./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3233059136 <...> Warning: Permanently added '10.128.0.156' (ECDSA) to the list of known hosts. execve("./syz-executor3233059136", ["./syz-executor3233059136"], 0x7ffd0f197ae0 /* 10 vars */) = 0 brk(NULL) = 0x5555563d9000 brk(0x5555563d9c40) = 0x5555563d9c40 arch_prctl(ARCH_SET_FS, 0x5555563d9300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555563d95d0) = 4996 set_robust_list(0x5555563d95e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f0b39c87530, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f0b39c87c00}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f0b39c875d0, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f0b39c87c00}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3233059136", 4096) = 28 brk(0x5555563fac40) = 0x5555563fac40 brk(0x5555563fb000) = 0x5555563fb000 mprotect(0x7f0b39d4a000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563d95d0) = 4997 ./strace-static-x86_64: Process 4997 attached [pid 4996] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4997] set_robust_list(0x5555563d95e0, 24./strace-static-x86_64: Process 4998 attached [pid 4996] <... clone resumed>, child_tidptr=0x5555563d95d0) = 4998 [pid 4997] <... set_robust_list resumed>) = 0 [pid 4996] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4997] getpid() = 4997 [pid 4997] mkdir("./syzkaller.SxEkc1", 0700 [pid 4996] <... clone resumed>, child_tidptr=0x5555563d95d0) = 4999 [pid 4998] set_robust_list(0x5555563d95e0, 24 [pid 4996] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4998] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 4999 attached [pid 4996] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5000 [pid 4998] getpid(./strace-static-x86_64: Process 5000 attached [pid 4996] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4999] set_robust_list(0x5555563d95e0, 24 [pid 4998] <... getpid resumed>) = 4998 [pid 4996] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5001 [pid 4998] mkdir("./syzkaller.iMJHw8", 0700 [pid 4999] <... set_robust_list resumed>) = 0 [pid 4996] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4999] getpid(./strace-static-x86_64: Process 5002 attached ./strace-static-x86_64: Process 5001 attached [pid 5000] set_robust_list(0x5555563d95e0, 24 [pid 4999] <... getpid resumed>) = 4999 [pid 4997] <... mkdir resumed>) = 0 [pid 4996] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5002 [pid 4999] mkdir("./syzkaller.kicUbe", 0700 [pid 4998] <... mkdir resumed>) = 0 [pid 5002] set_robust_list(0x5555563d95e0, 24 [pid 5001] set_robust_list(0x5555563d95e0, 24 [pid 5000] <... set_robust_list resumed>) = 0 [pid 4998] chmod("./syzkaller.iMJHw8", 0777 [pid 4997] chmod("./syzkaller.SxEkc1", 0777 [pid 5002] <... set_robust_list resumed>) = 0 [pid 5001] <... set_robust_list resumed>) = 0 [pid 5000] getpid( [pid 4999] <... mkdir resumed>) = 0 [pid 4998] <... chmod resumed>) = 0 [pid 4999] chmod("./syzkaller.kicUbe", 0777 [pid 4998] chdir("./syzkaller.iMJHw8" [pid 5000] <... getpid resumed>) = 5000 [pid 4999] <... chmod resumed>) = 0 [pid 4998] <... chdir resumed>) = 0 [pid 5000] mkdir("./syzkaller.wEQC0i", 0700 [pid 4999] chdir("./syzkaller.kicUbe" [pid 4998] mkdir("./0", 0777 [pid 5001] getpid( [pid 4999] <... chdir resumed>) = 0 [pid 5000] <... mkdir resumed>) = 0 [pid 4999] mkdir("./0", 0777 [pid 4998] <... mkdir resumed>) = 0 [pid 5001] <... getpid resumed>) = 5001 [pid 5000] chmod("./syzkaller.wEQC0i", 0777) = 0 [pid 4999] <... mkdir resumed>) = 0 [pid 4998] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5001] mkdir("./syzkaller.YPcgfn", 0700 [pid 4999] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5000] chdir("./syzkaller.wEQC0i" [pid 4998] <... openat resumed>) = 3 [pid 5000] <... chdir resumed>) = 0 [pid 5000] mkdir("./0", 0777) = 0 [pid 4998] ioctl(3, LOOP_CLR_FD [pid 4999] <... openat resumed>) = 3 [pid 4997] <... chmod resumed>) = 0 [pid 4998] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 4997] chdir("./syzkaller.SxEkc1") = 0 [pid 5001] <... mkdir resumed>) = 0 [pid 4999] ioctl(3, LOOP_CLR_FD [pid 4998] close(3 [pid 4997] mkdir("./0", 0777 [pid 5002] getpid( [pid 5001] chmod("./syzkaller.YPcgfn", 0777 [pid 4999] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5000] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 4997] <... mkdir resumed>) = 0 [pid 5000] <... openat resumed>) = 3 [pid 5000] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4997] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5000] close(3 [pid 4997] <... openat resumed>) = 3 [pid 5000] <... close resumed>) = 0 [pid 5000] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4999] close(3 [pid 4998] <... close resumed>) = 0 [pid 4997] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4997] close(3) = 0 [pid 4997] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5000] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5003 [pid 4997] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5004 ./strace-static-x86_64: Process 5003 attached [pid 5003] set_robust_list(0x5555563d95e0, 24) = 0 [pid 4998] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4999] <... close resumed>) = 0 [pid 5003] chdir("./0" [pid 5001] <... chmod resumed>) = 0 ./strace-static-x86_64: Process 5004 attached [pid 4999] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5002] <... getpid resumed>) = 5002 [pid 5001] chdir("./syzkaller.YPcgfn" [pid 4998] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5005 [pid 5004] set_robust_list(0x5555563d95e0, 24 [pid 5003] <... chdir resumed>) = 0 [pid 5004] <... set_robust_list resumed>) = 0 [pid 5003] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5001] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 5005 attached [pid 5004] chdir("./0" [pid 5003] <... prctl resumed>) = 0 [pid 5002] mkdir("./syzkaller.Vob5rp", 0700 [pid 5001] mkdir("./0", 0777 [pid 4999] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5006 [pid 5005] set_robust_list(0x5555563d95e0, 24 [pid 5004] <... chdir resumed>) = 0 [pid 5003] setpgid(0, 0 [pid 5004] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5003] <... setpgid resumed>) = 0 [pid 5004] <... prctl resumed>) = 0 [pid 5003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5002] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5006 attached [pid 5005] <... set_robust_list resumed>) = 0 [pid 5004] setpgid(0, 