 [pid 1951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1951] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1952] <... write resumed>) = 524288 [pid 1951] <... write resumed>) = 524288 [pid 1952] munmap(0x7f895cf98000, 138412032) = 0 [pid 1952] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 1952] ioctl(4, LOOP_SET_FD, 3 [pid 1951] munmap(0x7f895cf98000, 138412032) = 0 [pid 1951] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1952] <... ioctl resumed>) = 0 [pid 1951] <... openat resumed>) = 4 [pid 1951] ioctl(4, LOOP_SET_FD, 3 [pid 1952] close(3) = 0 [pid 1952] close(4) = 0 [pid 1951] <... ioctl resumed>) = 0 [pid 1952] mkdir("./file1", 0777 [pid 1942] <... pwrite64 resumed>) = 176128 [pid 1952] <... mkdir resumed>) = 0 [pid 1951] close(3 [pid 1942] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1951] <... close resumed>) = 0 [pid 1951] close(4 [pid 1941] <... futex resumed>) = 0 [pid 1941] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1941] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1942] <... futex resumed>) = 1 [ 65.927474][ T1947] EXT4-fs (loop3): Ignoring removed bh option [ 65.933917][ T1947] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 65.943626][ T1942] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1942] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1952] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1947] <... mount resumed>) = 0 [pid 1947] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1942] <... pwrite64 resumed>) = 176128 [pid 1947] <... openat resumed>) = 3 [pid 1942] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1947] chdir("./file1") = 0 [pid 1947] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1941] <... futex resumed>) = 0 [pid 1941] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1941] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1942] <... futex resumed>) = 1 [pid 1942] truncate("./file1", 1) = 0 [pid 1942] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1941] <... futex resumed>) = 0 [pid 1941] exit_group(0) = ? [pid 1942] <... futex resumed>) = ? [pid 1942] +++ exited with 0 +++ [pid 1941] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1941, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 283] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 283] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1951] <... close resumed>) = 0 [pid 1951] mkdir("./file1", 0777) = 0 [pid 1951] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1947] <... openat resumed>) = 4 [pid 1947] ioctl(4, LOOP_CLR_FD) = 0 [ 65.963010][ T1947] EXT4-fs (loop3): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 65.965072][ T1942] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 66.006114][ T1952] EXT4-fs (loop2): Ignoring removed nobh option [ 66.012897][ T1952] EXT4-fs (loop2): Ignoring removed bh option [pid 1947] close(4 [pid 1952] <... mount resumed>) = 0 [pid 1952] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1952] chdir("./file1") = 0 [pid 1952] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1947] <... close resumed>) = 0 [pid 1947] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1944] <... futex resumed>) = 0 [pid 1947] openat(AT_FDCWD, "./file1", O_RDWR [pid 1944] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1947] <... openat resumed>) = 4 [pid 1944] <... futex resumed>) = 0 [pid 1947] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1944] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1947] <... futex resumed>) = 0 [pid 1944] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1947] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1944] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1947] <... pwrite64 resumed>) = 87490 [pid 1944] <... futex resumed>) = 0 [pid 1944] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1947] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1944] <... futex resumed>) = 0 [pid 1944] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1944] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1947] <... futex resumed>) = 1 [pid 1947] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1947] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1944] <... futex resumed>) = 0 [pid 1944] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1944] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1947] <... futex resumed>) = 1 [ 66.019305][ T1952] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 66.036224][ T1952] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 66.065703][ T1951] EXT4-fs (loop1): Ignoring removed nobh option [pid 1947] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1947] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1944] <... futex resumed>) = 0 [pid 1944] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1944] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1947] <... futex resumed>) = 1 [pid 1947] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1947] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1944] <... futex resumed>) = 0 [pid 1944] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1944] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1947] <... futex resumed>) = 1 [pid 1947] truncate("./file1", 1) = 0 [pid 1947] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1944] <... futex resumed>) = 0 [pid 1944] exit_group(0) = ? [pid 1947] <... futex resumed>) = ? [pid 1947] +++ exited with 0 +++ [pid 1944] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1944, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 286] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 286] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 66.072322][ T1951] EXT4-fs (loop1): Ignoring removed bh option [ 66.074287][ T1947] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 66.078650][ T1951] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 66.093688][ T1947] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 286] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1951] <... mount resumed>) = 0 [pid 1951] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 1952] <... openat resumed>) = 4 [pid 287] <... umount2 resumed>) = 0 [pid 1951] <... openat resumed>) = 3 [pid 1951] chdir("./file1") = 0 [pid 1951] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1952] ioctl(4, LOOP_CLR_FD [pid 1951] ioctl(4, LOOP_CLR_FD) = 0 [pid 1951] close(4) = 0 [pid 1951] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1952] <... ioctl resumed>) = 0 [pid 283] <... umount2 resumed>) = 0 [pid 1951] <... futex resumed>) = 1 [pid 1951] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1952] close(4 [pid 1949] <... futex resumed>) = 0 [pid 287] umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1952] <... close resumed>) = 0 [pid 1949] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1952] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1949] <... futex resumed>) = 1 [pid 287] newfstatat(AT_FDCWD, "./62/file1", [pid 283] newfstatat(AT_FDCWD, "./63/file1", [pid 1952] <... futex resumed>) = 1 [pid 1949] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1948] <... futex resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1952] openat(AT_FDCWD, "./file1", O_RDWR [pid 1948] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] umount2("./62/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1952] <... openat resumed>) = 4 [pid 1948] <... futex resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1952] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1948] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] openat(AT_FDCWD, "./62/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 283] openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1952] <... futex resumed>) = 0 [pid 1948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1952] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1948] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... openat resumed>) = 4 [pid 283] <... openat resumed>) = 4 [pid 1948] <... futex resumed>) = 0 [pid 1951] <... futex resumed>) = 0 [pid 1948] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1951] openat(AT_FDCWD, "./file1", O_RDWR [pid 287] newfstatat(4, "", [pid 283] newfstatat(4, "", [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./62/file1") = 0 [pid 287] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1952] <... pwrite64 resumed>) = 87490 [pid 1951] <... openat resumed>) = 4 [pid 287] unlink("./62/binderfs" [pid 283] getdents64(4, [pid 1952] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 1952] <... futex resumed>) = 1 [pid 1948] <... futex resumed>) = 0 [pid 283] getdents64(4, [pid 1952] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1948] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 1952] <... openat resumed>) = 5 [pid 1948] <... futex resumed>) = 0 [pid 283] close(4 [pid 1952] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1948] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 283] <... close resumed>) = 0 [pid 1952] <... futex resumed>) = 0 [pid 1948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 283] rmdir("./63/file1" [pid 1952] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1948] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] <... rmdir resumed>) = 0 [pid 1951] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1948] <... futex resumed>) = 0 [pid 287] <... unlink resumed>) = 0 [pid 283] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1948] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] close(3 [pid 283] newfstatat(AT_FDCWD, "./63/binderfs", [pid 287] <... close resumed>) = 0 [pid 287] rmdir("./62" [pid 283] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... rmdir resumed>) = 0 [pid 283] unlink("./63/binderfs" [pid 287] mkdir("./63", 0777) = 0 [pid 283] <... unlink resumed>) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 283] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] close(3) = 0 [pid 283] rmdir("./63" [pid 1951] <... futex resumed>) = 1 [pid 283] <... rmdir resumed>) = 0 [pid 1949] <... futex resumed>) = 0 [pid 283] mkdir("./64", 0777 [pid 1949] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1951] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1949] <... futex resumed>) = 0 [pid 283] <... mkdir resumed>) = 0 [pid 1949] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 66.116745][ T1951] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1951] <... pwrite64 resumed>) = 87490 [pid 1951] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1949] <... futex resumed>) = 0 [pid 1949] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1949] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1951] <... futex resumed>) = 1 [pid 1951] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1951] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1949] <... futex resumed>) = 0 [pid 1949] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1949] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1951] <... futex resumed>) = 1 [pid 1951] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1952] <... pwrite64 resumed>) = 176128 [pid 1952] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1952] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1948] <... futex resumed>) = 0 [pid 1948] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1948] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1952] <... futex resumed>) = 0 [pid 1952] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1951] <... pwrite64 resumed>) = 176128 [pid 1951] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1949] <... futex resumed>) = 0 [pid 1949] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1949] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1951] <... futex resumed>) = 1 [pid 1951] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1952] <... pwrite64 resumed>) = 176128 [pid 1952] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1948] <... futex resumed>) = 0 [pid 1948] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1948] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1952] <... futex resumed>) = 1 [pid 1952] truncate("./file1", 1) = 0 [pid 1952] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1948] <... futex resumed>) = 0 [pid 1948] exit_group(0) = ? [pid 1952] <... futex resumed>) = ? [pid 1952] +++ exited with 0 +++ [pid 1948] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1948, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 285] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 285] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1951] <... pwrite64 resumed>) = 176128 [pid 1951] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1951] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 286] <... umount2 resumed>) = 0 [pid 286] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./66/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./66/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 286] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] close(4) = 0 [pid 286] rmdir("./66/file1") = 0 [pid 286] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./66/binderfs", [pid 1949] <... futex resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 283] <... openat resumed>) = 3 [pid 286] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./66/binderfs" [pid 1949] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] ioctl(3, LOOP_CLR_FD [pid 283] ioctl(3, LOOP_CLR_FD [pid 1949] <... futex resumed>) = 1 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 286] <... unlink resumed>) = 0 [pid 283] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1949] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] close(3 [pid 283] close(3 [pid 286] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] <... close resumed>) = 0 [pid 283] <... close resumed>) = 0 [pid 286] close(3 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 286] <... close resumed>) = 0 [pid 286] rmdir("./66") = 0 [pid 283] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1961 [pid 287] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1962 [pid 286] mkdir("./67", 0777) = 0 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1951] <... futex resumed>) = 0 [pid 1951] truncate("./file1", 1./strace-static-x86_64: Process 1961 attached ./strace-static-x86_64: Process 1962 attached [pid 1961] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1961] chdir("./64") = 0 [pid 1961] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1961] setpgid(0, 0) = 0 [pid 1951] <... truncate resumed>) = 0 [pid 1962] set_robust_list(0x55557fe8a6a0, 24 [pid 1961] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1951] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1962] <... set_robust_list resumed>) = 0 [pid 1962] chdir("./63") = 0 [pid 1962] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1962] setpgid(0, 0) = 0 [pid 1962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1962] write(3, "1000", 4 [pid 1961] <... openat resumed>) = 3 [pid 1962] <... write resumed>) = 4 [pid 1962] close(3) = 0 [pid 1962] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 1962] write(1, "executing program\n", 18) = 18 [pid 1962] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1962] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1962] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1962] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1962] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1962] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1963]}, 88) = 1963 [pid 1962] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1962] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1962] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1949] <... futex resumed>) = 0 [pid 1949] exit_group(0) = ? [pid 1951] <... futex resumed>) = ? ./strace-static-x86_64: Process 1963 attached [pid 1961] write(3, "1000", 4 [pid 1963] set_robust_list(0x7f89653b89a0, 24 [pid 1951] +++ exited with 0 +++ [pid 1949] +++ exited with 0 +++ [pid 1961] <... write resumed>) = 4 [pid 1961] close(3) = 0 [pid 1961] symlink("/dev/binderfs", "./binderfs" [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1949, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 1963] <... set_robust_list resumed>) = 0 [pid 1961] <... symlink resumed>) = 0 executing program [pid 1961] write(1, "executing program\n", 18) = 18 [pid 1961] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1961] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1961] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1961] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1961] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1961] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1961] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1964]}, 88) = 1964 [pid 1961] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1961] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1961] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 284] restart_syscall(<... resuming interrupted clone ...>) = 0 ./strace-static-x86_64: Process 1964 attached [pid 1963] rt_sigprocmask(SIG_SETMASK, [], [pid 284] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1964] set_robust_list(0x7f89653b89a0, 24 [pid 1963] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1963] memfd_create("syzkaller", 0) = 3 [pid 1963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 1964] <... set_robust_list resumed>) = 0 [pid 1964] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1964] memfd_create("syzkaller", 0) = 3 [pid 1964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1963] <... mmap resumed>) = 0x7f895cf98000 [pid 1964] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1963] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 1964] <... write resumed>) = 524288 [pid 1964] munmap(0x7f895cf98000, 138412032) = 0 [pid 1964] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1963] <... write resumed>) = 524288 [pid 1963] munmap(0x7f895cf98000, 138412032) = 0 [ 66.166184][ T1952] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 66.173047][ T1951] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 66.183465][ T1952] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 66.196296][ T1951] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1963] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 286] <... openat resumed>) = 3 [pid 285] <... umount2 resumed>) = 0 [pid 284] <... umount2 resumed>) = 0 [pid 1963] <... openat resumed>) = 4 [pid 286] ioctl(3, LOOP_CLR_FD [pid 285] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1963] ioctl(4, LOOP_SET_FD, 3 [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] close(3 [pid 285] newfstatat(AT_FDCWD, "./63/file1", [pid 284] newfstatat(AT_FDCWD, "./65/file1", [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 284] openat(AT_FDCWD, "./65/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 285] <... openat resumed>) = 4 [pid 284] <... openat resumed>) = 4 [pid 285] newfstatat(4, "", [pid 284] newfstatat(4, "", [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(4, [pid 284] getdents64(4, [pid 285] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] getdents64(4, [pid 284] getdents64(4, [pid 285] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] close(4 [pid 284] close(4 [pid 285] <... close resumed>) = 0 [pid 284] <... close resumed>) = 0 [pid 285] rmdir("./63/file1" [pid 284] rmdir("./65/file1" [pid 285] <... rmdir resumed>) = 0 [pid 284] <... rmdir resumed>) = 0 [pid 285] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./63/binderfs", [pid 284] newfstatat(AT_FDCWD, "./65/binderfs", [pid 285] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] unlink("./63/binderfs" [pid 284] unlink("./65/binderfs" [pid 285] <... unlink resumed>) = 0 [pid 284] <... unlink resumed>) = 0 [pid 285] getdents64(3, [pid 284] getdents64(3, [pid 285] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] close(3 [pid 284] close(3 [pid 285] <... close resumed>) = 0 [pid 284] <... close resumed>) = 0 [pid 285] rmdir("./63" [pid 284] rmdir("./65" [pid 285] <... rmdir resumed>) = 0 [pid 284] <... rmdir resumed>) = 0 [pid 285] mkdir("./64", 0777 [pid 284] mkdir("./66", 0777 [pid 285] <... mkdir resumed>) = 0 [pid 284] <... mkdir resumed>) = 0 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1963] <... ioctl resumed>) = 0 [pid 286] <... close resumed>) = 0 [pid 1964] <... openat resumed>) = 4 [pid 1963] close(3 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1963] <... close resumed>) = 0 [pid 1963] close(4 [pid 1964] ioctl(4, LOOP_SET_FD, 3 [pid 286] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1966 ./strace-static-x86_64: Process 1966 attached [pid 1966] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1966] chdir("./67") = 0 [pid 1966] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1966] setpgid(0, 0) = 0 [pid 1966] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1966] write(3, "1000", 4) = 4 [pid 1966] close(3) = 0 [pid 1966] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1966] write(1, "executing program\n", 18executing program ) = 18 [pid 1966] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1966] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1966] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1966] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1966] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1966] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0}./strace-static-x86_64: Process 1967 attached [pid 1967] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1967] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1967] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1966] <... clone3 resumed> => {parent_tid=[1967]}, 88) = 1967 [pid 1966] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1966] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1967] <... futex resumed>) = 0 [pid 1966] <... futex resumed>) = 1 [pid 1967] memfd_create("syzkaller", 0) = 3 [pid 1967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1966] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1967] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1967] munmap(0x7f895cf98000, 138412032) = 0 [pid 1967] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 285] <... openat resumed>) = 3 [pid 285] ioctl(3, LOOP_CLR_FD [pid 1963] <... close resumed>) = 0 [pid 1963] mkdir("./file1", 0777) = 0 [pid 1963] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1967] <... openat resumed>) = 4 [pid 1964] <... ioctl resumed>) = 0 [pid 285] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 284] <... openat resumed>) = 3 [pid 1964] close(3 [pid 285] close(3 [pid 284] ioctl(3, LOOP_CLR_FD [pid 1964] <... close resumed>) = 0 [pid 285] <... close resumed>) = 0 [pid 284] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1964] close(4 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 284] close(3) = 0 [pid 285] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1969 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1970 ./strace-static-x86_64: Process 1970 attached ./strace-static-x86_64: Process 1969 attached [pid 1967] ioctl(4, LOOP_SET_FD, 3 [pid 1969] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1969] chdir("./64") = 0 [pid 1969] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1969] setpgid(0, 0) = 0 [pid 1969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1969] write(3, "1000", 4) = 4 [pid 1969] close(3) = 0 [pid 1969] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1970] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1970] chdir("./66") = 0 [pid 1970] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1969] write(1, "executing program\n", 18 [pid 1970] <... prctl resumed>) = 0 executing program [pid 1969] <... write resumed>) = 18 [pid 1970] setpgid(0, 0 [pid 1969] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1970] <... setpgid resumed>) = 0 [pid 1970] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1969] <... futex resumed>) = 0 [pid 1969] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1969] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1969] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1970] <... openat resumed>) = 3 [pid 1969] rt_sigprocmask(SIG_BLOCK, ~[], [pid 1970] write(3, "1000", 4) = 4 [pid 1970] close(3 [pid 1969] <... rt_sigprocmask resumed>[], 8) = 0 [pid 1970] <... close resumed>) = 0 [pid 1969] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 1970] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1969] <... clone3 resumed> => {parent_tid=[1971]}, 88) = 1971 [pid 1969] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 executing program [pid 1969] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1970] write(1, "executing program\n", 18 [pid 1969] <... futex resumed>) = 0 [pid 1970] <... write resumed>) = 18 [pid 1969] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1970] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1970] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1970] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1970] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1970] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1970] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1972]}, 88) = 1972 [pid 1970] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1970] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1970] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1971 attached [pid 1971] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1971] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1971] memfd_create("syzkaller", 0) = 3 [pid 1971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1971] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1971] munmap(0x7f895cf98000, 138412032) = 0 [pid 1971] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 1972 attached [pid 1972] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1972] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1972] memfd_create("syzkaller", 0) = 3 [pid 1972] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1972] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1972] munmap(0x7f895cf98000, 138412032) = 0 [ 66.348292][ T1963] EXT4-fs (loop4): Ignoring removed nobh option [ 66.356251][ T1963] EXT4-fs (loop4): Ignoring removed bh option [ 66.363050][ T1963] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1972] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1963] <... mount resumed>) = 0 [pid 1963] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1963] chdir("./file1") = 0 [pid 1963] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1964] <... close resumed>) = 0 [pid 1964] mkdir("./file1", 0777) = 0 [pid 1964] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1963] <... openat resumed>) = 4 [pid 1963] ioctl(4, LOOP_CLR_FD) = 0 [pid 1963] close(4) = 0 [pid 1963] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1962] <... futex resumed>) = 0 [pid 1962] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1962] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1963] <... futex resumed>) = 1 [pid 1963] openat(AT_FDCWD, "./file1", O_RDWR) = 4 [pid 1963] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1962] <... futex resumed>) = 0 [pid 1962] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1962] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1963] <... futex resumed>) = 1 [pid 1963] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900) = 87490 [pid 1963] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1962] <... futex resumed>) = 0 [pid 1962] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1962] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1963] <... futex resumed>) = 1 [pid 1963] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1963] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1962] <... futex resumed>) = 0 [pid 1962] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1962] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1963] <... futex resumed>) = 1 [ 66.386636][ T1963] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 66.430668][ T1964] EXT4-fs (loop0): Ignoring removed nobh option [ 66.437771][ T1964] EXT4-fs (loop0): Ignoring removed bh option [pid 1963] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1972] <... openat resumed>) = 4 [pid 1971] <... openat resumed>) = 4 [pid 1967] <... ioctl resumed>) = 0 [pid 1972] ioctl(4, LOOP_SET_FD, 3 [pid 1971] ioctl(4, LOOP_SET_FD, 3 [pid 1967] close(3) = 0 [pid 1967] close(4 [pid 1963] <... pwrite64 resumed>) = 176128 [pid 1963] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1962] <... futex