0 [pid 5003] <... openat resumed>) = 3 [pid 5002] chmod("./syzkaller.Vob5rp", 0777 [pid 5001] <... mkdir resumed>) = 0 [pid 5006] set_robust_list(0x5555563d95e0, 24 [pid 5005] chdir("./0" [pid 5004] <... setpgid resumed>) = 0 [pid 5003] write(3, "1000", 4 [pid 5002] <... chmod resumed>) = 0 [pid 5001] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5006] <... set_robust_list resumed>) = 0 [pid 5005] <... chdir resumed>) = 0 [pid 5004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5003] <... write resumed>) = 4 [pid 5002] chdir("./syzkaller.Vob5rp" [pid 5006] chdir("./0" [pid 5005] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5004] <... openat resumed>) = 3 [pid 5003] close(3 [pid 5002] <... chdir resumed>) = 0 [pid 5001] <... openat resumed>) = 3 [pid 5006] <... chdir resumed>) = 0 [pid 5005] <... prctl resumed>) = 0 [pid 5004] write(3, "1000", 4 [pid 5003] <... close resumed>) = 0 [pid 5002] mkdir("./0", 0777 [pid 5001] ioctl(3, LOOP_CLR_FD [pid 5006] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5005] setpgid(0, 0 [pid 5004] <... write resumed>) = 4 [pid 5003] symlink("/dev/binderfs", "./binderfs" [pid 5006] <... prctl resumed>) = 0 [pid 5004] close(3 [pid 5003] <... symlink resumed>) = 0 [pid 5002] <... mkdir resumed>) = 0 [pid 5006] setpgid(0, 0 [pid 5004] <... close resumed>) = 0 [pid 5003] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] <... setpgid resumed>) = 0 [pid 5005] <... setpgid resumed>) = 0 [pid 5004] symlink("/dev/binderfs", "./binderfs" [pid 5003] <... futex resumed>) = 0 [pid 5002] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5001] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5004] <... symlink resumed>) = 0 [pid 5003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5002] <... openat resumed>) = 3 [pid 5006] <... openat resumed>) = 3 [pid 5005] <... openat resumed>) = 3 [pid 5004] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5003] <... mmap resumed>) = 0x7f0b39c56000 [pid 5002] ioctl(3, LOOP_CLR_FD [pid 5001] close(3 [pid 5006] write(3, "1000", 4 [pid 5005] write(3, "1000", 4 [pid 5004] <... futex resumed>) = 0 [pid 5003] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5002] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5001] <... close resumed>) = 0 [pid 5006] <... write resumed>) = 4 [pid 5005] <... write resumed>) = 4 [pid 5004] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5003] <... mprotect resumed>) = 0 [pid 5002] close(3 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5006] close(3 [pid 5005] close(3 [pid 5004] <... mmap resumed>) = 0x7f0b39c56000 [pid 5003] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5002] <... close resumed>) = 0 [pid 5006] <... close resumed>) = 0 [pid 5005] <... close resumed>) = 0 [pid 5004] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5002] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5006] symlink("/dev/binderfs", "./binderfs" [pid 5005] symlink("/dev/binderfs", "./binderfs" [pid 5004] <... mprotect resumed>) = 0 [pid 5003] <... clone resumed>, parent_tid=[5008], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5008 [pid 5006] <... symlink resumed>) = 0 [pid 5004] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5003] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5001] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5009 ./strace-static-x86_64: Process 5009 attached [pid 5006] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5005] <... symlink resumed>) = 0 [pid 5003] <... futex resumed>) = 0 [pid 5002] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5010 [pid 5009] set_robust_list(0x5555563d95e0, 24 [pid 5006] <... futex resumed>) = 0 [pid 5005] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5004] <... clone resumed>, parent_tid=[5011], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5011 [pid 5003] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5008 attached [pid 5009] <... set_robust_list resumed>) = 0 [pid 5006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5005] <... futex resumed>) = 0 [pid 5004] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5011 attached ./strace-static-x86_64: Process 5010 attached [pid 5009] chdir("./0" [pid 5008] set_robust_list(0x7f0b39c769e0, 24 [pid 5006] <... mmap resumed>) = 0x7f0b39c56000 [pid 5005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5004] <... futex resumed>) = 0 [pid 5011] set_robust_list(0x7f0b39c769e0, 24 [pid 5009] <... chdir resumed>) = 0 [pid 5008] <... set_robust_list resumed>) = 0 [pid 5006] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5005] <... mmap resumed>) = 0x7f0b39c56000 [pid 5004] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5011] <... set_robust_list resumed>) = 0 [pid 5010] set_robust_list(0x5555563d95e0, 24 [pid 5009] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5008] memfd_create("syzkaller", 0 [pid 5006] <... mprotect resumed>) = 0 [pid 5005] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5011] memfd_create("syzkaller", 0 [pid 5010] <... set_robust_list resumed>) = 0 [pid 5009] <... prctl resumed>) = 0 [pid 5006] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5005] <... mprotect resumed>) = 0 [pid 5011] <... memfd_create resumed>) = 3 [pid 5010] chdir("./0" [pid 5009] setpgid(0, 0 [pid 5011] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5010] <... chdir resumed>) = 0 [pid 5009] <... setpgid resumed>) = 0 [pid 5006] <... clone resumed>, parent_tid=[5012], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5012 [pid 5005] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5011] <... mmap resumed>) = 0x7f0b31856000 [pid 5010] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5006] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5013 attached [pid 5010] <... prctl resumed>) = 0 [pid 5009] <... openat resumed>) = 3 [pid 5006] <... futex resumed>) = 0 [pid 5005] <... clone resumed>, parent_tid=[5013], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5013 ./strace-static-x86_64: Process 5012 attached [pid 5013] set_robust_list(0x7f0b39c769e0, 24 [pid 5010] setpgid(0, 0 [pid 5009] write(3, "1000", 4 [pid 5006] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5005] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5013] <... set_robust_list resumed>) = 0 [pid 5012] set_robust_list(0x7f0b39c769e0, 24 [pid 5010] <... setpgid resumed>) = 0 [pid 5009] <... write resumed>) = 4 [pid 5005] <... futex resumed>) = 0 [pid 5013] memfd_create("syzkaller", 0 [pid 5012] <... set_robust_list resumed>) = 0 [pid 5010] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5009] close(3 [pid 5005] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5013] <... memfd_create resumed>) = 3 [pid 5012] memfd_create("syzkaller", 0 [pid 5010] <... openat resumed>) = 3 [pid 5009] <... close resumed>) = 0 [pid 5013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5012] <... memfd_create resumed>) = 3 [pid 5010] write(3, "1000", 4 [pid 5009] symlink("/dev/binderfs", "./binderfs" [pid 5013] <... mmap resumed>) = 0x7f0b31856000 [pid 5012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5010] <... write resumed>) = 4 [pid 5009] <... symlink resumed>) = 0 [pid 5012] <... mmap resumed>) = 0x7f0b31856000 [pid 5009] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... memfd_create resumed>) = 3 [pid 5010] close(3 [pid 5009] <... futex resumed>) = 0 syzkaller login: [ 71.407692][ T5008] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5008 'syz-executor323' [pid 5008] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5010] <... close resumed>) = 0 [pid 5009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5008] <... mmap resumed>) = 0x7f0b31856000 [pid 5010] symlink("/dev/binderfs", "./binderfs" [pid 5009] <... mmap resumed>) = 0x7f0b39c56000 [pid 5009] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5010] <... symlink resumed>) = 0 [pid 5009] <... mprotect resumed>) = 0 [pid 5010] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5010] <... futex resumed>) = 0 [pid 5010] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5009] <... clone resumed>, parent_tid=[5014], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5014 [pid 5010] <... mmap resumed>) = 0x7f0b39c56000 [pid 5009] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5009] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5014 attached [pid 5010] <... mprotect resumed>) = 0 [pid 5009] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5014] set_robust_list(0x7f0b39c769e0, 24 [pid 5010] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5014] <... set_robust_list resumed>) = 0 [pid 5014] memfd_create("syzkaller", 0 [pid 5010] <... clone resumed>, parent_tid=[5015], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5015 [pid 5014] <... memfd_create resumed>) = 3 [pid 5011] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5010] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5015 attached [pid 5014] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5013] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5010] <... futex resumed>) = 0 [pid 5015] set_robust_list(0x7f0b39c769e0, 24 [pid 5014] <... mmap resumed>) = 0x7f0b31856000 [pid 5008] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5015] <... set_robust_list resumed>) = 0 [pid 5010] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5015] memfd_create("syzkaller", 0) = 3 [pid 5015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b31856000 [pid 5012] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5014] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5011] <... write resumed>) = 2097152 [pid 5013] <... write resumed>) = 2097152 [pid 5013] munmap(0x7f0b31856000, 2097152) = 0 [pid 5013] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5011] munmap(0x7f0b31856000, 2097152 [pid 5013] <... openat resumed>) = 4 [pid 5013] ioctl(4, LOOP_SET_FD, 3 [pid 5011] <... munmap resumed>) = 0 [pid 5012] <... write resumed>) = 2097152 [pid 5008] <... write resumed>) = 2097152 [pid 5011] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5011] ioctl(4, LOOP_SET_FD, 3 [pid 5012] munmap(0x7f0b31856000, 2097152) = 0 [pid 5013] <... ioctl resumed>) = 0 [pid 5013] close(3 [pid 5012] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5013] <... close resumed>) = 0 [pid 5012] <... openat resumed>) = 4 [pid 5008] munmap(0x7f0b31856000, 2097152 [pid 5013] mkdir("./file1", 0777 [pid 5012] ioctl(4, LOOP_SET_FD, 3 [pid 5008] <... munmap resumed>) = 0 [pid 5015] <... write resumed>) = 2097152 [pid 5013] <... mkdir resumed>) = 0 [pid 5015] munmap(0x7f0b31856000, 2097152 [pid 5014] <... write resumed>) = 2097152 [pid 5013] mount("/dev/loop1", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5012] <... ioctl resumed>) = 0 [pid 5011] <... ioctl resumed>) = 0 [pid 5008] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5014] munmap(0x7f0b31856000, 2097152 [pid 5015] <... munmap resumed>) = 0 [pid 5014] <... munmap resumed>) = 0 [pid 5011] close(3 [pid 5014] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5012] close(3 [pid 5011] <... close resumed>) = 0 [pid 5014] <... openat resumed>) = 4 [ 71.605174][ T5013] loop1: detected capacity change from 0 to 4096 [ 71.620598][ T5011] loop0: detected capacity change from 0 to 4096 [ 71.638546][ T5012] loop2: detected capacity change from 0 to 4096 [pid 5012] <... close resumed>) = 0 [pid 5011] mkdir("./file1", 0777 [pid 5014] ioctl(4, LOOP_SET_FD, 3 [pid 5012] mkdir("./file1", 0777 [pid 5011] <... mkdir resumed>) = 0 [pid 5015] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5012] <... mkdir resumed>) = 0 [pid 5011] mount("/dev/loop0", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5008] <... openat resumed>) = 4 [pid 5012] mount("/dev/loop2", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5015] <... openat resumed>) = 4 [pid 5008] ioctl(4, LOOP_SET_FD, 3 [pid 5014] <... ioctl resumed>) = 0 [ 71.649690][ T5013] ======================================================= [ 71.649690][ T5013] WARNING: The mand mount option has been deprecated and [ 71.649690][ T5013] and is ignored by this kernel. Remove the mand [ 71.649690][ T5013] option from the mount to silence this warning. [ 71.649690][ T5013] ======================================================= [ 71.658869][ T5014] loop4: detected capacity change from 0 to 4096 [ 71.692218][ T5013] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [pid 5014] close(3) = 0 [pid 5015] ioctl(4, LOOP_SET_FD, 3 [pid 5014] mkdir("./file1", 0777 [pid 5015] <... ioctl resumed>) = 0 [pid 5008] <... ioctl resumed>) = 0 [pid 5015] close(3 [pid 5014] <... mkdir resumed>) = 0 [pid 5008] close(3 [pid 5015] <... close resumed>) = 0 [pid 5008] <... close resumed>) = 0 [pid 5015] mkdir("./file1", 0777 [pid 