resumed>) = 0 [pid 1962] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1962] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1963] <... futex resumed>) = 1 [pid 1963] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1971] <... ioctl resumed>) = 0 [pid 1971] close(3) = 0 [pid 1971] close(4 [pid 1972] <... ioctl resumed>) = 0 [pid 1972] close(3) = 0 [pid 1972] close(4 [pid 1967] <... close resumed>) = 0 [pid 1967] mkdir("./file1", 0777) = 0 [pid 1967] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1963] <... pwrite64 resumed>) = 176128 [pid 1963] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1962] <... futex resumed>) = 0 [pid 1962] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1962] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1963] truncate("./file1", 1) = 0 [pid 1963] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1963] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1962] <... futex resumed>) = 0 [pid 1962] exit_group(0) = ? [pid 1963] <... futex resumed>) = ? [pid 1963] +++ exited with 0 +++ [pid 1962] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1962, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 66.439312][ T1963] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 66.444041][ T1964] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 66.468901][ T1963] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 287] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1964] <... mount resumed>) = 0 [pid 1964] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1964] chdir("./file1") = 0 [pid 1964] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 1964] ioctl(4, LOOP_CLR_FD) = 0 [pid 1964] close(4) = 0 [pid 1964] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1961] <... futex resumed>) = 0 [pid 1961] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1972] <... close resumed>) = 0 [pid 1971] <... close resumed>) = 0 [pid 1961] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1964] <... futex resumed>) = 1 [pid 1964] openat(AT_FDCWD, "./file1", O_RDWR) = 4 [pid 1964] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1961] <... futex resumed>) = 0 [pid 1961] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1961] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1964] <... futex resumed>) = 1 [ 66.488136][ T1964] EXT4-fs (loop0): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [pid 1964] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1972] mkdir("./file1", 0777 [pid 1971] mkdir("./file1", 0777 [pid 1964] <... pwrite64 resumed>) = 87490 [pid 1972] <... mkdir resumed>) = 0 [pid 1971] <... mkdir resumed>) = 0 [pid 1972] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1971] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1964] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1964] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1961] <... futex resumed>) = 0 [pid 1961] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1961] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1964] <... futex resumed>) = 0 [pid 1964] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1964] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1961] <... futex resumed>) = 0 [pid 1961] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1961] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1964] <... futex resumed>) = 1 [pid 1964] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1964] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1964] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1961] <... futex resumed>) = 0 [pid 1961] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1961] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1964] <... futex resumed>) = 0 [ 66.543074][ T1967] EXT4-fs (loop3): Ignoring removed nobh option [ 66.555702][ T1967] EXT4-fs (loop3): Ignoring removed bh option [ 66.561867][ T1967] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 66.564637][ T1964] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1964] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1964] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1961] <... futex resumed>) = 0 [pid 1961] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1961] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1964] <... futex resumed>) = 1 [pid 1964] truncate("./file1", 1 [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1964] <... truncate resumed>) = 0 [pid 1964] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1961] <... futex resumed>) = 0 [pid 1961] exit_group(0) = ? [pid 1964] <... futex resumed>) = ? [pid 1964] +++ exited with 0 +++ [pid 1961] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1961, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [ 66.589289][ T1964] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 66.607131][ T1972] EXT4-fs (loop1): Ignoring removed nobh option [ 66.613922][ T1971] EXT4-fs (loop2): Ignoring removed nobh option [pid 283] restart_syscall(<... resuming interrupted clone ...> [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... restart_syscall resumed>) = 0 [pid 283] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] newfstatat(AT_FDCWD, "./63/file1", [pid 1967] <... mount resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./63/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./63/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./63/file1") = 0 [pid 287] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./63/binderfs") = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./63") = 0 [pid 287] mkdir("./64", 0777) = 0 [pid 1967] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1967] <... openat resumed>) = 3 [pid 287] <... openat resumed>) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1967] chdir("./file1" [pid 287] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1982 [pid 1967] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 1982 attached [pid 283] <... umount2 resumed>) = 0 [pid 283] umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./64/file1", [pid 1982] set_robust_list(0x55557fe8a6a0, 24 [pid 1967] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1982] <... set_robust_list resumed>) = 0 [pid 283] umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW [ 66.617344][ T1967] EXT4-fs (loop3): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 66.622230][ T1972] EXT4-fs (loop1): Ignoring removed bh option [ 66.645479][ T1971] EXT4-fs (loop2): Ignoring removed bh option [ 66.650564][ T1972] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 66.656607][ T1971] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1982] chdir("./64") = 0 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1972] <... mount resumed>) = 0 [pid 1972] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1972] chdir("./file1") = 0 [pid 1972] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 1982] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 283] openat(AT_FDCWD, "./64/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1982] <... prctl resumed>) = 0 [pid 283] <... openat resumed>) = 4 [pid 1982] setpgid(0, 0 [pid 283] newfstatat(4, "", [pid 1982] <... setpgid resumed>) = 0 [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 1982] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 283] getdents64(4, [pid 1982] <... openat resumed>) = 3 [pid 283] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 1982] write(3, "1000", 4 [pid 283] getdents64(4, [pid 1982] <... write resumed>) = 4 [pid 283] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 1982] close(3 [pid 283] close(4 [pid 1982] <... close resumed>) = 0 [pid 283] <... close resumed>) = 0 [pid 1982] symlink("/dev/binderfs", "./binderfs" [pid 283] rmdir("./64/file1" [pid 1982] <... symlink resumed>) = 0 [pid 283] <... rmdir resumed>) = 0 executing program [pid 1982] write(1, "executing program\n", 18 [pid 283] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1982] <... write resumed>) = 18 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 1982] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] newfstatat(AT_FDCWD, "./64/binderfs", [pid 1982] <... futex resumed>) = 0 [pid 283] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1982] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 283] unlink("./64/binderfs" [pid 1982] <... rt_sigaction resumed>NULL, 8) = 0 [pid 283] <... unlink resumed>) = 0 [pid 1982] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 283] getdents64(3, [pid 1982] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 283] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 1982] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 283] close(3 [pid 1982] <... mmap resumed>) = 0x7f8965398000 [pid 283] <... close resumed>) = 0 [pid 1982] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 283] rmdir("./64" [pid 1982] <... mprotect resumed>) = 0 [pid 283] <... rmdir resumed>) = 0 [pid 1982] rt_sigprocmask(SIG_BLOCK, ~[], [pid 283] mkdir("./65", 0777 [pid 1982] <... rt_sigprocmask resumed>[], 8) = 0 [pid 283] <... mkdir resumed>) = 0 [pid 1982] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1982] <... clone3 resumed> => {parent_tid=[1987]}, 88) = 1987 [pid 1982] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1982] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1982] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 1987 attached [pid 1987] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1987] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1987] memfd_create("syzkaller", 0) = 3 [pid 1987] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1987] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1987] munmap(0x7f895cf98000, 138412032) = 0 [pid 1987] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 1971] <... mount resumed>) = 0 [pid 1971] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1971] chdir("./file1") = 0 [pid 1971] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 1971] ioctl(4, LOOP_CLR_FD) = 0 [pid 1971] close(4 [pid 1987] <... openat resumed>) = 4 [pid 1972] <... openat resumed>) = 4 [pid 1971] <... close resumed>) = 0 [pid 1967] <... openat resumed>) = 4 [pid 283] <... openat resumed>) = 3 [pid 1972] ioctl(4, LOOP_CLR_FD [pid 1967] ioctl(4, LOOP_CLR_FD [pid 283] ioctl(3, LOOP_CLR_FD [pid 1972] <... ioctl resumed>) = 0 [pid 1967] <... ioctl resumed>) = 0 [pid 283] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 1972] close(4 [pid 1967] close(4 [pid 283] close(3 [pid 1972] <... close resumed>) = 0 [pid 1967] <... close resumed>) = 0 [pid 283] <... close resumed>) = 0 [pid 1972] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1967] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1972] <... futex resumed>) = 1 [pid 1970] <... futex resumed>) = 0 [pid 1967] <... futex resumed>) = 1 [pid 1966] <... futex resumed>) = 0 [pid 1972] openat(AT_FDCWD, "./file1", O_RDWR [pid 1970] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1967] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1966] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1972] <... openat resumed>) = 4 [pid 1970] <... futex resumed>) = 0 [pid 1967] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1966] <... futex resumed>) = 0 [pid 283] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1988 [pid 1972] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1970] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1967] openat(AT_FDCWD, "./file1", O_RDWR [pid 1966] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1972] <... futex resumed>) = 0 [pid 1970] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1967] <... openat resumed>) = 4 [pid 1972] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1970] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1967] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1972] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 66.699968][ T1972] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 66.700176][ T1971] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [pid 1970] <... futex resumed>) = 0 [pid 1967] <... futex resumed>) = 1 [pid 1966] <... futex resumed>) = 0 [pid 1972] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1970] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1967] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1966] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 1988 attached [pid 1987] ioctl(4, LOOP_SET_FD, 3 [pid 1972] <... pwrite64 resumed>) = 87490 [pid 1971] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1967] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1966] <... futex resumed>) = 0 [pid 1972] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1967] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1966] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1988] set_robust_list(0x55557fe8a6a0, 24 [pid 1971] <... futex resumed>) = 1 [pid 1969] <... futex resumed>) = 0 [pid 1988] <... set_robust_list resumed>) = 0 [pid 1971] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1969] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1988] chdir("./65" [pid 1972] <... futex resumed>) = 1 [pid 1971] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1970] <... futex resumed>) = 0 [pid 1969] <... futex resumed>) = 0 [pid 1967] <... pwrite64 resumed>) = 87490 [pid 1972] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1970] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1969] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1967] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1987] <... ioctl resumed>) = 0 [pid 1971] openat(AT_FDCWD, "./file1", O_RDWR [pid 1987] close(3 [pid 1972] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1970] <... futex resumed>) = 0 [pid 1967] <... futex resumed>) = 1 [pid 1966] <... futex resumed>) = 0 [pid 1972] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1970] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1967] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1966] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1972] <... openat resumed>) = 5 [pid 1967] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1966] <... futex resumed>) = 0 [pid 1972] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1967] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1966] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1972] <... futex resumed>) = 1 [pid 1970] <... futex resumed>) = 0 [pid 1967] <... openat resumed>) = 5 [pid 1972] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1970] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1967] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1972] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1970] <... futex resumed>) = 0 [pid 1967] <... futex resumed>) = 1 [pid 1966] <... futex resumed>) = 0 [pid 1972] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1970] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1967] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1966] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1988] <... chdir resumed>) = 0 [pid 1987] <... close resumed>) = 0 [pid 1971] <... openat resumed>) = 4 [pid 1988] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 1987] close(4 [pid 1971] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1988] <... prctl resumed>) = 0 [pid 1972] <... pwrite64 resumed>) = 176128 [pid 1971] <... futex resumed>) = 1 [pid 1969] <... futex resumed>) = 0 [pid 1967] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1966] <... futex resumed>) = 0 [pid 1969] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1967] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1966] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1988] setpgid(0, 0 [pid 1972] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1971] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1969] <... futex resumed>) = 0 [pid 1988] <... setpgid resumed>) = 0 [pid 1972] <... futex resumed>) = 1 [pid 1971] <... pwrite64 resumed>) = 87490 [pid 1970] <... futex resumed>) = 0 [pid 1969] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 1972] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1971] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1988] <... openat resumed>) = 3 [pid 1971] <... futex resumed>) = 0 [pid 1988] write(3, "1000", 4 [pid 1971] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1988] <... write resumed>) = 4 [pid 1988] close(3) = 0 [pid 1988] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1988] write(1, "executing program\n", 18executing program ) = 18 [pid 1988] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1988] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1988] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1988] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1988] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1988] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1990]}, 88) = 1990 [pid 1988] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1988] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1988] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1970] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1972] <... futex resumed>) = 0 [pid 1970] <... futex resumed>) = 1 [ 66.791322][ T1972] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 66.812145][ T1967] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 66.822149][ T1972] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1972] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1970] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 1990 attached [pid 1969] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1967] <... pwrite64 resumed>) = 176128 [pid 1990] set_robust_list(0x7f89653b89a0, 24 [pid 1969] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1967] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1990] <... set_robust_list resumed>) = 0 [pid 1971] <... futex resumed>) = 0 [pid 1969] <... futex resumed>) = 1 [pid 1990] rt_sigprocmask(SIG_SETMASK, [], [pid 1971] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 1969] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1967] <... futex resumed>) = 1 [pid 1966] <... futex resumed>) = 0 [pid 1990] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 1971] <... openat resumed>) = 5 [pid 1967] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1966] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1990] memfd_create("syzkaller", 0 [pid 1972] <... pwrite64 resumed>) = 176128 [pid 1971] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1966] <... futex resumed>) = 0 [pid 1972] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1970] <... futex resumed>) = 0 [pid 1972] truncate("./file1", 1 [pid 1970] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1972] <... truncate resumed>) = 0 [pid 1970] <... futex resumed>) = 0 [pid 1970] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1972] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1970] <... futex resumed>) = 0 [pid 1970] exit_group(0) = ? [pid 1972] <... futex resumed>) = ? [pid 1972] +++ exited with 0 +++ [pid 1970] +++ exited with 0 +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1970, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 284] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1990] <... memfd_create resumed>) = 3 [pid 1990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1990] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1990] munmap(0x7f895cf98000, 138412032) = 0 [pid 1990] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1971] <... futex resumed>) = 1 [pid 1971] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1966] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1969] <... futex resumed>) = 0 [pid 1969] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1971] <... futex resumed>) = 0 [pid 1969] <... futex resumed>) = 1 [pid 1971] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1969] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1987] <... close resumed>) = 0 [pid 1967] <... pwrite64 resumed>) = 176128 [pid 1987] mkdir("./file1", 0777 [pid 1967] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1966] <... futex resumed>) = 0 [pid 1987] <... mkdir resumed>) = 0 [pid 1966] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1987] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1966] <... futex resumed>) = 0 [pid 1966] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1967] <... futex resumed>) = 1 [pid 1967] truncate("./file1", 1) = 0 [pid 1967] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1966] <... futex resumed>) = 0 [pid 1966] exit_group(0) = ? [pid 1967] <... futex resumed>) = ? [pid 1967] +++ exited with 0 +++ [pid 1966] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1966, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- [pid 286] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 286] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 286] umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1971] <... pwrite64 resumed>) = 176128 [pid 1971] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1969] <... futex resumed>) = 0 [pid 1969] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1969] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1971] <... futex resumed>) = 1 [pid 1971] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1990] <... openat resumed>) = 4 [pid 1990] ioctl(4, LOOP_SET_FD, 3 [pid 1971] <... pwrite64 resumed>) = 176128 [pid 1971] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1969] <... futex resumed>) = 0 [pid 1969] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1969] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1971] <... futex resumed>) = 1 [pid 1971] truncate("./file1", 1 [pid 1990] <... ioctl resumed>) = 0 [pid 1990] close(3) = 0 [pid 1990] close(4 [pid 1971] <... truncate resumed>) = 0 [pid 1971] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1971] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1969] <... futex resumed>) = 0 [pid 1969] exit_group(0) = ? [pid 1971] <... futex resumed>) = ? [pid 1971] +++ exited with 0 +++ [pid 1969] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1969, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 285] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 285] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1990] <... close resumed>) = 0 [ 66.828128][ T1967] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 66.859786][ T1971] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 66.875844][ T1971] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1990] mkdir("./file1", 0777) = 0 [ 66.917146][ T1987] EXT4-fs (loop4): Ignoring removed nobh option [ 66.925758][ T1987] EXT4-fs (loop4): Ignoring removed bh option [ 66.931861][ T1987] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1990] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1987] <... mount resumed>) = 0 [pid 1987] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1987] chdir("./file1") = 0 [pid 1987] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 284] <... umount2 resumed>) = 0 [pid 284] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./66/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./66/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 284] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] close(4) = 0 [pid 284] rmdir("./66/file1") = 0 [pid 284] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] unlink("./66/binderfs") = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] close(3) = 0 [pid 284] rmdir("./66") = 0 [pid 284] mkdir("./67", 0777) = 0 [ 66.945925][ T1987] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWRexecuting program [pid 1987] <... openat resumed>) = 4 [pid 286] <... umount2 resumed>) = 0 [pid 285] <... umount2 resumed>) = 0 [pid 284] <... openat resumed>) = 3 [pid 286] umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] ioctl(3, LOOP_CLR_FD [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 286] newfstatat(AT_FDCWD, "./67/file1", [pid 284] close(3 [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] <... close resumed>) = 0 [pid 286] umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./67/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] newfstatat(4, "", [pid 284] <... clone resumed>, child_tidptr=0x55557fe8a690) = 1994 [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 286] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] close(4) = 0 [pid 286] rmdir("./67/file1") = 0 [pid 286] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./67/binderfs") = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] close(3) = 0 [pid 286] rmdir("./67") = 0 [pid 286] mkdir("./68", 0777) = 0 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 286] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 286] close(3) = 0 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 1995 [pid 1987] ioctl(4, LOOP_CLR_FD) = 0 [pid 1987] close(4) = 0 [pid 1987] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1982] <... futex resumed>) = 0 [pid 1982] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1982] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1987] <... futex resumed>) = 1 [pid 1987] openat(AT_FDCWD, "./file1", O_RDWR) = 4 [pid 1987] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1982] <... futex resumed>) = 0 [pid 1982] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1982] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1987] <... futex resumed>) = 1 [pid 1987] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900) = 87490 ./strace-static-x86_64: Process 1994 attached [pid 1994] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1987] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1994] chdir("./67" [pid 1982] <... futex resumed>) = 0 [pid 1982] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1982] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1987] <... futex resumed>) = 1 [pid 1987] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1987] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1994] <... chdir resumed>) = 0 [pid 1982] <... futex resumed>) = 0 [pid 1982] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1982] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1987] <... futex resumed>) = 1 [pid 1987] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1994] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1994] setpgid(0, 0) = 0 [pid 1994] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1994] write(3, "1000", 4) = 4 [pid 1994] close(3) = 0 [pid 1994] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1994] write(1, "executing program\n", 18) = 18 [pid 1994] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1994] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1994] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1994] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1994] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1994] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 1994] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[1996]}, 88) = 1996 [pid 1994] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1994] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1994] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 285] umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./64/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 1987] <... pwrite64 resumed>) = 176128 [pid 1987] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1982] <... futex resumed>) = 0 [pid 1982] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1982] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1987] <... futex resumed>) = 1 [ 67.069110][ T1990] EXT4-fs (loop0): Ignoring removed nobh option [ 67.086148][ T1987] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 67.088816][ T1990] EXT4-fs (loop0): Ignoring removed bh option [pid 1987] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864./strace-static-x86_64: Process 1996 attached ./strace-static-x86_64: Process 1995 attached [pid 285] openat(AT_FDCWD, "./64/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1987] <... pwrite64 resumed>) = 176128 [pid 1987] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1982] <... futex resumed>) = 0 [pid 1982] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1982] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1987] <... futex resumed>) = 1 [pid 1987] truncate("./file1", 1) = 0 [pid 1987] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1982] <... futex resumed>) = 0 [pid 1982] exit_group(0) = ? [pid 1987] <... futex resumed>) = ? [pid 1987] +++ exited with 0 +++ [pid 1982] +++ exited with 0 +++ [pid 1996] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 1996] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1996] memfd_create("syzkaller", 0) = 3 [pid 1996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1996] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1996] munmap(0x7f895cf98000, 138412032) = 0 [pid 1996] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1996] ioctl(4, LOOP_SET_FD, 3 [pid 1995] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 1995] chdir("./68") = 0 [pid 1995] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 1995] setpgid(0, 0) = 0 [pid 1995] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 1995] write(3, "1000", 4) = 4 [pid 1995] close(3) = 0 executing program [pid 1995] symlink("/dev/binderfs", "./binderfs") = 0 [pid 1995] write(1, "executing program\n", 18) = 18 [pid 1995] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1995] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 1995] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 1995] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 1995] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 1995] rt_sigprocmask(SIG_BLOCK, ~[], [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1982, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 285] <... openat resumed>) = 4 [pid 1995] <... rt_sigprocmask resumed>[], 8) = 0 [pid 285] newfstatat(4, "", [pid 1995] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] getdents64(4, [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 285] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 1995] <... clone3 resumed> => {parent_tid=[1998]}, 88) = 1998 [pid 1995] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 287] <... openat resumed>) = 3 [pid 285] getdents64(4, [pid 1995] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] newfstatat(3, "", [pid 285] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 1995] <... futex resumed>) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] close(4 [pid 1995] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 287] getdents64(3, [pid 285] <... close resumed>) = 0 [pid 287] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] rmdir("./64/file1" [pid 287] umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... rmdir resumed>) = 0 [pid 285] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] unlink("./64/binderfs") = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] close(3) = 0 [pid 285] rmdir("./64") = 0 [pid 285] mkdir("./65", 0777) = 0 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 1998 attached [pid 1996] <... ioctl resumed>) = 0 [pid 1998] set_robust_list(0x7f89653b89a0, 24 [pid 1996] close(3 [pid 1998] <... set_robust_list resumed>) = 0 [pid 1998] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 1996] <... close resumed>) = 0 [pid 1996] close(4 [pid 1998] memfd_create("syzkaller", 0) = 3 [pid 1998] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 1998] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 1998] munmap(0x7f895cf98000, 138412032) = 0 [pid 1998] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 1990] <... mount resumed>) = 0 [pid 1990] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1990] chdir("./file1") = 0 [pid 1990] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 285] <... openat resumed>) = 3 [pid 285] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 285] close(3) = 0 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 2001 ./strace-static-x86_64: Process 2001 attached [pid 2001] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 2001] chdir("./65" [pid 287] <... umount2 resumed>) = 0 [pid 1998] <... openat resumed>) = 4 [pid 1990] <... openat resumed>) = 4 [pid 1998] ioctl(4, LOOP_SET_FD, 3 [pid 1990] ioctl(4, LOOP_CLR_FD) = 0 [pid 1990] close(4 [pid 2001] <... chdir resumed>) = 0 [pid 2001] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 287] umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2001] <... prctl resumed>) = 0 [pid 2001] setpgid(0, 0) = 0 [pid 2001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2001] write(3, "1000", 4) = 4 [pid 2001] close(3) = 0 [pid 2001] symlink("/dev/binderfs", "./binderfs" [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2001] <... symlink resumed>) = 0 [pid 2001] write(1, "executing program\n", 18executing program ) = 18 [pid 2001] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2001] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 2001] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2001] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 2001] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2001] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2001] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[2003]}, 88) = 2003 [pid 287] newfstatat(AT_FDCWD, "./64/file1", [pid 2001] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2001] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2001] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2003 attached [pid 2003] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 2003] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2003] memfd_create("syzkaller", 0) = 3 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 287] umount2("./64/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./64/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1998] <... ioctl resumed>) = 0 [pid 287] <... openat resumed>) = 4 [pid 1998] close(3) = 0 [pid 1998] close(4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./64/file1") = 0 [pid 287] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./64/binderfs") = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 2003] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 287] rmdir("./64") = 0 [pid 287] mkdir("./65", 0777) = 0 [ 67.101782][ T1987] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 67.112833][ T1990] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 67.144103][ T1990] EXT4-fs (loop0): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2003] <... write resumed>) = 524288 [pid 2003] munmap(0x7f895cf98000, 138412032) = 0 [pid 2003] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 1996] <... close resumed>) = 0 [pid 1990] <... close resumed>) = 0 [pid 1996] mkdir("./file1", 0777 [pid 1990] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1988] <... futex resumed>) = 0 [pid 1996] <... mkdir resumed>) = 0 [pid 1990] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1996] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1990] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1988] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1990] openat(AT_FDCWD, "./file1", O_RDWR [pid 1988] <... futex resumed>) = 0 [pid 1988] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1990] <... openat resumed>) = 4 [pid 1990] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1988] <... futex resumed>) = 0 [pid 1990] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1988] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1990] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1988] <... futex resumed>) = 0 [pid 1990] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1988] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1990] <... pwrite64 resumed>) = 87490 [pid 1990] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1988] <... futex resumed>) = 0 [pid 1990] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1988] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1990] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 1988] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1990] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1990] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1990] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1988] <... futex resumed>) = 0 [pid 1988] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 1990] <... futex resumed>) = 0 [pid 1988] <... futex resumed>) = 1 [pid 1990] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1988] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1990] <... pwrite64 resumed>) = 176128 [pid 1990] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1988] <... futex resumed>) = 0 [pid 1990] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 1988] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1988] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1990] <... pwrite64 resumed>) = 176128 [pid 1990] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1988] <... futex resumed>) = 0 [pid 1990] truncate("./file1", 1 [pid 1988] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1988] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1990] <... truncate resumed>) = 0 [pid 1990] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1988] <... futex resumed>) = 0 [pid 1990] <... futex resumed>) = 1 [pid 1988] exit_group(0) = ? [pid 1990] +++ exited with 0 +++ [pid 1988] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1988, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 283] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 283] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 67.254537][ T1990] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 67.269718][ T1990] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 283] umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1998] <... close resumed>) = 0 [pid 2003] <... openat resumed>) = 4 [pid 287] <... openat resumed>) = 3 [pid 2003] ioctl(4, LOOP_SET_FD, 3 [pid 1998] mkdir("./file1", 0777 [pid 287] ioctl(3, LOOP_CLR_FD [pid 1998] <... mkdir resumed>) = 0 [ 67.326438][ T1996] EXT4-fs (loop1): Ignoring removed nobh option [ 67.332877][ T1996] EXT4-fs (loop1): Ignoring removed bh option [ 67.339052][ T1996] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 1998] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 1996] <... mount resumed>) = 0 [pid 1996] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1996] chdir("./file1") = 0 [pid 1996] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 1996] ioctl(4, LOOP_CLR_FD) = 0 [pid 1996] close(4) = 0 [pid 1996] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1996] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1994] <... futex resumed>) = 0 [pid 283] <... umount2 resumed>) = 0 [pid 1994] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 1994] <... futex resumed>) = 1 [pid 2003] <... ioctl resumed>) = 0 [pid 1994] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2003] close(3) = 0 [pid 2003] close(4 [pid 1996] <... futex resumed>) = 0 [pid 1996] openat(AT_FDCWD, "./file1", O_RDWR) = 4 [pid 1996] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1994] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 287] close(3 [pid 283] newfstatat(AT_FDCWD, "./65/file1", [pid 1996] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1994] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1994] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1996] <... futex resumed>) = 0 [pid 1996] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900) = 87490 [pid 1996] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1994] <... futex resumed>) = 0 [pid 1994] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1994] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1996] <... futex resumed>) = 1 [pid 1996] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1996] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1994] <... futex resumed>) = 0 [pid 1994] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1994] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1996] <... futex resumed>) = 1 [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1996] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 283] umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./65/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] close(4) = 0 [pid 283] rmdir("./65/file1" [pid 1996] <... pwrite64 resumed>) = 176128 [pid 1996] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] <... rmdir resumed>) = 0 [pid 283] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] unlink("./65/binderfs") = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] close(3) = 0 [pid 283] rmdir("./65") = 0 [pid 1994] <... futex resumed>) = 0 [pid 283] mkdir("./66", 0777 [pid 1996] <... futex resumed>) = 1 [pid 1994] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 283] <... mkdir resumed>) = 0 [pid 2003] <... close resumed>) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 283] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 283] close(3) = 0 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] <... close resumed>) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 2009 [pid 283] <... clone resumed>, child_tidptr=0x55557fe8a690) = 2008 ./strace-static-x86_64: Process 2009 attached [pid 2009] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 2009] chdir("./65") = 0 [pid 2009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2009] setpgid(0, 0 [pid 2003] mkdir("./file1", 0777 [pid 1994] <... futex resumed>) = 0 [pid 2009] <... setpgid resumed>) = 0 [pid 2009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2003] <... mkdir resumed>) = 0 [pid 1994] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2003] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"..../strace-static-x86_64: Process 2008 attached [pid 2009] <... openat resumed>) = 3 [pid 2008] set_robust_list(0x55557fe8a6a0, 24 [pid 2009] write(3, "1000", 4 [pid 2008] <... set_robust_list resumed>) = 0 [pid 2009] <... write resumed>) = 4 [pid 2008] chdir("./66" [pid 2009] close(3) = 0 [pid 2009] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2008] <... chdir resumed>) = 0 [pid 2008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2008] setpgid(0, 0) = 0 [pid 2008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2009] write(1, "executing program\n", 18 [pid 2008] <... openat resumed>) = 3 [pid 1996] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864executing program [pid 2009] <... write resumed>) = 18 [ 67.356363][ T1996] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 67.382669][ T1998] EXT4-fs (loop3): Ignoring removed nobh option [ 67.389072][ T1998] EXT4-fs (loop3): Ignoring removed bh option [ 67.395282][ T1998] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 67.400005][ T1996] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata executing program [pid 2008] write(3, "1000", 4) = 4 [pid 2008] close(3) = 0 [pid 2008] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2008] write(1, "executing program\n", 18) = 18 [pid 2008] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2008] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 2008] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 2008] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2008] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2008] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[2011]}, 88) = 2011 [pid 2008] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2008] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2008] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 1998] <... mount resumed>) = 0 [pid 1998] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 1998] chdir("./file1") = 0 [pid 1998] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2009] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2009] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 2009] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 2009] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2009] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2009] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[2012]}, 88) = 2012 [pid 2009] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2009] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2009] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2012 attached [pid 2012] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 2012] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2012] memfd_create("syzkaller", 0) = 3 [pid 2012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 2012] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2012] munmap(0x7f895cf98000, 138412032) = 0 [pid 2012] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 2011 attached [pid 2011] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 2011] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2011] memfd_create("syzkaller", 0) = 3 [pid 2011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 2011] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2011] munmap(0x7f895cf98000, 138412032) = 0 [pid 2011] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 1996] <... pwrite64 resumed>) = 176128 [pid 1996] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1994] <... futex resumed>) = 0 [pid 1994] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1994] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1996] <... futex resumed>) = 1 [pid 1996] truncate("./file1", 1) = 0 [pid 1996] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1996] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1994] <... futex resumed>) = 0 [pid 1994] exit_group(0) = ? [pid 1996] <... futex resumed>) = ? [pid 1996] +++ exited with 0 +++ [pid 1994] +++ exited with 0 +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1994, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 284] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 284] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 67.434800][ T1998] EXT4-fs (loop3): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 67.435050][ T1996] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 284] umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2012] <... openat resumed>) = 4 [pid 1998] <... openat resumed>) = 4 [pid 2012] ioctl(4, LOOP_SET_FD, 3 [pid 1998] ioctl(4, LOOP_CLR_FD) = 0 [pid 1998] close(4 [pid 2012] <... ioctl resumed>) = 0 [pid 2012] close(3) = 0 [pid 2012] close(4 [pid 2011] <... openat resumed>) = 4 [pid 2011] ioctl(4, LOOP_SET_FD, 3 [pid 1998] <... close resumed>) = 0 [pid 284] <... umount2 resumed>) = 0 [pid 284] umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./67/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 1998] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 1998] <... futex resumed>) = 1 [pid 1995] <... futex resumed>) = 0 [pid 284] openat(AT_FDCWD, "./67/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 1998] openat(AT_FDCWD, "./file1", O_RDWR [pid 1995] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... openat resumed>) = 4 [pid 1995] <... futex resumed>) = 0 [pid 284] newfstatat(4, "", [pid 1995] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1998] <... openat resumed>) = 4 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] close(4) = 0 [pid 1998] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1995] <... futex resumed>) = 0 [pid 284] rmdir("./67/file1" [pid 1998] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 1995] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 284] <... rmdir resumed>) = 0 [pid 284] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] unlink("./67/binderfs") = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] close(3) = 0 [pid 284] rmdir("./67") = 0 [pid 284] mkdir("./68", 0777) = 0 [pid 1998] <... pwrite64 resumed>) = 87490 [pid 1995] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2011] <... ioctl resumed>) = 0 [pid 2011] close(3) = 0 [pid 2011] close(4 [pid 1998] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1995] <... futex resumed>) = 0 [pid 1995] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1995] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1998] <... futex resumed>) = 1 [pid 1998] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 1998] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1995] <... futex resumed>) = 0 [pid 1995] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1995] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1998] <... futex resumed>) = 1 [pid 1998] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 1998] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1998] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 1995] <... futex resumed>) = 0 [pid 1995] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 1995] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 1998] <... futex resumed>) = 0 [ 67.488114][ T2003] EXT4-fs (loop2): Ignoring removed nobh option [ 67.494777][ T2003] EXT4-fs (loop2): Ignoring removed bh option [ 67.509452][ T2003] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 67.516624][ T1998] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 1998] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2012] <... close resumed>) = 0 [pid 2012] mkdir("./file1", 0777 [pid 2011] <... close resumed>) = 0 [pid 2012] <... mkdir resumed>) = 0 [pid 2011] mkdir("./file1", 0777) = 0 [pid 2012] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 2011] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 284] <... openat resumed>) = 3 [pid 284] ioctl(3, LOOP_CLR_FD) = 0 [pid 284] close(3) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 1998] <... pwrite64 resumed>) = 176128 [pid 1998] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1995] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 1995] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 1995] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 284] <... clone resumed>, child_tidptr=0x55557fe8a690) = 2016 [pid 1995] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 1998] <... futex resumed>) = 1 [pid 1998] truncate("./file1", 1) = 0 [pid 1998] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 1995] <... futex resumed>) = 0 [pid 1995] exit_group(0) = ? [pid 1998] <... futex resumed>) = ? [pid 1998] +++ exited with 0 +++ [pid 1995] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=1995, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [ 67.537076][ T1998] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 67.553890][ T2011] EXT4-fs (loop0): Ignoring removed nobh option [ 67.560311][ T2011] EXT4-fs (loop0): Ignoring removed bh option [ 67.560454][ T2012] EXT4-fs (loop4): Ignoring removed nobh option [ 67.567175][ T2011] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 286] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 286] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 286] umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 2016 attached [pid 2016] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 2016] chdir("./68") = 0 [pid 2016] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2016] setpgid(0, 0) = 0 [pid 2016] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2016] write(3, "1000", 4) = 4 [pid 2016] close(3) = 0 [pid 2016] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2016] write(1, "executing program\n", 18executing program ) = 18 [pid 2016] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2016] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 2016] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2016] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 2016] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2016] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2016] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[2019]}, 88) = 2019 [pid 2016] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2016] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2016] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2019 attached [pid 2019] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 2019] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2019] memfd_create("syzkaller", 0) = 3 [pid 2019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 2019] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2019] munmap(0x7f895cf98000, 138412032) = 0 [ 67.592416][ T2012] EXT4-fs (loop4): Ignoring removed bh option [ 67.600451][ T2012] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 2019] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2003] <... mount resumed>) = 0 [pid 2003] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 2003] chdir("./file1") = 0 [pid 2003] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2011] <... mount resumed>) = 0 [pid 2011] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 2011] chdir("./file1") = 0 [ 67.622891][ T2003] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 67.644035][ T2011] EXT4-fs (loop0): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [pid 2011] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2019] <... openat resumed>) = 4 [pid 2019] ioctl(4, LOOP_SET_FD, 3 [pid 2012] <... mount resumed>) = 0 [pid 2012] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 2019] <... ioctl resumed>) = 0 [pid 2012] <... openat resumed>) = 3 [pid 2019] close(3 [pid 2012] chdir("./file1" [pid 2019] <... close resumed>) = 0 [pid 2012] <... chdir resumed>) = 0 [pid 2012] openat(AT_FDCWD, "/dev/loop4", O_RDWR [ 67.673400][ T2012] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [pid 2019] close(4) = 0 [pid 2011] <... openat resumed>) = 4 [pid 2003] <... openat resumed>) = 4 [pid 2019] mkdir("./file1", 0777 [pid 2011] ioctl(4, LOOP_CLR_FD [pid 2019] <... mkdir resumed>) = 0 [pid 2011] <... ioctl resumed>) = 0 [pid 2019] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 2011] close(4 [pid 2012] <... openat resumed>) = 4 [pid 2003] ioctl(4, LOOP_CLR_FD [pid 286] <... umount2 resumed>) = 0 [pid 286] umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./68/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./68/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 2011] <... close resumed>) = 0 [pid 286] getdents64(4, [pid 2011] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 2011] <... futex resumed>) = 1 [pid 2008] <... futex resumed>) = 0 [pid 286] close(4 [pid 2011] openat(AT_FDCWD, "./file1", O_RDWR [pid 2008] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... close resumed>) = 0 [pid 2008] <... futex resumed>) = 0 [pid 286] rmdir("./68/file1" [pid 2011] <... openat resumed>) = 4 [pid 2008] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] <... rmdir resumed>) = 0 [pid 2011] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2008] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 286] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2011] <... futex resumed>) = 0 [pid 2008] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2003] <... ioctl resumed>) = 0 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2011] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 2008] <... futex resumed>) = 0 [pid 2003] close(4 [pid 286] newfstatat(AT_FDCWD, "./68/binderfs", [pid 2008] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2003] <... close resumed>) = 0 [pid 286] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2003] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] unlink("./68/binderfs" [pid 2003] <... futex resumed>) = 1 [pid 2001] <... futex resumed>) = 0 [pid 286] <... unlink resumed>) = 0 [pid 2003] openat(AT_FDCWD, "./file1", O_RDWR [pid 2001] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] getdents64(3, [pid 2001] <... futex resumed>) = 0 [pid 286] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 2001] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] close(3) = 0 [pid 2012] ioctl(4, LOOP_CLR_FD [pid 286] rmdir("./68" [pid 2012] <... ioctl resumed>) = 0 [pid 286] <... rmdir resumed>) = 0 [pid 2012] close(4 [pid 286] mkdir("./69", 0777 [pid 2012] <... close resumed>) = 0 [pid 286] <... mkdir resumed>) = 0 [pid 2012] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2011] <... pwrite64 resumed>) = 87490 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2012] <... futex resumed>) = 1 [pid 2009] <... futex resumed>) = 0 [pid 286] <... openat resumed>) = 3 [pid 2012] openat(AT_FDCWD, "./file1", O_RDWR [pid 2009] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] ioctl(3, LOOP_CLR_FD [pid 2011] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2009] <... futex resumed>) = 0 [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2011] <... futex resumed>) = 1 [pid 2009] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2008] <... futex resumed>) = 0 [pid 286] close(3 [pid 2008] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... close resumed>) = 0 [pid 2008] <... futex resumed>) = 0 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2008] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] <... clone resumed>, child_tidptr=0x55557fe8a690) = 2024 [pid 2011] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 2003] <... openat