5014] mount("/dev/loop4", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5008] mkdir("./file1", 0777 [pid 5015] <... mkdir resumed>) = 0 [pid 5015] mount("/dev/loop5", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5008] <... mkdir resumed>) = 0 [ 71.704594][ T5008] loop3: detected capacity change from 0 to 4096 [ 71.712991][ T5011] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 71.713722][ T5015] loop5: detected capacity change from 0 to 4096 [ 71.723011][ T5012] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 71.742216][ T5013] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 4096) [ 71.758413][ T5014] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 71.772679][ T5015] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 71.773458][ T5008] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 71.792783][ T5011] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 4096) [pid 5008] mount("/dev/loop3", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5013] <... mount resumed>) = 0 [pid 5013] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5013] chdir("./file1") = 0 [pid 5013] ioctl(4, LOOP_CLR_FD) = 0 [pid 5013] close(4) = 0 [pid 5013] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 71.803292][ T5012] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 4096) [ 71.817890][ T5015] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 4096) [ 71.830193][ T5018] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 71.845853][ T5019] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5013] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5011] <... mount resumed>) = 0 [pid 5005] <... futex resumed>) = 0 [pid 5011] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5005] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... mount resumed>) = 0 [pid 5013] <... futex resumed>) = 0 [pid 5012] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5011] <... openat resumed>) = 3 [pid 5005] <... futex resumed>) = 1 [ 71.860889][ T5014] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 4096) [ 71.872382][ T5020] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 71.894087][ T5008] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 4096) [pid 5013] creat("./bus", 026 [pid 5012] <... openat resumed>) = 3 [pid 5011] chdir("./file1" [pid 5005] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5015] <... mount resumed>) = 0 [pid 5013] <... creat resumed>) = 4 [pid 5012] chdir("./file1" [pid 5011] <... chdir resumed>) = 0 [pid 5015] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5013] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] <... chdir resumed>) = 0 [pid 5011] ioctl(4, LOOP_CLR_FD [pid 5015] <... openat resumed>) = 3 [pid 5013] <... futex resumed>) = 1 [pid 5012] ioctl(4, LOOP_CLR_FD [pid 5011] <... ioctl resumed>) = 0 [pid 5005] <... futex resumed>) = 0 [pid 5015] chdir("./file1" [pid 5013] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5012] <... ioctl resumed>) = 0 [pid 5011] close(4 [pid 5005] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] <... chdir resumed>) = 0 [pid 5014] <... mount resumed>) = 0 [pid 5013] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5012] close(4 [pid 5011] <... close resumed>) = 0 [pid 5005] <... futex resumed>) = 0 [pid 5015] ioctl(4, LOOP_CLR_FD [pid 5014] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [ 71.903647][ T5021] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 71.930454][ T5022] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5013] rename("./bus", "./file1" [pid 5012] <... close resumed>) = 0 [pid 5011] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5005] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5015] <... ioctl resumed>) = 0 [pid 5014] <... openat resumed>) = 3 [pid 5012] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] <... futex resumed>) = 1 [pid 5004] <... futex resumed>) = 0 [pid 5015] close(4 [pid 5014] chdir("./file1" [pid 5012] <... futex resumed>) = 1 [pid 5011] creat("./bus", 026 [pid 5006] <... futex resumed>) = 0 [pid 5004] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] <... close resumed>) = 0 [pid 5014] <... chdir resumed>) = 0 [pid 5012] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5006] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5004] <... futex resumed>) = 0 [pid 5015] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5014] ioctl(4, LOOP_CLR_FD [pid 5012] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5011] <... creat resumed>) = 4 [pid 5006] <... futex resumed>) = 0 [pid 5004] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5015] <... futex resumed>) = 1 [pid 5014] <... ioctl resumed>) = 0 [pid 5012] creat("./bus", 026 [pid 5011] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] <... futex resumed>) = 0 [pid 5006] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5004] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5015] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5014] close(4 [pid 5011] <... futex resumed>) = 0 [pid 5010] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5004] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5014] <... close resumed>) = 0 [pid 5011] rename("./bus", "./file1" [pid 5010] <... futex resumed>) = 0 [pid 5004] <... futex resumed>) = 0 [pid 5012] <... creat resumed>) = 4 [ 71.956551][ T5013] NILFS (loop1): DAT doesn't have a block to manage vblocknr = 38040525340672 [pid 5015] creat("./bus", 026 [pid 5014] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5004] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5014] <... futex resumed>) = 1 [pid 5009] <... futex resumed>) = 0 [pid 5014] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5009] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5014] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5009] <... futex resumed>) = 0 [pid 5014] creat("./bus", 026 [pid 5009] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5014] <... creat resumed>) = 4 [pid 5012] <... futex resumed>) = 1 [pid 5006] <... futex resumed>) = 0 [pid 5014] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5012] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5006] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] <... creat resumed>) = 4 [pid 5014] <... futex resumed>) = 1 [pid 5012] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5009] <... futex resumed>) = 0 [pid 5008] <... mount resumed>) = 0 [pid 5006] <... futex