resumed>) = 4 [pid 2011] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2003] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2012] <... openat resumed>) = 4 [pid 2011] <... futex resumed>) = 1 [pid 2008] <... futex resumed>) = 0 [pid 2012] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2011] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2008] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2003] <... futex resumed>) = 1 [pid 2001] <... futex resumed>) = 0 [pid 2008] <... futex resumed>) = 0 [pid 2001] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2008] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2001] <... futex resumed>) = 0 [pid 2001] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2012] <... futex resumed>) = 1 [pid 2009] <... futex resumed>) = 0 [pid 2003] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 2009] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2009] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2012] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 2003] <... pwrite64 resumed>) = 87490 ./strace-static-x86_64: Process 2024 attached [pid 2024] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 2024] chdir("./69") = 0 [pid 2024] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2024] setpgid(0, 0) = 0 [pid 2024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2024] write(3, "1000", 4) = 4 [pid 2024] close(3) = 0 executing program [pid 2024] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2024] write(1, "executing program\n", 18) = 18 [pid 2024] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2024] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 2024] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 2024] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2024] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2024] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[2025]}, 88) = 2025 [pid 2024] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2024] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2024] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2025 attached [pid 2025] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 2025] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2025] memfd_create("syzkaller", 0) = 3 [pid 2025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [ 67.747701][ T2019] EXT4-fs (loop1): Ignoring removed nobh option [ 67.771057][ T2019] EXT4-fs (loop1): Ignoring removed bh option [ 67.778251][ T2019] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 2025] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2025] munmap(0x7f895cf98000, 138412032) = 0 [pid 2025] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 2025] ioctl(4, LOOP_SET_FD, 3 [pid 2003] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2001] <... futex resumed>) = 0 [pid 2003] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2001] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2003] <... futex resumed>) = 0 [pid 2001] <... futex resumed>) = 1 [pid 2003] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 2001] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2003] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2001] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2003] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2001] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2003] <... futex resumed>) = 0 [pid 2001] <... futex resumed>) = 1 [pid 2003] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2001] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2025] <... ioctl resumed>) = 0 [pid 2025] close(3) = 0 [pid 2025] close(4) = 0 [pid 2025] mkdir("./file1", 0777) = 0 [pid 2025] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 2008] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 2009] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 67.780688][ T2011] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 67.812855][ T2003] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 2011] <... pwrite64 resumed>) = 176128 [pid 2009] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2011] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2009] <... futex resumed>) = 0 [pid 2009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965377000 [pid 2009] mprotect(0x7f8965378000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2009] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2009] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8965397990, parent_tid=0x7f8965397990, exit_signal=0, stack=0x7f8965377000, stack_size=0x20300, tls=0x7f89653976c0} [pid 2012] <... pwrite64 resumed>) = 87490 [pid 2011] <... futex resumed>) = 0 [pid 2008] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2003] <... pwrite64 resumed>) = 176128 [pid 2001] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 2009] <... clone3 resumed> => {parent_tid=[2029]}, 88) = 2029 [pid 2009] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2009] futex(0x7f89654836d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2009] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2008] <... futex resumed>) = 0 [pid 2001] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2008] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2001] <... futex resumed>) = 0 [pid 2001] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965377000 [pid 2001] mprotect(0x7f8965378000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2001] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2001] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8965397990, parent_tid=0x7f8965397990, exit_signal=0, stack=0x7f8965377000, stack_size=0x20300, tls=0x7f89653976c0} => {parent_tid=[2030]}, 88) = 2030 [pid 2001] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2001] futex(0x7f89654836d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2001] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 2030 attached [pid 2030] set_robust_list(0x7f89653979a0, 24) = 0 [pid 2030] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 67.830014][ T2019] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 67.834097][ T2025] EXT4-fs (loop3): Ignoring removed nobh option [ 67.860342][ T2025] EXT4-fs (loop3): Ignoring removed bh option [ 67.866676][ T2025] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 67.871188][ T2030] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 2030] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864./strace-static-x86_64: Process 2029 attached ) = 176128 [pid 2019] <... mount resumed>) = 0 [pid 2012] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2011] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2003] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2012] <... futex resumed>) = 0 [pid 2003] <... futex resumed>) = 0 [pid 2029] set_robust_list(0x7f89653979a0, 24 [pid 2019] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 2029] <... set_robust_list resumed>) = 0 [pid 2019] <... openat resumed>) = 3 [pid 2029] rt_sigprocmask(SIG_SETMASK, [], [pid 2019] chdir("./file1" [pid 2029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2019] <... chdir resumed>) = 0 [pid 2029] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 2019] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2029] <... openat resumed>) = 5 [pid 2019] <... openat resumed>) = 4 [pid 2029] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2019] ioctl(4, LOOP_CLR_FD [pid 2029] <... futex resumed>) = 1 [pid 2019] <... ioctl resumed>) = 0 [pid 2029] futex(0x7f89654836d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2019] close(4) = 0 [pid 2019] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2016] <... futex resumed>) = 0 [pid 2019] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2016] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2019] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2016] <... futex resumed>) = 0 [pid 2019] openat(AT_FDCWD, "./file1", O_RDWR [pid 2016] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2030] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2030] futex(0x7f89654836d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2009] <... futex resumed>) = 0 [pid 2019] <... openat resumed>) = 4 [pid 2012] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2009] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2003] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2001] <... futex resumed>) = 0 [pid 2011] <... pwrite64 resumed>) = 176128 [pid 2019] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2012] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2009] <... futex resumed>) = 0 [pid 2001] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2009] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2012] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2019] <... futex resumed>) = 1 [pid 2016] <... futex resumed>) = 0 [pid 2011] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2003] <... futex resumed>) = 0 [pid 2001] <... futex resumed>) = 1 [pid 2025] <... mount resumed>) = 0 [pid 2025] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 2025] chdir("./file1") = 0 [pid 2025] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 2025] ioctl(4, LOOP_CLR_FD) = 0 [pid 2025] close(4) = 0 [pid 2025] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2025] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2019] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2016] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2019] <... futex resumed>) = 0 [pid 2016] <... futex resumed>) = 1 [pid 2019] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 2016] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2019] <... pwrite64 resumed>) = 87490 [pid 2019] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2016] <... futex resumed>) = 0 [pid 2016] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2016] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2019] <... futex resumed>) = 1 [pid 2019] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 2019] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2016] <... futex resumed>) = 0 [pid 2016] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2016] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2019] <... futex resumed>) = 1 [pid 2019] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2011] <... futex resumed>) = 1 [ 67.893958][ T2011] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 67.910516][ T2025] EXT4-fs (loop3): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 67.913876][ T2012] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 2011] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2003] truncate("./file1", 1) = 0 [pid 2003] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2003] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2001] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 2001] exit_group(0 [pid 2030] <... futex resumed>) = ? [pid 2001] <... exit_group resumed>) = ? [pid 2030] +++ exited with 0 +++ [pid 2003] <... futex resumed>) = ? [pid 2003] +++ exited with 0 +++ [pid 2001] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2001, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 285] restart_syscall(<... resuming interrupted clone ...> [pid 2008] <... futex resumed>) = 0 [pid 2008] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2008] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2011] <... futex resumed>) = 0 [pid 2011] truncate("./file1", 1) = 0 [pid 2011] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2008] <... futex resumed>) = 0 [pid 2008] exit_group(0) = ? [pid 2011] <... futex resumed>) = ? [pid 2011] +++ exited with 0 +++ [pid 2008] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2008, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 283] restart_syscall(<... resuming interrupted clone ...> [pid 285] <... restart_syscall resumed>) = 0 [pid 283] <... restart_syscall resumed>) = 0 [pid 285] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 283] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 285] <... openat resumed>) = 3 [pid 283] <... openat resumed>) = 3 [pid 285] newfstatat(3, "", [pid 283] newfstatat(3, "", [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, [pid 283] getdents64(3, [pid 285] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2024] <... futex resumed>) = 0 [pid 2024] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2025] <... futex resumed>) = 0 [pid 2024] <... futex resumed>) = 1 [pid 2025] openat(AT_FDCWD, "./file1", O_RDWR [pid 2024] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2019] <... pwrite64 resumed>) = 176128 [pid 2009] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 2019] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2009] futex(0x7f89654836d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2029] <... futex resumed>) = 0 [pid 2019] <... futex resumed>) = 1 [pid 2016] <... futex resumed>) = 0 [pid 2009] <... futex resumed>) = 1 [pid 2029] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2019] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2016] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2009] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2025] <... openat resumed>) = 4 [pid 2016] <... futex resumed>) = 0 [pid 2012] <... pwrite64 resumed>) = 176128 [pid 2025] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2024] <... futex resumed>) = 0 [pid 2025] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 2024] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2025] <... pwrite64 resumed>) = 87490 [pid 2024] <... futex resumed>) = 0 [pid 2024] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2025] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2024] <... futex resumed>) = 0 [pid 2024] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2024] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2025] <... futex resumed>) = 1 [pid 2025] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 2025] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2024] <... futex resumed>) = 0 [pid 2024] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2024] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2025] <... futex resumed>) = 1 [pid 2025] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2012] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2012] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 67.948780][ T2019] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 67.964478][ T2019] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 67.977851][ T2025] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 2016] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2025] <... pwrite64 resumed>) = 176128 [pid 2025] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2024] <... futex resumed>) = 0 [pid 2024] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2019] <... pwrite64 resumed>) = 176128 [pid 2024] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2019] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2025] <... futex resumed>) = 1 [pid 2029] <... pwrite64 resumed>) = 176128 [pid 2029] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2029] futex(0x7f89654836d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2019] <... futex resumed>) = 1 [pid 2019] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2025] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2009] <... futex resumed>) = 0 [pid 2016] <... futex resumed>) = 0 [pid 2016] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2009] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2016] <... futex resumed>) = 1 [pid 2009] <... futex resumed>) = 1 [pid 2019] <... futex resumed>) = 0 [pid 2012] <... futex resumed>) = 0 [pid 2016] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2009] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2019] truncate("./file1", 1 [pid 2012] truncate("./file1", 1 [pid 2019] <... truncate resumed>) = 0 [pid 2019] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2016] <... futex resumed>) = 0 [pid 2016] exit_group(0) = ? [pid 2019] <... futex resumed>) = ? [pid 2019] +++ exited with 0 +++ [pid 2016] +++ exited with 0 +++ [pid 2012] <... truncate resumed>) = 0 [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2016, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- [pid 284] restart_syscall(<... resuming interrupted clone ...> [pid 2012] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] <... restart_syscall resumed>) = 0 [pid 284] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2009] <... futex resumed>) = 0 [pid 2009] exit_group(0 [pid 2029] <... futex resumed>) = ? [pid 2009] <... exit_group resumed>) = ? [pid 2029] +++ exited with 0 +++ [pid 2012] <... futex resumed>) = ? [pid 2012] +++ exited with 0 +++ [pid 2009] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2009, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- [pid 287] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 287] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2025] <... pwrite64 resumed>) = 176128 [pid 2025] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2024] <... futex resumed>) = 0 [pid 2024] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2024] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2025] <... futex resumed>) = 1 [pid 2025] truncate("./file1", 1) = 0 [pid 2025] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2024] <... futex resumed>) = 0 [pid 2024] exit_group(0) = ? [pid 2025] <... futex resumed>) = ? [pid 2025] +++ exited with 0 +++ [pid 2024] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2024, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 286] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 286] umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 286] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 286] umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... umount2 resumed>) = 0 [pid 285] umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./65/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./65/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 285] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] close(4) = 0 [pid 285] rmdir("./65/file1") = 0 [pid 285] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] unlink("./65/binderfs") = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] close(3) = 0 [pid 285] rmdir("./65") = 0 [pid 285] mkdir("./66", 0777) = 0 [ 67.979259][ T2029] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 68.010760][ T2025] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 287] <... umount2 resumed>) = 0 [pid 283] <... umount2 resumed>) = 0 [pid 285] <... openat resumed>) = 3 [pid 285] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 285] close(3 [pid 287] umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] <... umount2 resumed>) = 0 [pid 285] <... close resumed>) = 0 [pid 284] <... umount2 resumed>) = 0 [pid 283] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] <... clone resumed>, child_tidptr=0x55557fe8a690) = 2033 [pid 287] newfstatat(AT_FDCWD, "./65/file1", [pid 283] newfstatat(AT_FDCWD, "./66/file1", [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] newfstatat(AT_FDCWD, "./68/file1", [pid 283] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] umount2("./65/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./66/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] openat(AT_FDCWD, "./65/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 283] <... openat resumed>) = 4 [pid 286] umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] newfstatat(4, "", [pid 287] <... openat resumed>) = 4 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] newfstatat(4, "", [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./68/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 283] getdents64(4, [pid 286] newfstatat(AT_FDCWD, "./69/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] <... openat resumed>) = 4 [pid 283] getdents64(4, [pid 286] umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] getdents64(4, [pid 284] newfstatat(4, "", [pid 283] close(4 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] <... close resumed>) = 0 [pid 287] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] rmdir("./66/file1" [pid 286] openat(AT_FDCWD, "./69/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, [pid 283] <... rmdir resumed>) = 0 [pid 284] getdents64(4, [pid 287] getdents64(4, [pid 283] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] close(4 [pid 286] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] getdents64(4, [pid 283] newfstatat(AT_FDCWD, "./66/binderfs", [pid 286] getdents64(4, [pid 283] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] <... close resumed>) = 0 [pid 284] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] unlink("./66/binderfs" [pid 286] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] close(4) = 0 [pid 287] rmdir("./65/file1" [pid 284] close(4 [pid 283] <... unlink resumed>) = 0 [pid 286] rmdir("./69/file1" [pid 283] getdents64(3, [pid 287] <... rmdir resumed>) = 0 [pid 286] <... rmdir resumed>) = 0 [pid 284] <... close resumed>) = 0 [pid 283] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] rmdir("./68/file1" [pid 283] close(3 [pid 287] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./69/binderfs", [pid 284] <... rmdir resumed>) = 0 [pid 283] <... close resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 287] newfstatat(AT_FDCWD, "./65/binderfs", [pid 283] rmdir("./66" [pid 286] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./69/binderfs" [pid 287] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] <... unlink resumed>) = 0 [pid 283] <... rmdir resumed>) = 0 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] unlink("./65/binderfs" [pid 283] mkdir("./67", 0777 [pid 286] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] close(3) = 0 [pid 286] rmdir("./69" [pid 283] <... mkdir resumed>) = 0 [pid 284] newfstatat(AT_FDCWD, "./68/binderfs", [pid 287] <... unlink resumed>) = 0 [pid 286] <... rmdir resumed>) = 0 [pid 284] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 287] getdents64(3, [pid 284] unlink("./68/binderfs" [pid 283] <... openat resumed>) = 3 [pid 287] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] mkdir("./70", 0777./strace-static-x86_64: Process 2033 attached [pid 287] close(3 [pid 286] <... mkdir resumed>) = 0 [pid 284] <... unlink resumed>) = 0 [pid 283] ioctl(3, LOOP_CLR_FD [pid 287] <... close resumed>) = 0 executing program [pid 284] getdents64(3, [pid 283] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 287] rmdir("./65" [pid 284] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] close(3 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 287] <... rmdir resumed>) = 0 [pid 286] <... openat resumed>) = 3 [pid 283] <... close resumed>) = 0 [pid 286] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 286] close(3) = 0 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 2034 ./strace-static-x86_64: Process 2034 attached [pid 2034] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 2034] chdir("./70") = 0 [pid 2034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2034] setpgid(0, 0) = 0 [pid 2034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2034] write(3, "1000", 4) = 4 [pid 2034] close(3) = 0 [pid 2034] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2034] write(1, "executing program\n", 18) = 18 [pid 2034] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2034] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 2034] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 2034] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2034] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[2035]}, 88) = 2035 [pid 2034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2034] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2034] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2035 attached [pid 2035] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 2035] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2035] memfd_create("syzkaller", 0) = 3 [pid 2035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 284] close(3 [pid 287] mkdir("./66", 0777 [pid 2035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 284] <... close resumed>) = 0 [pid 287] <... mkdir resumed>) = 0 [pid 283] <... clone resumed>, child_tidptr=0x55557fe8a690) = 2036 [pid 284] rmdir("./68" [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 284] <... rmdir resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 284] mkdir("./69", 0777) = 0 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 287] close(3) = 0 [pid 284] <... openat resumed>) = 3 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 284] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 284] close(3 [pid 287] <... clone resumed>, child_tidptr=0x55557fe8a690) = 2037 [pid 284] <... close resumed>) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2035] <... write resumed>) = 524288 [pid 2035] munmap(0x7f895cf98000, 138412032) = 0 [pid 2035] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 284] <... clone resumed>, child_tidptr=0x55557fe8a690) = 2038 [pid 2035] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 2036 attached [pid 2036] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 2036] chdir("./67") = 0 [pid 2036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2036] setpgid(0, 0) = 0 [pid 2036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2036] write(3, "1000", 4) = 4 [pid 2036] close(3) = 0 [pid 2036] symlink("/dev/binderfs", "./binderfs" [pid 2033] set_robust_list(0x55557fe8a6a0, 24) = 0 ./strace-static-x86_64: Process 2038 attached [pid 2033] chdir("./66" [pid 2038] set_robust_list(0x55557fe8a6a0, 24./strace-static-x86_64: Process 2037 attached [pid 2036] <... symlink resumed>) = 0 [pid 2033] <... chdir resumed>) = 0 executing program [pid 2036] write(1, "executing program\n", 18) = 18 [pid 2036] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2036] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 2036] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 2038] <... set_robust_list resumed>) = 0 [pid 2037] set_robust_list(0x55557fe8a6a0, 24 [pid 2033] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2036] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2036] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2036] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[2040]}, 88) = 2040 [pid 2036] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2036] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2036] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2040 attached [pid 2033] <... prctl resumed>) = 0 [pid 2040] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 2040] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2040] memfd_create("syzkaller", 0) = 3 [pid 2040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 2040] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2033] setpgid(0, 0) = 0 [pid 2038] chdir("./69" [pid 2033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2038] <... chdir resumed>) = 0 [pid 2037] <... set_robust_list resumed>) = 0 [pid 2038] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2033] write(3, "1000", 4 [pid 2037] chdir("./66" [pid 2038] <... prctl resumed>) = 0 [pid 2037] <... chdir resumed>) = 0 [pid 2035] <... ioctl resumed>) = 0 [pid 2033] <... write resumed>) = 4 [pid 2033] close(3 [pid 2040] <... write resumed>) = 524288 [pid 2038] setpgid(0, 0 [pid 2033] <... close resumed>) = 0 [pid 2040] munmap(0x7f895cf98000, 138412032 [pid 2033] symlink("/dev/binderfs", "./binderfs" [pid 2038] <... setpgid resumed>) = 0 [pid 2037] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2035] close(3 [pid 2040] <... munmap resumed>) = 0 [pid 2033] <... symlink resumed>) = 0 [pid 2040] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2033] write(1, "executing program\n", 18 [pid 2037] <... prctl resumed>) = 0 [pid 2040] <... openat resumed>) = 4 [pid 2040] ioctl(4, LOOP_SET_FD, 3executing program [pid 2033] <... write resumed>) = 18 [pid 2038] <... openat resumed>) = 3 [pid 2037] setpgid(0, 0 [pid 2033] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2035] <... close resumed>) = 0 [pid 2033] <... futex resumed>) = 0 [pid 2038] write(3, "1000", 4 [pid 2037] <... setpgid resumed>) = 0 [pid 2038] <... write resumed>) = 4 [pid 2035] close(4 executing program [pid 2033] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 2038] close(3 [pid 2037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2033] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2033] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2038] <... close resumed>) = 0 [pid 2037] <... openat resumed>) = 3 [pid 2033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2038] symlink("/dev/binderfs", "./binderfs" [pid 2033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2038] <... symlink resumed>) = 0 [pid 2037] write(3, "1000", 4 [pid 2033] <... mmap resumed>) = 0x7f8965398000 [pid 2033] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 2038] write(1, "executing program\n", 18 [pid 2037] <... write resumed>) = 4 [pid 2033] <... mprotect resumed>) = 0 [pid 2033] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2037] close(3 [pid 2038] <... write resumed>) = 18 [pid 2033] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2038] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2037] <... close resumed>) = 0 [pid 2033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 2038] <... futex resumed>) = 0 [pid 2037] symlink("/dev/binderfs", "./binderfs" [pid 2033] <... clone3 resumed> => {parent_tid=[2042]}, 88) = 2042 [pid 2037] <... symlink resumed>) = 0 [pid 2033] rt_sigprocmask(SIG_SETMASK, [], [pid 2038] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 2040] <... ioctl resumed>) = 0 [pid 2040] close(3) = 0 [pid 2040] close(4./strace-static-x86_64: Process 2042 attached [pid 2033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2038] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2042] set_robust_list(0x7f89653b89a0, 24 [pid 2033] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2038] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2037] write(1, "executing program\n", 18 [pid 2042] <... set_robust_list resumed>) = 0 [pid 2042] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 executing program [pid 2038] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2037] <... write resumed>) = 18 [pid 2033] <... futex resumed>) = 0 [pid 2042] memfd_create("syzkaller", 0 [pid 2038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 2038] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 2033] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2037] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2042] <... memfd_create resumed>) = 3 [pid 2037] <... futex resumed>) = 0 [pid 2038] <... mprotect resumed>) = 0 [pid 2038] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2037] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 2038] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2038] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 2042] <... mmap resumed>) = 0x7f895cf98000 [pid 2037] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2037] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 ./strace-static-x86_64: Process 2043 attached [pid 2038] <... clone3 resumed> => {parent_tid=[2043]}, 88) = 2043 [pid 2043] set_robust_list(0x7f89653b89a0, 24 [pid 2038] rt_sigprocmask(SIG_SETMASK, [], [pid 2037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2038] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2043] <... set_robust_list resumed>) = 0 [pid 2038] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2038] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2037] <... mmap resumed>) = 0x7f8965398000 [pid 2037] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 2043] memfd_create("syzkaller", 0 [pid 2037] <... mprotect resumed>) = 0 [pid 2037] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2037] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0}./strace-static-x86_64: Process 2044 attached [pid 2043] <... memfd_create resumed>) = 3 [pid 2037] <... clone3 resumed> => {parent_tid=[2044]}, 88) = 2044 [pid 2037] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2037] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2037] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2044] set_robust_list(0x7f89653b89a0, 24 [pid 2043] <... mmap resumed>) = 0x7f895cf98000 [pid 2044] <... set_robust_list resumed>) = 0 [pid 2042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2042] <... write resumed>) = 524288 [pid 2042] munmap(0x7f895cf98000, 138412032) = 0 [pid 2042] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2044] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2044] memfd_create("syzkaller", 0 [pid 2043] <... write resumed>) = 524288 [pid 2044] <... memfd_create resumed>) = 3 [pid 2044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 2043] munmap(0x7f895cf98000, 138412032) = 0 [pid 2043] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2040] <... close resumed>) = 0 [pid 2035] <... close resumed>) = 0 [pid 2040] mkdir("./file1", 0777 [pid 2035] mkdir("./file1", 0777 [pid 2040] <... mkdir resumed>) = 0 [pid 2035] <... mkdir resumed>) = 0 [pid 2040] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 2035] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 2044] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2044] munmap(0x7f895cf98000, 138412032) = 0 [pid 2044] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 2043] <... openat resumed>) = 4 [pid 2042] <... openat resumed>) = 4 [pid 2043] ioctl(4, LOOP_SET_FD, 3 [pid 2042] ioctl(4, LOOP_SET_FD, 3 [pid 2044] ioctl(4, LOOP_SET_FD, 3 [pid 2043] <... ioctl resumed>) = 0 [pid 2043] close(3) = 0 [pid 2043] close(4 [pid 2042] <... ioctl resumed>) = 0 [pid 2042] close(3) = 0 [pid 2042] close(4 [pid 2044] <... ioctl resumed>) = 0 [pid 2044] close(3) = 0 [ 68.449530][ T2035] EXT4-fs (loop3): Ignoring removed nobh option [ 68.451964][ T2040] EXT4-fs (loop0): Ignoring removed nobh option [ 68.456926][ T2035] EXT4-fs (loop3): Ignoring removed bh option [ 68.463160][ T2040] EXT4-fs (loop0): Ignoring removed bh option [ 68.469603][ T2035] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 68.485540][ T2040] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 2044] close(4) = 0 [pid 2044] mkdir("./file1", 0777) = 0 [ 68.506313][ T2040] EXT4-fs (loop0): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 68.506551][ T2035] EXT4-fs (loop3): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [pid 2044] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 2040] <... mount resumed>) = 0 [pid 2035] <... mount resumed>) = 0 [pid 2035] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 2040] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 2035] chdir("./file1") = 0 [pid 2040] chdir("./file1" [pid 2035] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2040] <... chdir resumed>) = 0 [ 68.532783][ T2044] EXT4-fs (loop4): Ignoring removed nobh option [ 68.560894][ T2044] EXT4-fs (loop4): Ignoring removed bh option [ 68.567008][ T2044] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 2040] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2044] <... mount resumed>) = 0 [pid 2043] <... close resumed>) = 0 [pid 2044] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 2043] mkdir("./file1", 0777 [pid 2044] <... openat resumed>) = 3 [pid 2043] <... mkdir resumed>) = 0 [pid 2044] chdir("./file1") = 0 [pid 2044] openat(AT_FDCWD, "/dev/loop4", O_RDWR [ 68.586321][ T2044] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [pid 2043] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 2042] <... close resumed>) = 0 [pid 2040] <... openat resumed>) = 4 [pid 2040] ioctl(4, LOOP_CLR_FD [pid 2035] <... openat resumed>) = 4 [pid 2042] mkdir("./file1", 0777 [pid 2035] ioctl(4, LOOP_CLR_FD [pid 2042] <... mkdir resumed>) = 0 [pid 2042] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 2040] <... ioctl resumed>) = 0 [pid 2040] close(4) = 0 [pid 2040] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2040] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2044] <... openat resumed>) = 4 [pid 2044] ioctl(4, LOOP_CLR_FD) = 0 [pid 2044] close(4) = 0 [pid 2044] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2037] <... futex resumed>) = 0 [pid 2037] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2037] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2044] <... futex resumed>) = 1 [pid 2044] openat(AT_FDCWD, "./file1", O_RDWR) = 4 [pid 2036] <... futex resumed>) = 0 [pid 2035] <... ioctl resumed>) = 0 [pid 2036] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2035] close(4 [pid 2044] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2037] <... futex resumed>) = 0 [pid 2037] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2037] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2044] <... futex resumed>) = 1 [pid 2044] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 2040] <... futex resumed>) = 0 [pid 2036] <... futex resumed>) = 1 [pid 2040] openat(AT_FDCWD, "./file1", O_RDWR [pid 2035] <... close resumed>) = 0 [pid 2044] <... pwrite64 resumed>) = 87490 [pid 2044] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2037] <... futex resumed>) = 0 [pid 2037] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2037] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2044] <... futex resumed>) = 1 [pid 2044] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 2044] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2037] <... futex resumed>) = 0 [pid 2037] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2037] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2044] <... futex resumed>) = 1 [pid 2044] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2036] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2035] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2040] <... openat resumed>) = 4 [pid 2035] <... futex resumed>) = 1 [pid 2034] <... futex resumed>) = 0 [pid 2040] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2040] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2036] <... futex resumed>) = 0 [pid 2035] openat(AT_FDCWD, "./file1", O_RDWR [pid 2034] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2044] <... pwrite64 resumed>) = 176128 [pid 2044] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2037] <... futex resumed>) = 0 [pid 2037] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2037] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2044] <... futex resumed>) = 1 [pid 2044] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2036] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2035] <... openat resumed>) = 4 [pid 2034] <... futex resumed>) = 0 [pid 2044] <... pwrite64 resumed>) = 176128 [pid 2044] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2037] <... futex resumed>) = 0 [pid 2037] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 68.701517][ T2042] EXT4-fs (loop2): Ignoring removed nobh option [ 68.708605][ T2043] EXT4-fs (loop1): Ignoring removed nobh option [ 68.712081][ T2044] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 68.725093][ T2042] EXT4-fs (loop2): Ignoring removed bh option [ 68.732090][ T2044] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 2037] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2044] <... futex resumed>) = 1 [pid 2044] truncate("./file1", 1) = 0 [pid 2044] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2037] <... futex resumed>) = 0 [pid 2037] exit_group(0) = ? [pid 2044] <... futex resumed>) = ? [pid 2044] +++ exited with 0 +++ [pid 2037] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2037, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 2040] <... futex resumed>) = 0 [pid 2036] <... futex resumed>) = 1 [pid 2034] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2040] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 2036] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2035] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2034] <... futex resumed>) = 0 [pid 2035] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 2034] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2040] <... pwrite64 resumed>) = 87490 [pid 2040] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... restart_syscall resumed>) = 0 [pid 2035] <... pwrite64 resumed>) = 87490 [pid 2034] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2040] <... futex resumed>) = 1 [pid 2040] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2036] <... futex resumed>) = 0 [pid 2036] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2036] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2035] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2040] <... futex resumed>) = 0 [pid 2034] <... futex resumed>) = 0 [pid 2035] <... futex resumed>) = 1 [pid 2034] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2040] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 2035] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 2034] <... futex resumed>) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 2034] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2035] <... openat resumed>) = 5 [pid 287] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2035] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2035] <... futex resumed>) = 1 [pid 2034] <... futex resumed>) = 0 [pid 287] newfstatat(AT_FDCWD, "./66/file1", [pid 2035] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2034] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2034] <... futex resumed>) = 0 [pid 2035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2034] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2035] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./66/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2040] <... openat resumed>) = 5 [pid 2040] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2040] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2036] <... futex resumed>) = 0 [pid 287] <... openat resumed>) = 4 [pid 2036] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2036] <... futex resumed>) = 0 [pid 287] newfstatat(4, "", [pid 2036] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 68.736942][ T2043] EXT4-fs (loop1): Ignoring removed bh option [pid 2040] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 287] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, [pid 2040] <... pwrite64 resumed>) = 176128 [pid 287] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 2040] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2040] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 287] close(4) = 0 [pid 287] rmdir("./66/file1") = 0 [pid 287] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./66/binderfs") = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./66") = 0 [pid 287] mkdir("./67", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2035] <... pwrite64 resumed>) = 176128 [pid 2035] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 68.778326][ T2040] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 68.781332][ T2035] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 68.807687][ T2042] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 2035] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2036] <... futex resumed>) = 0 [pid 2036] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2040] <... futex resumed>) = 0 [pid 2036] <... futex resumed>) = 1 [pid 2040] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2036] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2034] <... futex resumed>) = 0 [pid 2034] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2034] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2035] <... futex resumed>) = 0 [pid 2035] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2040] <... pwrite64 resumed>) = 176128 [pid 2040] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2040] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2036] <... futex resumed>) = 0 [pid 2036] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 68.813541][ T2043] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 68.825554][ T2040] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 68.834828][ T2035] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 2036] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2042] <... mount resumed>) = 0 [pid 2040] <... futex resumed>) = 0 [pid 2034] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 287] <... openat resumed>) = 3 [pid 2040] truncate("./file1", 1 [pid 2034] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 287] ioctl(3, LOOP_CLR_FD [pid 2040] <... truncate resumed>) = 0 [pid 2034] <... futex resumed>) = 0 [pid 287] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 287] close(3 [pid 2034] <... mmap resumed>) = 0x7f8965377000 [pid 287] <... close resumed>) = 0 [pid 2034] mprotect(0x7f8965378000, 131072, PROT_READ|PROT_WRITE [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2034] <... mprotect resumed>) = 0 [pid 2034] rt_sigprocmask(SIG_BLOCK, ~[], [pid 287] <... clone resumed>, child_tidptr=0x55557fe8a690) = 2058 [pid 2034] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8965397990, parent_tid=0x7f8965397990, exit_signal=0, stack=0x7f8965377000, stack_size=0x20300, tls=0x7f89653976c0} => {parent_tid=[2059]}, 88) = 2059 [pid 2034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2034] futex(0x7f89654836d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2034] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2040] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2040] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2042] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 2042] chdir("./file1") = 0 [pid 2042] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 2042] ioctl(4, LOOP_CLR_FD) = 0 [pid 2042] close(4) = 0 [pid 2042] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2033] <... futex resumed>) = 0 [pid 2033] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2033] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2042] <... futex resumed>) = 1 [pid 2042] openat(AT_FDCWD, "./file1", O_RDWR) = 4 [pid 2042] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2033] <... futex resumed>) = 0 [pid 2033] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2033] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2042] <... futex resumed>) = 1 [pid 2042] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900) = 87490 [pid 2042] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2033] <... futex resumed>) = 0 [pid 2033] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2033] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2042] <... futex resumed>) = 1 [pid 2042] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 2042] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2033] <... futex resumed>) = 0 [pid 2033] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2033] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2042] <... futex resumed>) = 1 [pid 2042] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864./strace-static-x86_64: Process 2059 attached ./strace-static-x86_64: Process 2058 attached [pid 2043] <... mount resumed>) = 0 [pid 2036] <... futex resumed>) = 0 [pid 2035] <... pwrite64 resumed>) = 176128 [pid 2059] set_robust_list(0x7f89653979a0, 24 [pid 2058] set_robust_list(0x55557fe8a6a0, 24 [pid 2036] exit_group(0 [pid 2035] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2059] <... set_robust_list resumed>) = 0 [pid 2058] <... set_robust_list resumed>) = 0 [pid 2036] <... exit_group resumed>) = ? [pid 2035] <... futex resumed>) = 0 [pid 2059] rt_sigprocmask(SIG_SETMASK, [], [pid 2058] chdir("./67" [pid 2035] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2059] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2058] <... chdir resumed>) = 0 [pid 2059] truncate("./file1", 1 [pid 2058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 2040] <... futex resumed>) = ? [pid 2043] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 2042] <... pwrite64 resumed>) = 176128 [pid 2058] setpgid(0, 0) = 0 [pid 2059] <... truncate resumed>) = 0 [pid 2058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2040] +++ exited with 0 +++ [pid 2036] +++ exited with 0 +++ [pid 2059] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2034] <... futex resumed>) = 0 [pid 2034] exit_group(0) = ? [pid 2059] <... futex resumed>) = ? [pid 2059] +++ exited with 0 +++ [pid 2042] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2033] <... futex resumed>) = 0 [pid 2033] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2033] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2042] <... futex resumed>) = 1 [pid 2042] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2036, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 2035] <... futex resumed>) = ? [pid 2058] <... openat resumed>) = 3 executing program [pid 2058] write(3, "1000", 4 [pid 2043] <... openat resumed>) = 3 [pid 2035] +++ exited with 0 +++ [pid 2034] +++ exited with 0 +++ [pid 283] restart_syscall(<... resuming interrupted clone ...> [pid 2058] <... write resumed>) = 4 [pid 2058] close(3 [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2034, si_uid=0, si_status=0, si_utime=0, si_stime=12} --- [pid 2058] <... close resumed>) = 0 [pid 286] restart_syscall(<... resuming interrupted clone ...> [pid 2058] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2058] write(1, "executing program\n", 18) = 18 [pid 2058] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2058] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 2058] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 2058] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2058] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2058] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[2060]}, 88) = 2060 [pid 2058] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2058] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 68.848173][ T2042] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 68.872382][ T2043] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 68.899014][ T2042] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 2058] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2043] chdir("./file1") = 0 [pid 2043] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 2043] ioctl(4, LOOP_CLR_FD) = 0 [pid 2043] close(4./strace-static-x86_64: Process 2060 attached ) = 0 [pid 2042] <... pwrite64 resumed>) = 176128 [pid 286] <... restart_syscall resumed>) = 0 [pid 283] <... restart_syscall resumed>) = 0 [pid 2060] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 2060] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 286] umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2060] memfd_create("syzkaller", 0 [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2060] <... memfd_create resumed>) = 3 [pid 283] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 286] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2060] <... mmap resumed>) = 0x7f895cf98000 [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2043] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2042] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... openat resumed>) = 3 [pid 283] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2042] <... futex resumed>) = 1 [pid 2038] <... futex resumed>) = 0 [pid 2033] <... futex resumed>) = 0 [pid 2043] <... futex resumed>) = 1 [pid 286] newfstatat(3, "", [pid 283] <... openat resumed>) = 3 [pid 2038] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2033] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] newfstatat(3, "", [pid 2038] <... futex resumed>) = 0 [pid 2033] <... futex resumed>) = 0 [pid 286] getdents64(3, [pid 2038] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2033] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] getdents64(3, [pid 286] umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2060] <... write resumed>) = 524288 [pid 283] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 2060] munmap(0x7f895cf98000, 138412032) = 0 [pid 283] umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2060] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 2060] ioctl(4, LOOP_SET_FD, 3 [pid 2042] truncate("./file1", 1 [pid 2060] <... ioctl resumed>) = 0 [pid 2060] close(3) = 0 [pid 2060] close(4 [pid 2042] <... truncate resumed>) = 0 [pid 2042] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2033] <... futex resumed>) = 0 [pid 2033] exit_group(0) = ? [pid 2042] <... futex resumed>) = ? [pid 2042] +++ exited with 0 +++ [pid 2033] +++ exited with 0 +++ [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2033, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 285] restart_syscall(<... resuming interrupted clone ...> [pid 2043] openat(AT_FDCWD, "./file1", O_RDWR) = 4 [pid 2043] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2043] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2038] <... futex resumed>) = 0 [pid 2038] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2043] <... futex resumed>) = 0 [pid 2038] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2043] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900) = 87490 [pid 2043] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2038] <... futex resumed>) = 0 [pid 2043] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 2038] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2043] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 2038] <... futex resumed>) = 0 [pid 2043] <... openat resumed>) = 5 [pid 2038] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2043] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2043] <... futex resumed>) = 0 [pid 2038] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2043] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2038] <... futex resumed>) = 0 [pid 2038] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] <... restart_syscall resumed>) = 0 [pid 285] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 285] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2060] <... close resumed>) = 0 [pid 2060] mkdir("./file1", 0777) = 0 [pid 2060] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 2043] <... pwrite64 resumed>) = 176128 [pid 2043] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2038] <... futex resumed>) = 0 [pid 2043] <... futex resumed>) = 1 [pid 2038] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2038] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 68.926558][ T2042] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 68.959316][ T2043] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 2043] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864) = 176128 [pid 2043] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2038] <... futex resumed>) = 0 [pid 2043] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2038] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2038] <... futex resumed>) = 0 [pid 2038] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2043] truncate("./file1", 1) = 0 [pid 2043] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2038] <... futex resumed>) = 0 [pid 2043] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2038] exit_group(0) = ? [pid 2043] <... futex resumed>) = ? [pid 2043] +++ exited with 0 +++ [pid 2038] +++ exited with 0 +++ [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2038, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- [pid 284] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 284] umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 284] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [ 68.977339][ T2043] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 284] umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] <... umount2 resumed>) = 0 [pid 283] <... umount2 resumed>) = 0 [pid 286] umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./70/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./70/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] close(4) = 0 [pid 286] rmdir("./70/file1") = 0 [pid 286] umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./70/binderfs") = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] close(3) = 0 [pid 286] rmdir("./70") = 0 [pid 286] mkdir("./71", 0777) = 0 [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./67/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./67/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 283] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] close(4) = 0 [pid 283] rmdir("./67/file1") = 0 [pid 283] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] unlink("./67/binderfs") = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] close(3) = 0 [pid 283] rmdir("./67") = 0 [pid 283] mkdir("./68", 0777) = 0 [ 69.046272][ T2060] EXT4-fs (loop4): Ignoring removed nobh option [ 69.052666][ T2060] EXT4-fs (loop4): Ignoring removed bh option [ 69.058925][ T2060] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 286] <... openat resumed>) = 3 [pid 285] <... umount2 resumed>) = 0 [pid 284] <... umount2 resumed>) = 0 [pid 283] <... openat resumed>) = 3 [pid 286] ioctl(3, LOOP_CLR_FD [pid 