resumed>) = 0 [pid 5015] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5014] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5012] rename("./bus", "./file1" [pid 5009] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5015] <... futex resumed>) = 1 [pid 5014] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5010] <... futex resumed>) = 0 [pid 5009] <... futex resumed>) = 0 [pid 5008] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5005] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 71.989117][ T5013] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=15) [ 72.000576][ T5011] NILFS (loop0): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 72.015598][ T5023] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 72.028728][ T5012] NILFS (loop2): DAT doesn't have a block to manage vblocknr = 38040525340672 [pid 5015] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5014] rename("./bus", "./file1" [pid 5010] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5008] <... openat resumed>) = 3 [pid 5005] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5015] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5010] <... futex resumed>) = 0 [pid 5008] chdir("./file1" [pid 5005] <... futex resumed>) = 0 [pid 5004] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5015] rename("./bus", "./file1" [pid 5010] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5008] <... chdir resumed>) = 0 [pid 5006] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 72.043649][ T5011] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=15) [ 72.044871][ T5014] NILFS (loop4): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 72.062186][ T5011] Remounting filesystem read-only [ 72.067287][ T5011] NILFS (loop0): error -5 truncating bmap (ino=15) [ 72.080162][ T5015] NILFS (loop5): DAT doesn't have a block to manage vblocknr = 38040525340672 [pid 5005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5004] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] ioctl(4, LOOP_CLR_FD [pid 5006] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5005] <... mmap resumed>) = 0x7f0b31a35000 [pid 5004] <... futex resumed>) = 0 [pid 5008] <... ioctl resumed>) = 0 [pid 5006] <... futex resumed>) = 0 [pid 5005] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5004] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5009] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5008] close(4 [pid 5006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5005] <... mprotect resumed>) = 0 [pid 5004] <... mmap resumed>) = 0x7f0b31a35000 [pid 5010] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5009] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... close resumed>) = 0 [pid 5006] <... mmap resumed>) = 0x7f0b31a35000 [pid 5005] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5004] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5010] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] <... futex resumed>) = 0 [pid 5008] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5004] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 5024 attached [pid 5010] <... futex resumed>) = 0 [pid 5009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5008] <... futex resumed>) = 1 [pid 5006] <... mprotect resumed>) = 0 [pid 5005] <... clone resumed>, parent_tid=[5024], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5024 [pid 5004] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5003] <... futex resumed>) = 0 [pid 5010] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5009] <... mmap resumed>) = 0x7f0b31a35000 [pid 5008] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5006] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5005] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5003] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5010] <... mmap resumed>) = 0x7f0b31a35000 [pid 5009] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5008] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5005] <... futex resumed>) = 0 [pid 5024] set_robust_list(0x7f0b31a559e0, 24 [pid 5004] <... clone resumed>, parent_tid=[5025], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5025 [pid 5003] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5025 attached [pid 5024] <... set_robust_list resumed>) = 0 [pid 5010] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5009] <... mprotect resumed>) = 0 [pid 5008] creat("./bus", 026 [pid 5006] <... clone resumed>, parent_tid=[5026], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5026 [pid 5005] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5004] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5003] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5011] <... rename resumed>) = 0 ./strace-static-x86_64: Process 5026 attached [pid 5025] set_robust_list(0x7f0b31a559e0, 24 [pid 5024] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5010] <... mprotect resumed>) = 0 [pid 5009] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5006] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5004] <... futex resumed>) = 0 [pid 5026] set_robust_list(0x7f0b31a559e0, 24 [pid 5025] <... set_robust_list resumed>) = 0 [pid 5024] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5011] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [ 72.080246][ T5012] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=15) [ 72.089245][ T5015] NILFS error (device loop5): nilfs_bmap_truncate: broken bmap (inode number=15) [ 72.114009][ T5013] Remounting filesystem read-only [ 72.119378][ T5013] NILFS (loop1): error -5 truncating bmap (ino=15) [pid 5010] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5008] <... creat resumed>) = 4 [pid 5006] <... futex resumed>) = 0 [pid 5004] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5026] <... set_robust_list resumed>) = 0 [pid 5025] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5024] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] <... futex resumed>) = 0 [pid 5009] <... clone resumed>, parent_tid=[5027], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5027 [pid 5008] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5006] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5027 attached [pid 5026] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5025] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5010] <... clone