283] ioctl(3, LOOP_CLR_FD [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 283] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 286] close(3 [pid 283] close(3 [pid 286] <... close resumed>) = 0 [pid 283] <... close resumed>) = 0 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 286] <... clone resumed>, child_tidptr=0x55557fe8a690) = 2065 [pid 283] <... clone resumed>, child_tidptr=0x55557fe8a690) = 2064 [pid 285] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 285] newfstatat(AT_FDCWD, "./66/file1", [pid 284] umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] umount2("./66/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] newfstatat(AT_FDCWD, "./69/file1", [pid 285] openat(AT_FDCWD, "./66/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] <... openat resumed>) = 4 [pid 284] umount2("./69/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] newfstatat(4, "", [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] openat(AT_FDCWD, "./69/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 285] getdents64(4, [pid 284] <... openat resumed>) = 4 [pid 285] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] newfstatat(4, "", [pid 285] getdents64(4, [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] getdents64(4, [pid 285] close(4 [pid 284] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] <... close resumed>) = 0 [pid 284] getdents64(4, [pid 285] rmdir("./66/file1" [pid 284] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] <... rmdir resumed>) = 0 [pid 284] close(4 [pid 285] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] <... close resumed>) = 0 [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] rmdir("./69/file1" [pid 285] newfstatat(AT_FDCWD, "./66/binderfs", [pid 284] <... rmdir resumed>) = 0 [pid 285] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] unlink("./66/binderfs" [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] <... unlink resumed>) = 0 [pid 284] newfstatat(AT_FDCWD, "./69/binderfs", [pid 285] getdents64(3, [pid 284] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 285] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] unlink("./69/binderfs" [pid 285] close(3 [pid 284] <... unlink resumed>) = 0 [pid 285] <... close resumed>) = 0 [pid 284] getdents64(3, [pid 285] rmdir("./66" [pid 284] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] <... rmdir resumed>) = 0 [pid 284] close(3 [pid 285] mkdir("./67", 0777 [pid 284] <... close resumed>) = 0 [pid 285] <... mkdir resumed>) = 0 [pid 284] rmdir("./69"./strace-static-x86_64: Process 2064 attached [pid 2060] <... mount resumed>) = 0 [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 284] <... rmdir resumed>) = 0 [pid 2064] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 2064] chdir("./68" [pid 285] <... openat resumed>) = 3 [pid 284] mkdir("./70", 0777 [pid 2064] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 2065 attached [pid 2064] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2060] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 285] ioctl(3, LOOP_CLR_FD [pid 284] <... mkdir resumed>) = 0 [pid 2064] <... prctl resumed>) = 0 [pid 2064] setpgid(0, 0 [pid 285] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2064] <... setpgid resumed>) = 0 executing program [pid 2065] set_robust_list(0x55557fe8a6a0, 24 [pid 2064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2060] <... openat resumed>) = 3 [pid 285] close(3 [pid 284] <... openat resumed>) = 3 [pid 2064] <... openat resumed>) = 3 [pid 2064] write(3, "1000", 4) = 4 [pid 2064] close(3) = 0 [pid 2064] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2064] write(1, "executing program\n", 18) = 18 [pid 2064] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2064] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 2064] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2064] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 2064] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 285] <... close resumed>) = 0 [pid 2064] <... mprotect resumed>) = 0 [pid 284] ioctl(3, LOOP_CLR_FD [pid 2064] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2060] chdir("./file1" [pid 2064] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2064] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 2060] <... chdir resumed>) = 0 [pid 2064] <... clone3 resumed> => {parent_tid=[2066]}, 88) = 2066 [pid 2060] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2060] <... openat resumed>) = 4 [pid 2064] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2060] ioctl(4, LOOP_CLR_FD [pid 2064] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2060] <... ioctl resumed>) = 0 [pid 2060] close(4) = 0 [pid 2060] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2058] <... futex resumed>) = 0 [pid 2060] openat(AT_FDCWD, "./file1", O_RDWR [pid 2058] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2060] <... openat resumed>) = 4 [pid 2058] <... futex resumed>) = 0 [pid 2060] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2058] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2060] <... futex resumed>) = 0 [pid 2058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2060] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 2058] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2060] <... pwrite64 resumed>) = 87490 [pid 2058] <... futex resumed>) = 0 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 284] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 2058] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2065] <... set_robust_list resumed>) = 0 [pid 2065] chdir("./71") = 0 [pid 2065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 284] close(3 [pid 2065] setpgid(0, 0) = 0 [pid 2065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 285] <... clone resumed>, child_tidptr=0x55557fe8a690) = 2067 [pid 284] <... close resumed>) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2065] <... openat resumed>) = 3 [pid 2065] write(3, "1000", 4) = 4 [pid 2065] close(3) = 0 [pid 2065] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 284] <... clone resumed>, child_tidptr=0x55557fe8a690) = 2068 [pid 2065] write(1, "executing program\n", 18) = 18 [pid 2065] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2065] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 2065] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 2065] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2065] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2065] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[2069]}, 88) = 2069 [pid 2065] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2065] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2065] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2060] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2058] <... futex resumed>) = 0 [pid 2058] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2058] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2060] <... futex resumed>) = 1 [pid 2060] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 2060] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2058] <... futex resumed>) = 0 [pid 2058] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2058] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2060] <... futex resumed>) = 1 [pid 2060] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864./strace-static-x86_64: Process 2067 attached ./strace-static-x86_64: Process 2068 attached [pid 2068] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 2067] set_robust_list(0x55557fe8a6a0, 24 [pid 2068] chdir("./70" [pid 2067] <... set_robust_list resumed>) = 0 [pid 2067] chdir("./67" [pid 2068] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 2069 attached ./strace-static-x86_64: Process 2066 attached [pid 2068] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2067] <... chdir resumed>) = 0 [pid 2068] <... prctl resumed>) = 0 [pid 2067] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2068] setpgid(0, 0 [pid 2067] <... prctl resumed>) = 0 [pid 2067] setpgid(0, 0 [pid 2068] <... setpgid resumed>) = 0 [pid 2067] <... setpgid resumed>) = 0 [pid 2067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2067] <... openat resumed>) = 3 [pid 2068] <... openat resumed>) = 3 [pid 2068] write(3, "1000", 4) = 4 [pid 2067] write(3, "1000", 4 [pid 2068] close(3 [pid 2067] <... write resumed>) = 4 [pid 2067] close(3 [pid 2068] <... close resumed>) = 0 [pid 2067] <... close resumed>) = 0 executing program [pid 2068] symlink("/dev/binderfs", "./binderfs" [pid 2067] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2068] <... symlink resumed>) = 0 [pid 2068] write(1, "executing program\n", 18) = 18 executing program [pid 2068] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2067] write(1, "executing program\n", 18 [pid 2068] <... futex resumed>) = 0 [pid 2067] <... write resumed>) = 18 [pid 2068] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 2067] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2068] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2067] <... futex resumed>) = 0 [pid 2068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2067] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 2068] <... mmap resumed>) = 0x7f8965398000 [pid 2067] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2067] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2068] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2067] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2068] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2067] <... mmap resumed>) = 0x7f8965398000 [pid 2067] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2067] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2068] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2068] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 2067] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2067] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 2068] <... clone3 resumed> => {parent_tid=[2070]}, 88) = 2070 [pid 2068] rt_sigprocmask(SIG_SETMASK, [], [pid 2067] <... clone3 resumed> => {parent_tid=[2071]}, 88) = 2071 [pid 2068] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2067] rt_sigprocmask(SIG_SETMASK, [], [pid 2068] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2067] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2068] <... futex resumed>) = 0 [pid 2067] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2068] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2067] <... futex resumed>) = 0 [pid 2067] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2066] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 2066] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2066] memfd_create("syzkaller", 0) = 3 [pid 2066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 2069] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 2069] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2069] memfd_create("syzkaller", 0) = 3 [pid 2069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 ./strace-static-x86_64: Process 2070 attached [pid 2070] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 2070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2070] memfd_create("syzkaller", 0) = 3 [pid 2060] <... pwrite64 resumed>) = 176128 ./strace-static-x86_64: Process 2071 attached [ 69.086402][ T2060] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [pid 2060] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2071] set_robust_list(0x7f89653b89a0, 24 [pid 2060] <... futex resumed>) = 1 [pid 2058] <... futex resumed>) = 0 [pid 2070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 2071] <... set_robust_list resumed>) = 0 [pid 2060] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2058] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2058] <... futex resumed>) = 0 [pid 2069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2069] munmap(0x7f895cf98000, 138412032) = 0 [pid 2069] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 2069] ioctl(4, LOOP_SET_FD, 3 [pid 2070] <... write resumed>) = 524288 [pid 2070] munmap(0x7f895cf98000, 138412032) = 0 [pid 2070] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2066] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2066] munmap(0x7f895cf98000, 138412032) = 0 [pid 2066] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2071] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2071] memfd_create("syzkaller", 0) = 3 [pid 2071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 2071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2058] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2071] <... write resumed>) = 524288 [pid 2071] munmap(0x7f895cf98000, 138412032 [pid 2060] <... pwrite64 resumed>) = 176128 [pid 2060] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2058] <... futex resumed>) = 0 [pid 2058] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2058] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2060] <... futex resumed>) = 1 [pid 2060] truncate("./file1", 1 [pid 2069] <... ioctl resumed>) = 0 [pid 2069] close(3 [pid 2070] <... openat resumed>) = 4 [pid 2069] <... close resumed>) = 0 [pid 2066] <... openat resumed>) = 4 [pid 2071] <... munmap resumed>) = 0 [pid 2070] ioctl(4, LOOP_SET_FD, 3 [pid 2069] close(4 [pid 2066] ioctl(4, LOOP_SET_FD, 3 [pid 2071] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2069] <... close resumed>) = 0 [pid 2069] mkdir("./file1", 0777 [pid 2060] <... truncate resumed>) = 0 [pid 2069] <... mkdir resumed>) = 0 [pid 2060] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2058] <... futex resumed>) = 0 [pid 2069] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 2058] exit_group(0) = ? [pid 2060] <... futex resumed>) = ? [pid 2070] <... ioctl resumed>) = 0 [pid 2060] +++ exited with 0 +++ [pid 2058] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2058, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 2070] close(3) = 0 [pid 2070] close(4 [pid 2066] <... ioctl resumed>) = 0 [pid 2071] <... openat resumed>) = 4 [pid 2071] ioctl(4, LOOP_SET_FD, 3 [pid 2066] close(3) = 0 [pid 2066] close(4 [pid 287] <... restart_syscall resumed>) = 0 [pid 287] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2071] <... ioctl resumed>) = 0 [pid 2071] close(3) = 0 [pid 2071] close(4 [pid 2070] <... close resumed>) = 0 [pid 2070] mkdir("./file1", 0777) = 0 [pid 2070] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 2066] <... close resumed>) = 0 [pid 2071] <... close resumed>) = 0 [pid 2071] mkdir("./file1", 0777) = 0 [pid 2071] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 2066] mkdir("./file1", 0777) = 0 [ 69.133108][ T2060] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 69.149059][ T2060] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 69.177644][ T2070] EXT4-fs (loop1): Ignoring removed nobh option [ 69.179400][ T2069] EXT4-fs (loop3): Ignoring removed nobh option [ 69.184277][ T2070] EXT4-fs (loop1): Ignoring removed bh option [ 69.191794][ T2069] EXT4-fs (loop3): Ignoring removed bh option [ 69.202882][ T2071] EXT4-fs (loop2): Ignoring removed nobh option [ 69.209487][ T2071] EXT4-fs (loop2): Ignoring removed bh option [ 69.209854][ T2066] EXT4-fs (loop0): Ignoring removed nobh option [ 69.215747][ T2071] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 69.223050][ T2069] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 69.234255][ T2070] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 69.246861][ T2066] EXT4-fs (loop0): Ignoring removed bh option [ 69.265845][ T2066] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 2066] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 2069] <... mount resumed>) = 0 [pid 2069] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 2069] chdir("./file1") = 0 [pid 2069] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2071] <... mount resumed>) = 0 [pid 2071] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 2071] chdir("./file1") = 0 [ 69.267699][ T2069] EXT4-fs (loop3): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 69.278649][ T2071] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [pid 2071] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2070] <... mount resumed>) = 0 [pid 2069] <... openat resumed>) = 4 [pid 287] <... umount2 resumed>) = 0 [pid 2069] ioctl(4, LOOP_CLR_FD) = 0 [pid 2069] close(4) = 0 [pid 2069] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2065] <... futex resumed>) = 0 [pid 2069] openat(AT_FDCWD, "./file1", O_RDWR [pid 2065] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2069] <... openat resumed>) = 4 [pid 2065] <... futex resumed>) = 0 [pid 2069] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2065] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2069] <... futex resumed>) = 0 [pid 2065] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2069] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 2065] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2069] <... pwrite64 resumed>) = 87490 [pid 2065] <... futex resumed>) = 0 [pid 2065] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 287] umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./67/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./67/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./67/file1") = 0 [pid 287] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./67/binderfs") = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./67") = 0 [pid 287] mkdir("./68", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 2084 [pid 2069] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2065] <... futex resumed>) = 0 [pid 2065] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2065] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2069] <... futex resumed>) = 1 [pid 2069] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 2069] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2065] <... futex resumed>) = 0 [pid 2065] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2065] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2069] <... futex resumed>) = 1 [pid 2069] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864./strace-static-x86_64: Process 2084 attached [pid 2071] <... openat resumed>) = 4 [pid 2070] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 2066] <... mount resumed>) = 0 [pid 2084] set_robust_list(0x55557fe8a6a0, 24 [pid 2071] ioctl(4, LOOP_CLR_FD [pid 2070] <... openat resumed>) = 3 [pid 2084] <... set_robust_list resumed>) = 0 [pid 2071] <... ioctl resumed>) = 0 [pid 2070] chdir("./file1" [pid 2084] chdir("./68" [pid 2071] close(4 [pid 2070] <... chdir resumed>) = 0 [pid 2084] <... chdir resumed>) = 0 [pid 2071] <... close resumed>) = 0 [pid 2070] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 2084] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2071] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2070] <... openat resumed>) = 4 [pid 2084] <... prctl resumed>) = 0 [pid 2071] <... futex resumed>) = 1 [pid 2070] ioctl(4, LOOP_CLR_FD [pid 2067] <... futex resumed>) = 0 [pid 2084] setpgid(0, 0 [pid 2071] openat(AT_FDCWD, "./file1", O_RDWR [pid 2070] <... ioctl resumed>) = 0 [pid 2067] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2084] <... setpgid resumed>) = 0 [pid 2071] <... openat resumed>) = 4 [pid 2070] close(4 [pid 2067] <... futex resumed>) = 0 [pid 2084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2071] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2070] <... close resumed>) = 0 [pid 2069] <... pwrite64 resumed>) = 176128 [pid 2067] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2066] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 2084] <... openat resumed>) = 3 [pid 2071] <... futex resumed>) = 0 [pid 2070] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2067] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2084] write(3, "1000", 4 [pid 2071] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 2070] <... futex resumed>) = 1 [pid 2068] <... futex resumed>) = 0 [pid 2067] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2084] <... write resumed>) = 4 [pid 2070] openat(AT_FDCWD, "./file1", O_RDWR [pid 2069] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2068] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2067] <... futex resumed>) = 0 [pid 2066] <... openat resumed>) = 3 [pid 2084] close(3 [pid 2070] <... openat resumed>) = 4 [pid 2068] <... futex resumed>) = 0 [pid 2067] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2084] <... close resumed>) = 0 [pid 2070] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2068] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2084] symlink("/dev/binderfs", "./binderfs" [pid 2070] <... futex resumed>) = 0 [pid 2068] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2084] <... symlink resumed>) = 0 [pid 2070] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 2068] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 2084] write(1, "executing program\n", 18 [pid 2071] <... pwrite64 resumed>) = 87490 [pid 2070] <... pwrite64 resumed>) = 87490 [pid 2069] <... futex resumed>) = 1 [pid 2068] <... futex resumed>) = 0 [pid 2066] chdir("./file1" [pid 2065] <... futex resumed>) = 0 [pid 2084] <... write resumed>) = 18 [pid 2071] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2068] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2065] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2084] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2071] <... futex resumed>) = 1 [pid 2067] <... futex resumed>) = 0 [pid 2065] <... futex resumed>) = 0 [pid 2084] <... futex resumed>) = 0 [pid 2071] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2067] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2084] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, [pid 2071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2069] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2067] <... futex resumed>) = 0 [pid 2066] <... chdir resumed>) = 0 [pid 2065] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2084] <... rt_sigaction resumed>NULL, 8) = 0 [pid 2071] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 2067] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2084] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 2071] <... openat resumed>) = 5 [pid 2066] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2071] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2070] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 2070] <... futex resumed>) = 1 [pid 2068] <... futex resumed>) = 0 [ 69.304479][ T2070] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 69.328772][ T2066] EXT4-fs (loop0): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 69.372765][ T2069] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 2084] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE [pid 2070] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 2068] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2084] <... mprotect resumed>) = 0 [pid 2070] <... openat resumed>) = 5 [pid 2068] <... futex resumed>) = 0 [pid 2084] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2070] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2068] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2084] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2070] <... futex resumed>) = 0 [pid 2068] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} [pid 2070] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2068] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 2085 attached [pid 2071] <... futex resumed>) = 1 [pid 2069] <... pwrite64 resumed>) = 176128 [pid 2068] <... futex resumed>) = 0 [pid 2066] <... openat resumed>) = 4 [pid 2071] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2069] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2066] ioctl(4, LOOP_CLR_FD [pid 2069] <... futex resumed>) = 1 [pid 2066] <... ioctl resumed>) = 0 [pid 2065] <... futex resumed>) = 0 [pid 2069] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2066] close(4 [pid 2065] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2069] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2066] <... close resumed>) = 0 [pid 2065] <... futex resumed>) = 0 [pid 2069] truncate("./file1", 1 [pid 2066] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2065] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2069] <... truncate resumed>) = 0 [pid 2066] <... futex resumed>) = 1 [pid 2064] <... futex resumed>) = 0 [pid 2066] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2064] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2066] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2064] <... futex resumed>) = 0 [pid 2069] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2066] openat(AT_FDCWD, "./file1", O_RDWR [pid 2064] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2069] <... futex resumed>) = 1 [pid 2065] <... futex resumed>) = 0 [pid 2069] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2065] exit_group(0 [pid 2069] <... futex resumed>) = ? [pid 2065] <... exit_group resumed>) = ? [pid 2069] +++ exited with 0 +++ [pid 2065] +++ exited with 0 +++ [pid 286] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2065, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 286] restart_syscall(<... resuming interrupted clone ...