resumed>, parent_tid=[5028], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5028 [pid 5009] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5008] <... futex resumed>) = 1 [pid 5003] <... futex resumed>) = 0 [pid 5027] set_robust_list(0x7f0b31a559e0, 24 [pid 5026] <... open resumed>) = 5 [pid 5025] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5024] <... futex resumed>) = 1 [pid 5010] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5009] <... futex resumed>) = 0 [pid 5008] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5003] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5027] <... set_robust_list resumed>) = 0 [pid 5026] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] <... futex resumed>) = 1 [pid 5010] <... futex resumed>) = 0 [pid 5009] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5008] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5004] <... futex resumed>) = 0 [pid 5003] <... futex resumed>) = 0 [pid 5027] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5026] <... futex resumed>) = 1 [pid 5025] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5024] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5013] <... rename resumed>) = 0 [pid 5011] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5010] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5008] rename("./bus", "./file1" [pid 5006] <... futex resumed>) = 0 [pid 5005] <... futex resumed>) = 0 [ 72.155435][ T5014] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=15) [ 72.165452][ T27] audit: type=1804 audit(1683463061.423:2): pid=5026 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor323" name="/root/syzkaller.kicUbe/0/file1/file1" dev="loop2" ino=18 res=1 errno=0 [ 72.172399][ T5015] Remounting filesystem read-only [pid 5004] exit_group(0 [pid 5003] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5028 attached [pid 5027] <... open resumed>) = 5 [pid 5026] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5025] <... futex resumed>) = ? [pid 5013] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5011] <... futex resumed>) = ? [pid 5005] exit_group(0 [pid 5004] <... exit_group resumed>) = ? [pid 5028] set_robust_list(0x7f0b31a559e0, 24 [pid 5027] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5025] +++ exited with 0 +++ [pid 5024] <... futex resumed>) = ? [pid 5013] <... futex resumed>) = ? [pid 5011] +++ exited with 0 +++ [pid 5010] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5009] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5005] <... exit_group resumed>) = ? [pid 5004] +++ exited with 0 +++ [pid 5028] <... set_robust_list resumed>) = 0 [pid 5027] <... futex resumed>) = 0 [pid 5024] +++ exited with 0 +++ [pid 5013] +++ exited with 0 +++ [pid 5003] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5028] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [ 72.198818][ T5008] NILFS (loop3): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 72.211778][ T27] audit: type=1804 audit(1683463061.453:3): pid=5027 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor323" name="/root/syzkaller.YPcgfn/0/file1/file1" dev="loop4" ino=18 res=1 errno=0 [ 72.215292][ T5012] Remounting filesystem read-only [ 72.235136][ T5015] NILFS (loop5): error -5 truncating bmap (ino=15) [ 72.246782][ T5014] Remounting filesystem read-only [pid 5027] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5005] +++ exited with 0 +++ [pid 5003] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4997] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5004, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=8 /* 0.08 s */} --- [pid 5003] <... futex resumed>) = 0 [pid 4997] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5003] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4998] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5005, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5003] <... mmap resumed>) = 0x7f0b31a35000 [pid 4998] restart_syscall(<... resuming interrupted clone ...> [pid 4997] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5028] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5003] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 4998] <... restart_syscall resumed>) = 0 [pid 4997] <... openat resumed>) = 3 [pid 5003] <... mprotect resumed>) = 0 [pid 4997] fstat(3, [pid 5003] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4997] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4998] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4997] getdents64(3, [pid 5003] <... clone resumed>, parent_tid=[5029], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5029 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5028] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5003] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4997] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5029 attached [pid 5028] <... futex resumed>) = 0 [pid 5015] <... rename resumed>) = 0 [pid 5014] <... rename resumed>) = 0 [pid 5012] <... rename resumed>) = 0 [pid 5003] <... futex resumed>) = 0 [pid 5029] set_robust_list(0x7f0b31a559e0, 24 [pid 5028] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5015] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5014] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] <... set_robust_list resumed>) = 0 [pid 5015] <... futex resumed>) = 0 [pid 5014] <... futex resumed>) = 0 [pid 5012] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5029] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5015] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5014] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5012] <... futex resumed>) = 0 [pid 5010] exit_group(0 [pid 5009] exit_group(0 [pid 5006] exit_group(0 [pid 5003] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4998] <... openat resumed>) = 3 [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5027] <... futex resumed>) = ? [pid 5026] <... futex resumed>) = ? [pid 5010] <... exit_group resumed>) = ? [pid 5009] <... exit_group resumed>) = ? [pid 5006] <... exit_group resumed>) = ? [pid 4998] fstat(3, [pid 4997] lstat("./0/binderfs", [pid 5027] +++ exited with 0 +++ [pid 5026] +++ exited with 0 +++ [pid 4998] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4998] getdents64(3, [pid 4997] unlink("./0/binderfs" [pid 4998] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 4997] <... unlink resumed>) = 0 [pid 4998] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4997] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4998] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 72.256257][ T5014] NILFS (loop4): error -5 truncating bmap (ino=15) [ 72.265231][ T5008] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=15) [ 72.278893][ T5012] NILFS (loop2): error -5 truncating bmap (ino=15) [ 72.279390][ T5008] Remounting filesystem read-only [pid 4998] unlink("./0/binderfs") = 0 [pid 4998] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5029] <... open resumed>) = 5 [pid 5028] <... futex resumed>) = ? [pid 5015] <... futex resumed>) = ? [pid 5014] <... futex resumed>) = ? [pid 5029] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5028] +++ exited with 0 +++ [pid 5015] +++ exited with 0 +++ [pid 5010] +++ exited with 0 +++ [pid 5008] <... rename resumed>) = 0 [pid 5008] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5008] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5012] +++ exited with 0 +++ [pid 5006] +++ exited with 0 +++ [pid 5029] <... futex resumed>) = 1 [pid 5014] +++ exited with 0 +++ [pid 5009] +++ exited with 0 +++ [pid 5003] <... futex resumed>) = 0 [pid 5002] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5010, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 4999] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5006, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- [pid 5029] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5003] exit_group(0 [pid 5029] <... futex resumed>) = ? [pid 5003] <... exit_group resumed>) = ? [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5009, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5002] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4999] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4999] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5002] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5001] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4999] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5002] <... openat resumed>) = 3 [pid 5001] <... openat resumed>) = 3 [pid 4999] <... openat resumed>) = 3 [pid 5002] fstat(3, [pid 5001] fstat(3, [pid 4999] fstat(3, [pid 5002] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4999] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] getdents64(3, [pid 5001] getdents64(3, [pid 4999] getdents64(3, [pid 5002] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5001] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 4999] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5002] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4999] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4999] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5029] +++ exited with 0 +++ [pid 5002] lstat("./0/binderfs", [pid 5001] lstat("./0/binderfs", [pid 4999] lstat("./0/binderfs", [pid 5002] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4999] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5002] unlink("./0/binderfs" [pid 5001] unlink("./0/binderfs" [pid 4999] unlink("./0/binderfs" [pid 5008] <... futex resumed>) = ? [pid 5002] <... unlink resumed>) = 0 [pid 5001] <... unlink resumed>) = 0 [pid 4999] <... unlink resumed>) = 0 [pid 5008] +++ exited with 0 +++ [pid 5003] +++ exited with 0 +++ [pid 5002] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4999] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5000] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5003, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 5000] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 72.291816][ T27] audit: type=1804 audit(1683463061.553:4): pid=5029 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor323" name="/root/syzkaller.wEQC0i/0/file1/file1" dev="loop3" ino=18 res=1 errno=0 [ 72.309425][ T5008] NILFS (loop3): error -5 truncating bmap (ino=15) [ 72.333056][ T4998] NILFS (loop1): discard dirty page: offset=0, ino=6 [ 72.340871][ T4997] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 72.350361][ T4999] NILFS (loop2): discard dirty page: offset=0, ino=6 [ 72.357306][ T4999] NILFS (loop2): discard dirty block: blocknr=23, size=4096 [ 72.360013][ T4998] NILFS (loop1): discard dirty block: blocknr=23, size=4096 [ 72.372960][ T4997] NILFS (loop0): discard dirty block: blocknr=23, size=4096 [ 72.373851][ T5002] NILFS (loop5): discard dirty page: offset=0, ino=6 [ 72.383845][ T4997] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 72.389153][ T5001] NILFS (loop4): discard dirty page: offset=0, ino=6 [pid 5000] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5000] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5000] getdents64(3, 0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5000] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5000] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5000] unlink("./0/binderfs") = 0 [ 72.395070][ T4998] NILFS (loop1): discard dirty page: offset=4096, ino=6 [ 72.409379][ T5000] NILFS (loop3): discard dirty page: offset=0, ino=6 [ 72.410356][ T4997] NILFS (loop0): discard dirty block: blocknr=24, size=4096 [ 72.416958][ T5000] NILFS (loop3): discard dirty block: blocknr=23, size=4096 [ 72.424600][ T4998] NILFS (loop1): discard dirty block: blocknr=24, size=4096 [ 72.439004][ T5002] NILFS (loop5): discard dirty block: blocknr=23, size=4096 [ 72.439675][ T4999] NILFS (loop2): discard dirty page: offset=4096, ino=6 [ 72.446630][ T5001] NILFS (loop4): discard dirty block: blocknr=23, size=4096 [ 72.454225][ T4997] NILFS (loop0): discard dirty page: offset=8192, ino=6 [ 72.462042][ T5002] NILFS (loop5): discard dirty page: offset=4096, ino=6 [ 72.469216][ T4998] NILFS (loop1): discard dirty page: offset=8192, ino=6 [ 72.476045][ T5000] NILFS (loop3): discard dirty page: offset=4096, ino=6 [ 72.483904][ T4997] NILFS (loop0): discard dirty block: blocknr=25, size=4096 [ 72.490663][ T5001] NILFS (loop4): discard dirty page: offset=4096, ino=6 [ 72.499853][ T4999] NILFS (loop2): discard dirty block: blocknr=24, size=4096 [ 72.506820][ T5002] NILFS (loop5): discard dirty block: blocknr=24, size=4096 [ 72.521297][ T4998] NILFS (loop1): discard dirty block: blocknr=25, size=4096 [ 72.530096][ T5000] NILFS (loop3): discard dirty block: blocknr=24, size=4096 [ 72.538071][ T5000] NILFS (loop3): discard dirty page: offset=8192, ino=6 [ 72.546393][ T5001] NILFS (loop4): discard dirty