> [pid 2085] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 2085] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2085] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2067] <... futex resumed>) = 0 [pid 2067] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2071] <... futex resumed>) = 0 [pid 2067] <... futex resumed>) = 1 [pid 2071] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2067] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2084] <... clone3 resumed> => {parent_tid=[2085]}, 88) = 2085 [pid 2068] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2066] <... openat resumed>) = 4 [pid 286] <... restart_syscall resumed>) = 0 [pid 2084] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2084] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2085] <... futex resumed>) = 0 [pid 2084] <... futex resumed>) = 1 [pid 2085] memfd_create("syzkaller", 0 [pid 2084] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2085] <... memfd_create resumed>) = 3 [pid 2085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 2085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2085] munmap(0x7f895cf98000, 138412032) = 0 [pid 2085] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 2085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 2085] close(3) = 0 [pid 2085] close(4) = 0 [pid 2085] mkdir("./file1", 0777) = 0 [pid 2085] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 2066] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2066] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2064] <... futex resumed>) = 0 [pid 2064] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2066] <... futex resumed>) = 0 [pid 2064] <... futex resumed>) = 1 [pid 2071] <... pwrite64 resumed>) = 176128 [pid 2066] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 2064] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2071] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2070] <... pwrite64 resumed>) = 176128 [pid 2071] <... futex resumed>) = 1 [pid 2070] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2067] <... futex resumed>) = 0 [pid 2066] <... pwrite64 resumed>) = 87490 [ 69.403268][ T2069] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 69.409477][ T2070] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 69.435333][ T2071] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 286] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2071] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2068] <... futex resumed>) = 0 [pid 2068] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2068] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2070] <... futex resumed>) = 1 [pid 2070] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2067] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2066] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 286] <... openat resumed>) = 3 [pid 2071] <... futex resumed>) = 0 [pid 2067] <... futex resumed>) = 1 [pid 2071] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2067] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2066] <... futex resumed>) = 1 [pid 2064] <... futex resumed>) = 0 [pid 286] newfstatat(3, "", [pid 2070] <... pwrite64 resumed>) = 176128 [pid 2070] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2068] <... futex resumed>) = 0 [pid 2068] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2068] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2070] <... futex resumed>) = 1 [pid 2070] truncate("./file1", 1) = 0 [pid 2070] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2068] <... futex resumed>) = 0 [pid 2068] exit_group(0) = ? [pid 2070] <... futex resumed>) = ? [pid 2070] +++ exited with 0 +++ [pid 2068] +++ exited with 0 +++ [pid 2071] <... pwrite64 resumed>) = 176128 [pid 2071] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2067] <... futex resumed>) = 0 [pid 2067] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2067] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2071] <... futex resumed>) = 1 [pid 2071] truncate("./file1", 1) = 0 [pid 2071] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2067] <... futex resumed>) = 0 [pid 2067] exit_group(0) = ? [pid 2071] <... futex resumed>) = ? [pid 2071] +++ exited with 0 +++ [pid 2067] +++ exited with 0 +++ [pid 2066] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2064] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2066] <... futex resumed>) = 0 [pid 2064] <... futex resumed>) = 1 [ 69.454787][ T2085] EXT4-fs (loop4): Ignoring removed nobh option [ 69.457790][ T2070] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 69.461602][ T2085] EXT4-fs (loop4): Ignoring removed bh option [ 69.476683][ T2071] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 2066] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 2064] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2066] <... openat resumed>) = 5 [pid 2066] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2064] <... futex resumed>) = 0 [pid 2066] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2064] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 286] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 2064] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 286] getdents64(3, [pid 285] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2067, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 284] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2068, si_uid=0, si_status=0, si_utime=0, si_stime=9} --- [pid 286] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 285] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] umount2("./71/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 285] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 284] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 285] <... openat resumed>) = 3 [pid 285] newfstatat(3, "", [pid 284] <... openat resumed>) = 3 [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] newfstatat(3, "", [pid 285] getdents64(3, [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] getdents64(3, [pid 285] umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] <... getdents64 resumed>0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 284] umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2066] <... pwrite64 resumed>) = 176128 [pid 2066] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2066] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2064] <... futex resumed>) = 0 [pid 2064] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2064] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2066] <... futex resumed>) = 0 [pid 2066] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2085] <... mount resumed>) = 0 [pid 2085] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 2085] chdir("./file1") = 0 [ 69.481899][ T2085] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 69.513877][ T2066] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 69.529979][ T2085] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [pid 2085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2066] <... pwrite64 resumed>) = 176128 [pid 2066] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2066] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2064] <... futex resumed>) = 0 [pid 2064] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2064] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2066] <... futex resumed>) = 0 [pid 2066] truncate("./file1", 1) = 0 [pid 2066] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2064] <... futex resumed>) = 0 [pid 2064] exit_group(0) = ? [pid 2066] <... futex resumed>) = ? [pid 2066] +++ exited with 0 +++ [pid 2064] +++ exited with 0 +++ [pid 283] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2064, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- [pid 283] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 283] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 283] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 283] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 283] umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] <... umount2 resumed>) = 0 [pid 286] umount2("./71/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./71/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] umount2("./71/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] openat(AT_FDCWD, "./71/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 286] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 286] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 286] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 286] close(4) = 0 [pid 286] rmdir("./71/file1") = 0 [pid 286] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 286] newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 286] unlink("./71/binderfs") = 0 [pid 286] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 286] close(3) = 0 [pid 286] rmdir("./71") = 0 [pid 286] mkdir("./72", 0777) = 0 [ 69.532144][ T2066] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 286] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2085] <... openat resumed>) = 4 [pid 2085] ioctl(4, LOOP_CLR_FD) = 0 [pid 286] <... openat resumed>) = 3 [pid 285] <... umount2 resumed>) = 0 [pid 284] <... umount2 resumed>) = 0 [pid 286] ioctl(3, LOOP_CLR_FD [pid 285] umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 286] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 286] close(3 [pid 285] newfstatat(AT_FDCWD, "./67/file1", [pid 2085] close(4 [pid 286] <... close resumed>) = 0 [pid 284] umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] <... umount2 resumed>) = 0 [pid 2085] <... close resumed>) = 0 [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2085] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] newfstatat(AT_FDCWD, "./70/file1", [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2085] <... futex resumed>) = 1 [pid 2084] <... futex resumed>) = 0 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] newfstatat(AT_FDCWD, "./68/file1", [pid 2085] openat(AT_FDCWD, "./file1", O_RDWR [pid 2084] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 284] umount2("./70/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2085] <... openat resumed>) = 4 [pid 2084] <... futex resumed>) = 0 [pid 286] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 285] umount2("./67/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2085] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2084] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] openat(AT_FDCWD, "./70/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2085] <... futex resumed>) = 0 [pid 2084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 284] <... openat resumed>) = 4 [pid 283] openat(AT_FDCWD, "./68/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2085] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 2084] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] openat(AT_FDCWD, "./67/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 284] newfstatat(4, "", [pid 283] <... openat resumed>) = 4 [pid 2085] <... pwrite64 resumed>) = 87490 [pid 2084] <... futex resumed>) = 0 [pid 286] <... clone resumed>, child_tidptr=0x55557fe8a690) = 2089 [pid 285] <... openat resumed>) = 4 [pid 284] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 283] newfstatat(4, "", [pid 2084] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] newfstatat(4, "", [pid 284] getdents64(4, [pid 283] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 285] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 284] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 283] getdents64(4, [pid 285] getdents64(4, [pid 284] getdents64(4, [pid 283] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 285] <... getdents64 resumed>0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 284] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 283] getdents64(4, [pid 285] getdents64(4, [pid 284] close(4 [pid 283] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 285] <... getdents64 resumed>0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 284] <... close resumed>) = 0 [pid 283] close(4 [pid 285] close(4 [pid 284] rmdir("./70/file1" [pid 283] <... close resumed>) = 0 [pid 285] <... close resumed>) = 0 [pid 284] <... rmdir resumed>) = 0 [pid 283] rmdir("./68/file1"./strace-static-x86_64: Process 2089 attached [pid 2085] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] rmdir("./67/file1" [pid 284] umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 283] <... rmdir resumed>) = 0 [pid 2085] <... futex resumed>) = 1 [pid 2084] <... futex resumed>) = 0 [pid 284] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 283] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2085] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 2084] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] <... rmdir resumed>) = 0 [pid 284] newfstatat(AT_FDCWD, "./70/binderfs", [pid 283] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2085] <... openat resumed>) = 5 [pid 2084] <... futex resumed>) = 0 [pid 285] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 284] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 283] newfstatat(AT_FDCWD, "./68/binderfs", [pid 2085] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2084] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 284] unlink("./70/binderfs" [pid 283] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 2085] <... futex resumed>) = 0 [pid 2084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 285] newfstatat(AT_FDCWD, "./67/binderfs", [pid 284] <... unlink resumed>) = 0 [pid 283] unlink("./68/binderfs" [pid 2085] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2084] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 285] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 284] getdents64(3, [pid 283] <... unlink resumed>) = 0 [pid 2089] set_robust_list(0x55557fe8a6a0, 24 [pid 2084] <... futex resumed>) = 0 [pid 285] unlink("./67/binderfs" [pid 284] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 283] getdents64(3, [pid 2084] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 285] <... unlink resumed>) = 0 [pid 284] close(3 [pid 285] getdents64(3, [pid 283] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 285] <... getdents64 resumed>0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 284] <... close resumed>) = 0 [pid 285] close(3 [pid 284] rmdir("./70" [pid 283] close(3 [pid 285] <... close resumed>) = 0 [pid 285] rmdir("./67") = 0 [pid 284] <... rmdir resumed>) = 0 [pid 283] <... close resumed>) = 0 [pid 285] mkdir("./68", 0777) = 0 [pid 284] mkdir("./71", 0777 [pid 283] rmdir("./68" [pid 285] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 285] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 284] <... mkdir resumed>) = 0 [pid 2089] <... set_robust_list resumed>) = 0 [pid 285] close(3 [pid 2089] chdir("./72" [pid 285] <... close resumed>) = 0 [pid 284] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 283] <... rmdir resumed>) = 0 [pid 2089] <... chdir resumed>) = 0 [pid 285] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 2089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 285] <... clone resumed>, child_tidptr=0x55557fe8a690) = 2090 [pid 2089] setpgid(0, 0) = 0 [pid 2089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2089] write(3, "1000", 4) = 4 executing program [pid 2089] close(3) = 0 [pid 2089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2089] write(1, "executing program\n", 18) = 18 [pid 2089] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2089] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 2089] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 2089] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2089] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2089] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[2091]}, 88) = 2091 [pid 2089] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2089] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2089] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 284] <... openat resumed>) = 3 [pid 284] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 284] close(3) = 0 [pid 284] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 2092 [pid 283] mkdir("./69", 0777) = 0 [pid 283] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 283] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 283] close(3) = 0 [pid 283] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 2093 ./strace-static-x86_64: Process 2093 attached ./strace-static-x86_64: Process 2092 attached ./strace-static-x86_64: Process 2091 attached ./strace-static-x86_64: Process 2090 attached [pid 2093] set_robust_list(0x55557fe8a6a0, 24 [pid 2092] set_robust_list(0x55557fe8a6a0, 24 [pid 2091] set_robust_list(0x7f89653b89a0, 24 [pid 2090] set_robust_list(0x55557fe8a6a0, 24 [pid 2085] <... pwrite64 resumed>) = 176128 [pid 2093] <... set_robust_list resumed>) = 0 [pid 2092] <... set_robust_list resumed>) = 0 [pid 2091] <... set_robust_list resumed>) = 0 [pid 2090] <... set_robust_list resumed>) = 0 [pid 2093] chdir("./69" [pid 2092] chdir("./71" [pid 2091] rt_sigprocmask(SIG_SETMASK, [], [pid 2093] <... chdir resumed>) = 0 [pid 2092] <... chdir resumed>) = 0 [pid 2090] chdir("./68" [pid 2093] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2092] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2085] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2093] <... prctl resumed>) = 0 [pid 2092] <... prctl resumed>) = 0 [pid 2090] <... chdir resumed>) = 0 [pid 2093] setpgid(0, 0 [pid 2092] setpgid(0, 0 [pid 2091] memfd_create("syzkaller", 0 [pid 2090] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2085] <... futex resumed>) = 1 [pid 2084] <... futex resumed>) = 0 [pid 2093] <... setpgid resumed>) = 0 [pid 2092] <... setpgid resumed>) = 0 [pid 2091] <... memfd_create resumed>) = 3 [pid 2090] <... prctl resumed>) = 0 [pid 2084] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 2090] setpgid(0, 0 [pid 2085] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2084] <... futex resumed>) = 0 [pid 2093] <... openat resumed>) = 3 [pid 2092] <... openat resumed>) = 3 [pid 2091] <... mmap resumed>) = 0x7f895cf98000 [pid 2090] <... setpgid resumed>) = 0 [pid 2084] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2093] write(3, "1000", 4 [pid 2092] write(3, "1000", 4 [pid 2093] <... write resumed>) = 4 [pid 2092] <... write resumed>) = 4 [pid 2091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 2093] close(3 [pid 2092] close(3 [pid 2090] <... openat resumed>) = 3 [pid 2093] <... close resumed>) = 0 [pid 2092] <... close resumed>) = 0 [pid 2090] write(3, "1000", 4 [pid 2093] symlink("/dev/binderfs", "./binderfs" [pid 2092] symlink("/dev/binderfs", "./binderfs" [pid 2091] <... write resumed>) = 524288 [pid 2090] <... write resumed>) = 4 executing program [pid 2093] <... symlink resumed>) = 0 [pid 2093] write(1, "executing program\n", 18) = 18 [pid 2093] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2093] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 2093] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 2093] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[2094]}, 88) = 2094 [pid 2093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2093] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2093] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}executing program [pid 2092] <... symlink resumed>) = 0 [pid 2092] write(1, "executing program\n", 18) = 18 [pid 2092] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2092] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 2092] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 2092] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2092] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2092] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[2095]}, 88) = 2095 [pid 2092] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2092] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2092] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 2091] munmap(0x7f895cf98000, 138412032) = 0 [pid 2091] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 2091] ioctl(4, LOOP_SET_FD, 3executing program [pid 2090] close(3) = 0 [pid 2090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2090] write(1, "executing program\n", 18) = 18 [pid 2090] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2090] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 2090] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 2090] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2090] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[2097]}, 88) = 2097 [pid 2090] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2090] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2090] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2094 attached [pid 2094] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 2094] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2094] memfd_create("syzkaller", 0) = 3 [pid 2094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 2094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2094] munmap(0x7f895cf98000, 138412032) = 0 [pid 2094] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 2097 attached ./strace-static-x86_64: Process 2095 attached [pid 2091] <... ioctl resumed>) = 0 [pid 2097] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 2097] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2097] memfd_create("syzkaller", 0) = 3 [pid 2097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 2095] set_robust_list(0x7f89653b89a0, 24 [pid 2094] <... openat resumed>) = 4 [pid 2091] close(3 [pid 2097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2091] <... close resumed>) = 0 [pid 2085] <... pwrite64 resumed>) = 176128 [pid 2095] <... set_robust_list resumed>) = 0 [pid 2094] ioctl(4, LOOP_SET_FD, 3 [pid 2091] close(4 [pid 2085] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2097] <... write resumed>) = 524288 [pid 2095] rt_sigprocmask(SIG_SETMASK, [], [pid 2091] <... close resumed>) = 0 [pid 2097] munmap(0x7f895cf98000, 138412032 [pid 2091] mkdir("./file1", 0777 [pid 2097] <... munmap resumed>) = 0 [pid 2097] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2095] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2091] <... mkdir resumed>) = 0 [pid 2091] mount("/dev/loop3", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 2095] memfd_create("syzkaller", 0) = 3 [pid 2095] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 2085] <... futex resumed>) = 1 [pid 2084] <... futex resumed>) = 0 [ 69.723429][ T2085] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 69.745356][ T2085] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 2084] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2097] <... openat resumed>) = 4 [pid 2095] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288 [pid 2094] <... ioctl resumed>) = 0 [pid 2085] truncate("./file1", 1 [pid 2084] <... futex resumed>) = 0 [pid 2097] ioctl(4, LOOP_SET_FD, 3 [pid 2085] <... truncate resumed>) = 0 [pid 2084] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2085] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2084] <... futex resumed>) = 0 [pid 2084] exit_group(0) = ? [pid 2085] <... futex resumed>) = ? [pid 2085] +++ exited with 0 +++ [pid 2084] +++ exited with 0 +++ [pid 287] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=2084, si_uid=0, si_status=0, si_utime=0, si_stime=8} --- [pid 287] restart_syscall(<... resuming interrupted clone ...> [pid 2094] close(3) = 0 [pid 2094] close(4 [pid 2097] <... ioctl resumed>) = 0 [pid 287] <... restart_syscall resumed>) = 0 [pid 2097] close(3) = 0 [pid 2097] close(4 [pid 287] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2097] <... close resumed>) = 0 [pid 287] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 2097] mkdir("./file1", 0777 [pid 287] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 2097] <... mkdir resumed>) = 0 [pid 287] <... openat resumed>) = 3 [pid 2097] mount("/dev/loop2", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 287] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 4 entries */, 32768) = 112 [pid 287] umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 2095] <... write resumed>) = 524288 [pid 2095] munmap(0x7f895cf98000, 138412032) = 0 [pid 2095] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 2094] <... close resumed>) = 0 [pid 2095] ioctl(4, LOOP_SET_FD, 3 [pid 2094] mkdir("./file1", 0777) = 0 [ 69.768188][ T2091] EXT4-fs (loop3): Ignoring removed nobh option [ 69.774473][ T2091] EXT4-fs (loop3): Ignoring removed bh option [ 69.781128][ T2091] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 69.797031][ T2097] EXT4-fs (loop2): Ignoring removed nobh option [ 69.803377][ T2097] EXT4-fs (loop2): Ignoring removed bh option [ 69.809594][ T2097] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [pid 2094] mount("/dev/loop0", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 2091] <... mount resumed>) = 0 [pid 2091] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 2091] chdir("./file1") = 0 [pid 2091] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 2097] <... mount resumed>) = 0 [pid 2097] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 2097] chdir("./file1") = 0 [pid 2097] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 2095] <... ioctl resumed>) = 0 [pid 2095] close(3) = 0 [ 69.823634][ T2091] EXT4-fs (loop3): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 69.826212][ T2097] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [pid 2095] close(4) = 0 [pid 287] <... umount2 resumed>) = 0 [pid 287] umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./68/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] umount2("./68/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] openat(AT_FDCWD, "./68/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 287] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 287] getdents64(4, 0x55557fe93770 /* 2 entries */, 32768) = 48 [pid 287] getdents64(4, 0x55557fe93770 /* 0 entries */, 32768) = 0 [pid 287] close(4) = 0 [pid 287] rmdir("./68/file1") = 0 [pid 287] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 287] newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 287] unlink("./68/binderfs") = 0 [pid 287] getdents64(3, 0x55557fe8b730 /* 0 entries */, 32768) = 0 [pid 287] close(3) = 0 [pid 287] rmdir("./68") = 0 [pid 287] mkdir("./69", 0777) = 0 [pid 287] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 287] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 287] close(3) = 0 [pid 2095] mkdir("./file1", 0777 [pid 287] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557fe8a690) = 2105 [pid 2091] <... openat resumed>) = 4 [pid 2095] <... mkdir resumed>) = 0 [pid 2091] ioctl(4, LOOP_CLR_FD./strace-static-x86_64: Process 2105 attached [pid 2105] set_robust_list(0x55557fe8a6a0, 24) = 0 [pid 2105] chdir("./69") = 0 executing program [pid 2105] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 2095] mount("/dev/loop1", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 2105] <... prctl resumed>) = 0 [pid 2105] setpgid(0, 0) = 0 [pid 2105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 2105] write(3, "1000", 4) = 4 [pid 2105] close(3) = 0 [pid 2105] symlink("/dev/binderfs", "./binderfs") = 0 [pid 2105] write(1, "executing program\n", 18) = 18 [pid 2105] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2105] rt_sigaction(SIGRT_1, {sa_handler=0x7f89654222a0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8965413450}, NULL, 8) = 0 [pid 2105] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 2105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8965398000 [pid 2105] mprotect(0x7f8965399000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 2105] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 2105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f89653b8990, parent_tid=0x7f89653b8990, exit_signal=0, stack=0x7f8965398000, stack_size=0x20300, tls=0x7f89653b86c0} => {parent_tid=[2106]}, 88) = 2106 [pid 2105] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2105] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2105] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 2106 attached [pid 2106] set_robust_list(0x7f89653b89a0, 24) = 0 [pid 2106] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 2106] memfd_create("syzkaller", 0) = 3 [pid 2106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f895cf98000 [pid 2106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 524288) = 524288 [pid 2106] munmap(0x7f895cf98000, 138412032) = 0 [pid 2106] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 2097] <... openat resumed>) = 4 [pid 2091] <... ioctl resumed>) = 0 [pid 2097] ioctl(4, LOOP_CLR_FD [pid 2091] close(4 [pid 2097] <... ioctl resumed>) = 0 [pid 2091] <... close resumed>) = 0 [pid 2097] close(4 [pid 2091] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2097] <... close resumed>) = 0 [pid 2091] <... futex resumed>) = 1 [pid 2089] <... futex resumed>) = 0 [pid 2097] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2091] openat(AT_FDCWD, "./file1", O_RDWR [pid 2089] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2097] <... futex resumed>) = 1 [pid 2089] <... futex resumed>) = 0 [pid 2097] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2091] <... openat resumed>) = 4 [pid 2090] <... futex resumed>) = 0 [pid 2089] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2091] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2089] <... futex resumed>) = 0 [pid 2091] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 2089] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2089] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2106] <... openat resumed>) = 4 [pid 2106] ioctl(4, LOOP_SET_FD, 3 [pid 2090] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2097] <... futex resumed>) = 0 [pid 2090] <... futex resumed>) = 1 [pid 2097] openat(AT_FDCWD, "./file1", O_RDWR [pid 2090] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2091] <... pwrite64 resumed>) = 87490 [pid 2091] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2097] <... openat resumed>) = 4 [pid 2097] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2090] <... futex resumed>) = 0 [pid 2097] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 2090] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2097] <... pwrite64 resumed>) = 87490 [pid 2090] <... futex resumed>) = 0 [pid 2090] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2089] <... futex resumed>) = 0 [pid 2089] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2089] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2091] <... futex resumed>) = 1 [pid 2091] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 2097] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2091] <... openat resumed>) = 5 [pid 2090] <... futex resumed>) = 0 [pid 2090] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2090] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2097] <... futex resumed>) = 1 [pid 2097] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 2091] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2097] <... openat resumed>) = 5 [pid 2091] <... futex resumed>) = 1 [pid 2089] <... futex resumed>) = 0 [pid 2097] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2091] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2089] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2097] <... futex resumed>) = 1 [pid 2090] <... futex resumed>) = 0 [pid 2089] <... futex resumed>) = 0 [pid 2097] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [ 69.931797][ T2094] EXT4-fs (loop0): Ignoring removed nobh option [ 69.939462][ T2094] EXT4-fs (loop0): Ignoring removed bh option [ 69.946129][ T2094] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 69.961894][ T2095] EXT4-fs (loop1): Ignoring removed nobh option [ 69.968730][ T2095] EXT4-fs (loop1): Ignoring removed bh option [pid 2090] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2089] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2090] <... futex resumed>) = 0 [pid 2090] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2106] <... ioctl resumed>) = 0 [pid 2106] close(3) = 0 [pid 2106] close(4) = 0 [pid 2106] mkdir("./file1", 0777) = 0 [pid 2106] mount("/dev/loop4", "./file1", "ext4", MS_NOSUID|MS_NODEV|MS_MANDLOCK|MS_STRICTATIME|MS_LAZYTIME, "delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00"... [pid 2089] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 69.974921][ T2095] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 69.984812][ T2097] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 69.988135][ T2091] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [pid 2089] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2090] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 2089] <... futex resumed>) = 0 [pid 2090] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2090] <... futex resumed>) = 0 [pid 2089] <... mmap resumed>) = 0x7f8965377000 [pid 2090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2089] mprotect(0x7f8965378000, 131072, PROT_READ|PROT_WRITE [pid 2090] <... mmap resumed>) = 0x7f8965377000 [pid 2089] <... mprotect resumed>) = 0 [pid 2090] mprotect(0x7f8965378000, 131072, PROT_READ|PROT_WRITE [pid 2089] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2090] <... mprotect resumed>) = 0 [pid 2089] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2090] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2089] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8965397990, parent_tid=0x7f8965397990, exit_signal=0, stack=0x7f8965377000, stack_size=0x20300, tls=0x7f89653976c0} [pid 2090] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8965397990, parent_tid=0x7f8965397990, exit_signal=0, stack=0x7f8965377000, stack_size=0x20300, tls=0x7f89653976c0} [pid 2089] <... clone3 resumed> => {parent_tid=[2111]}, 88) = 2111 [pid 2089] rt_sigprocmask(SIG_SETMASK, [], [pid 2090] <... clone3 resumed> => {parent_tid=[2112]}, 88) = 2112 [pid 2089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2090] rt_sigprocmask(SIG_SETMASK, [], [pid 2089] futex(0x7f89654836d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2089] <... futex resumed>) = 0 [pid 2090] futex(0x7f89654836d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2089] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2090] <... futex resumed>) = 0 [pid 2090] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2097] <... pwrite64 resumed>) = 176128 [pid 2097] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2097] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2091] <... pwrite64 resumed>) = 176128 [pid 2091] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2091] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2095] <... mount resumed>) = 0 [pid 2095] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 2095] chdir("./file1") = 0 [pid 2095] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 2095] ioctl(4, LOOP_CLR_FD) = 0 [ 70.016561][ T2094] EXT4-fs (loop0): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 70.040829][ T2106] EXT4-fs (loop4): Ignoring removed nobh option [ 70.041351][ T2095] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 70.055316][ T2106] EXT4-fs (loop4): Ignoring removed bh option [pid 2095] close(4./strace-static-x86_64: Process 2112 attached ./strace-static-x86_64: Process 2111 attached [pid 2094] <... mount resumed>) = 0 [pid 2089] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 2089] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 2089] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2091] <... futex resumed>) = 0 [pid 2089] <... futex resumed>) = 1 [pid 2091] truncate("./file1", 1 [pid 2089] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2091] <... truncate resumed>) = 0 [pid 2090] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 2090] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2097] <... futex resumed>) = 0 [pid 2090] <... futex resumed>) = 1 [pid 2097] truncate("./file1", 1 [pid 2090] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2112] set_robust_list(0x7f89653979a0, 24 [pid 2111] set_robust_list(0x7f89653979a0, 24 [pid 2095] <... close resumed>) = 0 [pid 2094] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 2091] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2112] <... set_robust_list resumed>) = 0 [pid 2111] <... set_robust_list resumed>) = 0 [pid 2094] <... openat resumed>) = 3 [pid 2112] rt_sigprocmask(SIG_SETMASK, [], [pid 2111] rt_sigprocmask(SIG_SETMASK, [], [pid 2094] chdir("./file1" [pid 2112] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2111] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2094] <... chdir resumed>) = 0 [pid 2112] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2111] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2094] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 2097] <... truncate resumed>) = 0 [pid 2095] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2094] <... openat resumed>) = 4 [pid 2091] <... futex resumed>) = 1 [pid 2089] <... futex resumed>) = 0 [pid 2094] ioctl(4, LOOP_CLR_FD) = 0 [pid 2094] close(4) = 0 [pid 2094] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2093] <... futex resumed>) = 0 [pid 2094] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2093] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2093] <... futex resumed>) = 0 [pid 2094] openat(AT_FDCWD, "./file1", O_RDWR [pid 2093] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2097] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2091] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2097] <... futex resumed>) = 1 [pid 2097] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2092] <... futex resumed>) = 0 [pid 2094] <... openat resumed>) = 4 [pid 2092] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2090] <... futex resumed>) = 0 [pid 2094] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2092] <... futex resumed>) = 0 [pid 2094] <... futex resumed>) = 1 [pid 2093] <... futex resumed>) = 0 [pid 2092] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2094] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2093] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2093] <... futex resumed>) = 0 [pid 2094] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900 [pid 2093] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2094] <... pwrite64 resumed>) = 87490 [pid 2094] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 2093] <... futex resumed>) = 0 [pid 2094] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000 [pid 2093] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2094] <... openat resumed>) = 5 [pid 2093] <... futex resumed>) = 0 [pid 2094] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2093] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2094] <... futex resumed>) = 0 [pid 2093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 2094] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2093] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2093] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2095] <... futex resumed>) = 1 [pid 2095] openat(AT_FDCWD, "./file1", O_RDWR) = 4 [pid 2095] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2092] <... futex resumed>) = 0 [pid 2092] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2092] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2095] <... futex resumed>) = 1 [ 70.078388][ T2106] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 70.097277][ T2111] ------------[ cut here ]------------ [ 70.098263][ T2112] ------------[ cut here ]------------ [ 70.102763][ T2111] kernel BUG at fs/ext4/extents.c:1014! [ 70.114155][ T2111] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 70.120279][ T2111] CPU: 1 PID: 2111 Comm: syz-executor361 Not tainted 5.10.238-syzkaller-00008-g59e9a7228857 #0 [pid 2095] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900) = 87490 [pid 2095] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2092] <... futex resumed>) = 0 [pid 2092] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2092] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2095] <... futex resumed>) = 1 [pid 2095] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 2095] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2092] <... futex resumed>) = 0 [pid 2092] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2092] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2095] <... futex resumed>) = 1 [ 70.129769][ T2094] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 70.130786][ T2111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 70.130814][ T2111] RIP: 0010:ext4_ext_insert_index+0x52d/0x530 [ 70.130833][ T2111] Code: 4c 89 fa e9 ca fd ff ff 44 89 f1 80 e1 07 fe c1 38 c1 0f 8c dd fd ff ff 4c 89 f7 e8 ad a2 d3 ff e9 d0 fd ff ff e8 83 b2 99 ff <0f> 0b 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 81 ec c0 00 00 [pid 2095] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2093] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 2092] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 2093] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2092] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2093] <... futex resumed>) = 0 [pid 2092] <... futex resumed>) = 0 [pid 2093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2093] <... mmap resumed>) = 0x7f8965377000 [pid 2092] <... mmap resumed>) = 0x7f8965377000 [pid 2093] mprotect(0x7f8965378000, 131072, PROT_READ|PROT_WRITE [pid 2092] mprotect(0x7f8965378000, 131072, PROT_READ|PROT_WRITE [pid 2093] <... mprotect resumed>) = 0 [pid 2092] <... mprotect resumed>) = 0 [pid 2093] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2092] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2093] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2092] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8965397990, parent_tid=0x7f8965397990, exit_signal=0, stack=0x7f8965377000, stack_size=0x20300, tls=0x7f89653976c0} [pid 2092] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8965397990, parent_tid=0x7f8965397990, exit_signal=0, stack=0x7f8965377000, stack_size=0x20300, tls=0x7f89653976c0} [pid 2093] <... clone3 resumed> => {parent_tid=[2117]}, 88) = 2117 [pid 2092] <... clone3 resumed> => {parent_tid=[2116]}, 88) = 2116 [pid 2093] rt_sigprocmask(SIG_SETMASK, [], [pid 2092] rt_sigprocmask(SIG_SETMASK, [], [pid 2093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2093] futex(0x7f89654836d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2092] futex(0x7f89654836d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2093] <... futex resumed>) = 0 [pid 2092] <... futex resumed>) = 0 [pid 2093] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2092] futex(0x7f89654836dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2106] <... mount resumed>) = 0 [pid 2106] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 2106] chdir("./file1") = 0 [pid 2106] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 2106] ioctl(4, LOOP_CLR_FD) = 0 [ 70.152749][ T2106] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue [ 70.155102][ T2111] RSP: 0018:ffffc90005326b20 EFLAGS: 00010293 [ 70.155116][ T2111] RAX: ffffffff81c9e18d RBX: ffff88810ee24424 RCX: ffff8881179acf00 [ 70.155122][ T2111] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [pid 2106] close(4) = 0 [pid 2106] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2105] <... futex resumed>) = 0 [pid 2105] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2105] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2106] <... futex resumed>) = 1 [pid 2106] openat(AT_FDCWD, "./file1", O_RDWR) = 4 [pid 2106] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2105] <... futex resumed>) = 0 [pid 2105] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2105] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2106] <... futex resumed>) = 1 [pid 2106] pwrite64(4, "\x32\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 87490, 134220900) = 87490 [pid 2106] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2105] <... futex resumed>) = 0 [pid 2105] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2105] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2106] <... futex resumed>) = 1 [pid 2106] openat(AT_FDCWD, "./file1", O_RDWR|O_CREAT, 000) = 5 [pid 2106] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 2105] <... futex resumed>) = 0 [pid 2105] futex(0x7f89654836c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2105] futex(0x7f89654836cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2106] <... futex resumed>) = 1 [pid 2106] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2093] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 2092] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 2093] futex(0x7f89654836ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 2092] futex(0x7f89654836ec, FUTEX_WAKE_PRIVATE, 1000000 [pid 2093] <... futex resumed>) = 0 [pid 2092] <... futex resumed>) = 0 [pid 2093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 2093] <... mmap resumed>) = 0x7f8965356000 [pid 2092] <... mmap resumed>) = 0x7f8965356000 [pid 2093] mprotect(0x7f8965357000, 131072, PROT_READ|PROT_WRITE [pid 2092] mprotect(0x7f8965357000, 131072, PROT_READ|PROT_WRITE [pid 2093] <... mprotect resumed>) = 0 [pid 2092] <... mprotect resumed>) = 0 [pid 2093] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2092] rt_sigprocmask(SIG_BLOCK, ~[], [pid 2093] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2092] <... rt_sigprocmask resumed>[], 8) = 0 [pid 2093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8965376990, parent_tid=0x7f8965376990, exit_signal=0, stack=0x7f8965356000, stack_size=0x20300, tls=0x7f89653766c0} [pid 2092] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8965376990, parent_tid=0x7f8965376990, exit_signal=0, stack=0x7f8965356000, stack_size=0x20300, tls=0x7f89653766c0} [pid 2093] <... clone3 resumed> => {parent_tid=[2119]}, 88) = 2119 [pid 2092] <... clone3 resumed> => {parent_tid=[2118]}, 88) = 2118 [pid 2093] rt_sigprocmask(SIG_SETMASK, [], [pid 2092] rt_sigprocmask(SIG_SETMASK, [], [pid 2093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2093] futex(0x7f89654836e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2092] futex(0x7f89654836e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 2093] <... futex resumed>) = 0 [pid 2092] <... futex resumed>) = 0 [pid 2093] futex(0x7f89654836ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2092] futex(0x7f89654836ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 2094] <... pwrite64 resumed>) = 176128 [pid 2094] futex(0x7f89654836cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 70.155139][ T2111] RBP: ffffc90005326b90 R08: dffffc0000000000 R09: ffffed1024234c2b [ 70.164726][ T2095] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 70.180828][ T2111] R10: ffffed1024234c2b R11: 1ffff11024234c2a R12: 0000000000000000 [ 70.180835][ T2111] R13: 00000000000000cb R14: 00000000fffffffe R15: 0000000000000054 [ 70.180845][ T2111] FS: 00007f89653976c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 70.180854][ T2111] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.180862][ T2111] CR2: 00007f4731a16000 CR3: 0000000113bfc000 CR4: 00000000003506a0 [ 70.180881][ T2111] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 70.214968][ T2112] kernel BUG at fs/ext4/extents.c:1014! [ 70.219017][ T2111] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.219022][ T2111] Call Trace: [ 70.219041][ T2111] ext4_ext_insert_extent+0x38c3/0x4530 [ 70.219056][ T2111] ? ext4_ext_next_allocated_block+0x2e0/0x2e0 [ 70.219065][ T2111] ? get_implied_cluster_alloc+0x526/0x940 [ 70.219076][ T2111] ext4_ext_map_blocks+0x148c/0x5d40 [ 70.219091][ T2111] ? _raw_write_trylock+0x140/0x140 [ 70.219103][ T2111] ? _raw_write_unlock+0x2b/0x60 [ 70.219115][ T2111] ? ext4_ext_release+0x10/0x10 [ 70.219126][ T2111] ? ext4_fc_track_template+0xb5/0x600 [ 70.219136][ T2111] ? ext4_fc_track_range+0x250/0x250 [ 70.219148][ T2111] ? ext4_es_lookup_extent+0x32d/0x8c0 [ 70.219168][ T2111] ext4_map_blocks+0x978/0x1bc0 [ 70.261611][ T2106] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 70.265830][ T2111] ? __kasan_slab_alloc+0xbd/0xf0 [ 70.265841][ T2111] ? slab_post_alloc_hook+0x5d/0x2f0 [ 70.265850][ T2111] ? kmem_cache_alloc+0x165/0x2e0 [ 70.265869][ T2111] ? ext4_issue_zeroout+0x1a0/0x1a0 [ 70.407762][ T2111] _ext4_get_block+0x1bb/0x4b0 [ 70.412519][ T2111] ? ext4_get_block+0x50/0x50 [ 70.417195][ T2111] ? slab_post_alloc_hook+0x7d/0x2f0 [ 70.422483][ T2111] ext4_get_block_unwritten+0x2a/0x40 [ 70.427961][ T2111] ext4_block_write_begin+0x567/0x1330 [ 70.433504][ T2111] ? alloc_page_buffers+0x3aa/0x4a0 [ 70.438706][ T2111] ? _ext4_get_block+0x4b0/0x4b0 [ 70.443630][ T2111] ? ext4_print_free_blocks+0x2c0/0x2c0 [ 70.449171][ T2111] ? __kasan_check_read+0x11/0x20 [ 70.454181][ T2111] ? ext4_inode_journal_mode+0x19a/0x480 [ 70.459969][ T2111] ext4_write_begin+0x651/0x1550 [ 70.464904][ T2111] ? ext4_readahead+0x110/0x110 [ 70.469737][ T2111] ? check_preempt_wakeup+0x3c0/0xb10 [ 70.475114][ T2111] ? domain_dirty_limits+0x28f/0x3c0 [ 70.480464][ T2111] ? ext4_get_group_desc+0x25f/0x2b0 [ 70.485826][ T2111] ? __kasan_check_read+0x11/0x20 [ 70.490843][ T2111] ? mark_buffer_dirty+0x1cc/0x330 [ 70.495933][ T2111] ? __ext4_handle_dirty_metadata+0x2eb/0x7f0 [ 70.501985][ T2111] ? __kasan_check_write+0x14/0x20 [ 70.507274][ T2111] ext4_da_write_begin+0x455/0xe80 [ 70.512364][ T2111] ? ext4_set_page_dirty+0x1a0/0x1a0 [ 70.517629][ T2111] ? down_read_killable+0xe0/0xe0 [ 70.522630][ T2111] ? __ext4_journal_stop+0x36/0x1a0 [ 70.527822][ T2111] ? ext4_write_end+0xa00/0xed0 [ 70.532680][ T2111] ? iov_iter_advance+0x1f7/0x750 [ 70.537694][ T2111] generic_perform_write+0x2be/0x510 [ 70.542975][ T2111] ? preempt_count_add+0x90/0x1b0 [ 70.548002][ T2111] ? grab_cache_page_write_begin+0xb0/0xb0 [ 70.553794][ T2111] ? down_write+0xac/0x110 [ 70.558190][ T2111] ? down_read_killable+0xe0/0xe0 [ 70.563279][ T2111] ? __switch_to+0x50f/0xfc0 [ 70.567949][ T2111] ? generic_write_checks+0x3d4/0x480 [ 70.573302][ T2111] ext4_buffered_write_iter+0x4b8/0x640 [ 70.578826][ T2111] ext4_file_write_iter+0x536/0x1980 [ 70.584088][ T2111] ? _raw_spin_unlock_irq+0x4e/0x70 [ 70.589265][ T2111] ? finish_task_switch+0x12e/0x5a0 [ 70.594450][ T2111] ? avc_policy_seqno+0x1b/0x70 [ 70.599284][ T2111] ? selinux_file_permission+0x2a5/0x510 [ 70.604892][ T2111] ? ext4_file_read_iter+0x530/0x530 [ 70.610156][ T2111] ? security_file_permission+0x83/0xa0 [ 70.615687][ T2111] ? iov_iter_init+0x3f/0x120 [ 70.620340][ T2111] vfs_write+0x725/0xd60 [ 70.624572][ T2111] ? kernel_write+0x3c0/0x3c0 [ 70.629223][ T2111] ? ptrace_stop+0x69f/0x9c0 [ 70.633787][ T2111] ? __fget_files+0x2c4/0x320 [ 70.638440][ T2111] ? __fdget+0x1a1/0x230 [ 70.642918][ T2111] ? __x64_sys_pwrite64+0xec/0x220 [ 70.648006][ T2111] __x64_sys_pwrite64+0x191/0x220 [ 70.653092][ T2111] ? ksys_pwrite64+0x1b0/0x1b0 [ 70.657843][ T2111] ? syscall_trace_enter+0x4b/0x170 [ 70.663019][ T2111] do_syscall_64+0x31/0x40 [ 70.667414][ T2111] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 70.673282][ T2111] RIP: 0033:0x7f89653fbe89 [ 70.677679][ T2111] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 70.697348][ T2111] RSP: 002b:00007f8965397218 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 70.705748][ T2111] RAX: ffffffffffffffda RBX: 00007f89654836d8 RCX: 00007f89653fbe89 [ 70.713698][ T2111] RDX: 00000000200000c1 RSI: 00002000000000c0 RDI: 0000000000000005 [ 70.721735][ T2111] RBP: 00007f89654836d0 R08: 00007ffcd67d32c7 R09: 0000000000000000 [ 70.729703][ T2111] R10: 0000000000009000 R11: 0000000000000246 R12: 00007f8965450614 [ 70.737651][ T2111] R13: 0031656c69662f2e R14: 00007ffcd67d31e0 R15: 00007ffcd67d32c8 [ 70.745603][ T2111] Modules linked in: [ 70.749535][ T2112] invalid opcode: 0000 [#2] PREEMPT SMP KASAN [ 70.749767][ T2111] ---[ end trace cb31e0b526fed05c ]--- [ 70.755698][ T2112] CPU: 0 PID: 2112 Comm: syz-executor361 Tainted: G D 5.10.238-syzkaller-00008-g59e9a7228857 #0 [ 70.755704][ T2112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 70.755717][ T2112] RIP: 0010:ext4_ext_insert_index+0x52d/0x530 [ 70.755733][ T2112] Code: 4c 89 fa e9 ca fd ff ff 44 89 f1 80 e1 07 fe c1 38 c1 0f 8c dd fd ff ff 4c 89 f7 e8 ad a2 d3 ff e9 d0 fd ff ff e8 83 b2 99 ff <0f> 0b 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 81 ec c0 00 00 [ 70.761178][ T2111] RIP: 0010:ext4_ext_insert_index+0x52d/0x530 [ 70.772858][ T2112] RSP: 0018:ffffc90005336b20 EFLAGS: 00010293 [ 70.772869][ T2112] RAX: ffffffff81c9e18d RBX: ffff888120689424 RCX: ffff888119d50000 [ 70.772876][ T2112] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 70.772883][ T2112] RBP: ffffc90005336b90 R08: dffffc0000000000 R09: ffffed102435b77b [ 70.772896][ T2112] R10: ffffed102435b77b R11: 1ffff1102435b77a R12: 0000000000000000 [ 70.782983][ T2111] Code: 4c 89 fa e9 ca fd ff ff 44 89 f1 80 e1 07 fe c1 38 c1 0f 8c dd fd ff ff 4c 89 f7 e8 ad a2 d3 ff e9 d0 fd ff ff e8 83 b2 99 ff <0f> 0b 90 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 81 ec c0 00 00 [ 70.789099][ T2112] R13: 00000000000000cb R14: 00000000fffffffe R15: 0000000000000054 [pid 2094] futex(0x7f89654836c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 2119 attached ./strace-static-x86_64: Process 2118 attached ./strace-static-x86_64: Process 2117 attached ./strace-static-x86_64: Process 2116 attached [pid 2119] set_robust_list(0x7f89653769a0, 24 [pid 2118] set_robust_list(0x7f89653769a0, 24 [pid 2117] set_robust_list(0x7f89653979a0, 24 [pid 2116] set_robust_list(0x7f89653979a0, 24 [pid 2119] <... set_robust_list resumed>) = 0 [pid 2118] <... set_robust_list resumed>) = 0 [pid 2117] <... set_robust_list resumed>) = 0 [pid 2116] <... set_robust_list resumed>) = 0 [pid 2119] rt_sigprocmask(SIG_SETMASK, [], [pid 2118] rt_sigprocmask(SIG_SETMASK, [], [pid 2117] rt_sigprocmask(SIG_SETMASK, [], [pid 2116] rt_sigprocmask(SIG_SETMASK, [], [pid 2119] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2117] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2116] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 2119] truncate("./file1", 1 [pid 2118] truncate("./file1", 1 [pid 2117] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2116] pwrite64(5, "\x61\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 536871105, 36864 [pid 2119] <... truncate resumed>) = 0 [pid 2117] <... pwrite64 resumed>) = 176128 [pid 2117] futex(0x7f89654836dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 2117] futex(0x7f89654836d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 2119] futex(0x7f89654836ec, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 70.789109][ T2112] FS: 00007f89653976c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 70.789123][ T2112] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.810914][ T2117] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3342: comm syz-executor361: Allocating blocks 497-513 which overlap fs metadata [ 70.814772][ T2112] CR2: 00007f8965376d58 CR3: 00000001153ad000 CR4: 00000000003506b0 [ 70.823085][ T2111] RSP: 0018:ffffc90005326b20 EFLAGS: 00010293 [ 70.828955][ T2112] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 70.828962][ T2112] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.828965][ T2112] Call Trace: [ 70.828981][ T2112] ext4_ext_insert_extent+0x38c3/0x4530 [ 70.828997][ T2112] ? ext4_ext_next_allocated_block+0x2e0/0x2e0 [ 70.837310][ T2111] [ 70.844941][ T2112] ? get_implied_cluster_alloc+0x526/0x940 [ 70.853027][ T2111] RAX: ffffffff81c9e18d RBX: ffff88810ee24424 RCX: ffff8881179acf00 [ 70.872664][ T2112] ext4_ext_map_blocks+0x148c/0x5d40 [ 70.872679][ T2112] ? _raw_write_trylock+0x140/0x140 [ 70.872690][ T2112] ? _raw_write_unlock+0x2b/0x60 [ 70.872705][ T2112] ? ext4_ext_release+0x10/0x10 [ 70.880967][ T2111] RDX: 0000000000000000 RSI: 00000000fffffffe RDI: 0000000000000000 [ 70.889671][ T2112] ? ext4_fc_track_template+0xb5/0x600 [ 70.889682][ T2112] ? ext4_fc_track_range+0x250/0x250 [ 70.889692][ T2112] ? ext4_es_lookup_extent+0x32d/0x8c0 [ 70.889708][ T2112] ext4_map_blocks+0x978/0x1bc0 [ 70.899796][ T2111] RBP: ffffc90005326b90 R08: dffffc0000000000 R09: ffffed1024234c2b [ 70.910494][ T2112] ? __kasan_slab_alloc+0xbd/0xf0 [ 70.910505][ T2112] ? slab_post_alloc_hook+0x5d/0x2f0 [ 70.910515][ T2112] ? kmem_cache_alloc+0x165/0x2e0 [ 70.910536][ T2112] ? ext4_issue_zeroout+0x1a0/0x1a0 [ 70.918850][ T2111] R10: ffffed1024234c2b R11: 1ffff11024234c2a R12: 0000000000000000 [ 70.924560][ T2112] _ext4_get_block+0x1bb/0x4b0 [ 70.932645][ T2111] R13: 00000000000000cb R14: 00000000fffffffe R15: 0000000000000054 [ 70.940580][ T2112] ? ext4_get_block+0x50/0x50 [ 70.940593][ T2112] ? slab_post_alloc_hook+0x7d/0x2f0 [ 70.940609][ T2112] ext4_get_block_unwritten+0x2a/0x40 [ 70.944096][ T2111] FS: 00007f89653976c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 70.949857][ T2112] ext4_block_write_begin+0x567/0x1330 [ 70.949869][ T2112] ? alloc_page_buffers+0x3aa/0x4a0 [ 70.949885][ T2112] ? _ext4_get_block+0x4b0/0x4b0 [ 70.956195][ T2111] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.958356][ T2112] ? ext4_print_free_blocks+0x2c0/0x2c0 [ 70.964146][ T2111] CR2: 0000200000002000 CR3: 0000000113bfc000 CR4: 00000000003506a0 [ 70.972101][ T2112] ? __kasan_check_read+0x11/0x20 [ 70.972112][ T2112] ? ext4_inode_journal_mode+0x19a/0x480 [ 70.972122][ T2112] ext4_write_begin+0x651/0x1550 [ 70.972136][ T2112] ? ext4_readahead+0x110/0x110 [ 70.972152][ T2112] ? domain_dirty_limits+0x28f/0x3c0 [ 70.977742][ T2111] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 70.982605][ T2112] ? ext4_get_group_desc+0x25f/0x2b0 [ 70.987637][ T2111] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.992354][ T2112] ? __kasan_check_read+0x11/0x20 [ 71.000434][ T2111] Kernel panic - not syncing: Fatal exception [ 71.005756][ T2112] ? mark_buffer_dirty+0x1cc/0x330 [ 71.194072][ T2112] ? __ext4_handle_dirty_metadata+0x2eb/0x7f0 [ 71.200134][ T2112] ? __kasan_check_write+0x14/0x20 [ 71.205326][ T2112] ext4_da_write_begin+0x455/0xe80 [ 71.210438][ T2112] ? ext4_set_page_dirty+0x1a0/0x1a0 [ 71.215721][ T2112] ? down_read_killable+0xe0/0xe0 [ 71.220738][ T2112] ? __ext4_journal_stop+0x36/0x1a0 [ 71.225938][ T2112] ? ext4_write_end+0xa00/0xed0 [ 71.230798][ T2112] ? iov_iter_advance+0x1f7/0x750 [ 71.235816][ T2112] generic_perform_write+0x2be/0x510 [ 71.241109][ T2112] ? grab_cache_page_write_begin+0xb0/0xb0 [ 71.246906][ T2112] ? down_write+0xac/0x110 [ 71.251326][ T2112] ? down_read_killable+0xe0/0xe0 [ 71.256341][ T2112] ? __switch_to+0x50f/0xfc0 [ 71.260927][ T2112] ? generic_write_checks+0x3d4/0x480 [ 71.266295][ T2112] ext4_buffered_write_iter+0x4b8/0x640 [ 71.271833][ T2112] ext4_file_write_iter+0x536/0x1980 [ 71.277110][ T2112] ? _raw_spin_unlock_irq+0x4e/0x70 [ 71.282300][ T2112] ? finish_task_switch+0x12e/0x5a0 [ 71.287576][ T2112] ? avc_policy_seqno+0x1b/0x70 [ 71.292503][ T2112] ? selinux_file_permission+0x2a5/0x510 [ 71.298128][ T2112] ? ext4_file_read_iter+0x530/0x530 [ 71.303406][ T2112] ? security_file_permission+0x83/0xa0 [ 71.308946][ T2112] ? iov_iter_init+0x3f/0x120 [ 71.313614][ T2112] vfs_write+0x725/0xd60 [ 71.317849][ T2112] ? kernel_write+0x3c0/0x3c0 [ 71.322517][ T2112] ? ptrace_stop+0x69f/0x9c0 [ 71.327096][ T2112] ? __fget_files+0x2c4/0x320 [ 71.331945][ T2112] ? __fdget+0x1a1/0x230 [ 71.336178][ T2112] ? __x64_sys_pwrite64+0xec/0x220 [ 71.341286][ T2112] __x64_sys_pwrite64+0x191/0x220 [ 71.346397][ T2112] ? ksys_pwrite64+0x1b0/0x1b0 [ 71.351155][ T2112] ? syscall_trace_enter+0x4b/0x170 [ 71.356347][ T2112] do_syscall_64+0x31/0x40 [ 71.360755][ T2112] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 71.366637][ T2112] RIP: 0033:0x7f89653fbe89 [ 71.371051][ T2112] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 71.390665][ T2112] RSP: 002b:00007f8965397218 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 71.399084][ T2112] RAX: ffffffffffffffda RBX: 00007f89654836d8 RCX: 00007f89653fbe89 [ 71.407046][ T2112] RDX: 00000000200000c1 RSI: 00002000000000c0 RDI: 0000000000000005 [ 71.415010][ T2112] RBP: 00007f89654836d0 R08: 00007ffcd67d32c7 R09: 0000000000000000 [ 71.422972][ T2112] R10: 0000000000009000 R11: 0000000000000246 R12: 00007f8965450614 [ 71.430936][ T2112] R13: 0031656c69662f2e R14: 00007ffcd67d31e0 R15: 00007ffcd67d32c8 [ 71.438901][ T2112] Modules linked in: [ 71.443115][ T2111] Kernel Offset: disabled [ 71.447449][ T2111] Rebooting in 86400 seconds..