block: blocknr=24, size=4096 [pid 5000] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4998] <... umount2 resumed>) = 0 [pid 4997] <... umount2 resumed>) = 0 [pid 4998] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4997] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 72.554592][ T5000] NILFS (loop3): discard dirty block: blocknr=25, size=4096 [ 72.560643][ T4999] NILFS (loop2): discard dirty page: offset=8192, ino=6 [ 72.562215][ T5001] NILFS (loop4): discard dirty page: offset=8192, ino=6 [ 72.570228][ T4999] NILFS (loop2): discard dirty block: blocknr=25, size=4096 [ 72.581931][ T5002] NILFS (loop5): discard dirty page: offset=8192, ino=6 [pid 4998] lstat("./0/file1", [pid 4997] lstat("./0/file1", [pid 4998] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4998] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4997] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4998] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4997] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4998] <... openat resumed>) = 4 [pid 4998] fstat(4, [pid 4997] <... openat resumed>) = 4 [pid 4998] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] fstat(4, [pid 4998] getdents64(4, [pid 4997] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4998] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 4997] getdents64(4, 0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 4998] getdents64(4, [pid 4997] getdents64(4, 0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 4998] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 4997] close(4) = 0 [pid 4998] close(4) = 0 [pid 4997] rmdir("./0/file1" [pid 4998] rmdir("./0/file1" [pid 4997] <... rmdir resumed>) = 0 [pid 4998] <... rmdir resumed>) = 0 [pid 4997] getdents64(3, [pid 4998] getdents64(3, [pid 4997] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 4998] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 4998] close(3 [pid 4997] close(3 [pid 4998] <... close resumed>) = 0 [pid 4997] <... close resumed>) = 0 [pid 4998] rmdir("./0" [pid 4997] rmdir("./0" [pid 4998] <... rmdir resumed>) = 0 [pid 5000] <... umount2 resumed>) = 0 [pid 5000] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5000] lstat("./0/file1", [pid 4997] <... rmdir resumed>) = 0 [pid 4998] mkdir("./1", 0777 [pid 5000] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5000] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4997] mkdir("./1", 0777 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5000] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5000] fstat(4, [pid 4998] <... mkdir resumed>) = 0 [pid 5000] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5000] getdents64(4, 0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5000] getdents64(4, [pid 4997] <... mkdir resumed>) = 0 [pid 4998] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5000] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 4998] <... openat resumed>) = 3 [pid 4997] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5000] close(4 [pid 4997] <... openat resumed>) = 3 [pid 4998] ioctl(3, LOOP_CLR_FD [pid 5000] <... close resumed>) = 0 [pid 5000] rmdir("./0/file1" [pid 4998] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 4997] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4998] close(3 [pid 4997] close(3) = 0 [pid 5000] <... rmdir resumed>) = 0 [pid 4997] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4998] <... close resumed>) = 0 [pid 5000] getdents64(3, 0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5000] close(3) = 0 [pid 5000] rmdir("./0" [pid 4998] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5000] <... rmdir resumed>) = 0 [pid 5000] mkdir("./1", 0777 [pid 4997] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5030 [pid 4998] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5031 [pid 5000] <... mkdir resumed>) = 0 [pid 5000] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5000] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5000] close(3) = 0 [pid 5000] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5031 attached , child_tidptr=0x5555563d95d0) = 5032 [pid 5031] set_robust_list(0x5555563d95e0, 24) = 0 [pid 5031] chdir("./1"./strace-static-x86_64: Process 5030 attached ) = 0 [pid 5031] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5031] setpgid(0, 0) = 0 [pid 5031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5031] write(3, "1000", 4 [pid 5030] set_robust_list(0x5555563d95e0, 24 [pid 5031] <... write resumed>) = 4 [pid 5031] close(3) = 0 [pid 5030] <... set_robust_list resumed>) = 0 [pid 5030] chdir("./1" [pid 5031] symlink("/dev/binderfs", "./binderfs" [pid 5030] <... chdir resumed>) = 0 [pid 5030] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 ./strace-static-x86_64: Process 5032 attached [pid 5032] set_robust_list(0x5555563d95e0, 24 [pid 5031] <... symlink resumed>) = 0 [pid 5030] setpgid(0, 0) = 0 [ 72.615121][ T5002] NILFS (loop5): discard dirty block: blocknr=25, size=4096 [ 72.634257][ T5001] NILFS (loop4): discard dirty block: blocknr=25, size=4096 [pid 5030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5032] <... set_robust_list resumed>) = 0 [pid 5032] chdir("./1" [pid 5031] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... openat resumed>) = 3 [pid 5030] write(3, "1000", 4) = 4 [pid 5031] <... futex resumed>) = 0 [pid 5030] close(3 [pid 5031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5030] <... close resumed>) = 0 [pid 5032] <... chdir resumed>) = 0 [pid 5031] <... mmap resumed>) = 0x7f0b39c56000 [pid 5032] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5031] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5030] symlink("/dev/binderfs", "./binderfs" [pid 5032] <... prctl resumed>) = 0 [pid 5031] <... mprotect resumed>) = 0 [pid 5032] setpgid(0, 0 [pid 5031] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5030] <... symlink resumed>) = 0 [pid 5032] <... setpgid resumed>) = 0 [pid 5030] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5031] <... clone resumed>, parent_tid=[5033], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5033 [pid 5032] <... openat resumed>) = 3 [pid 5031] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5032] write(3, "1000", 4 [pid 5031] <... futex resumed>) = 0 [pid 5032] <... write resumed>) = 4 [pid 5031] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5030] <... mmap resumed>) = 0x7f0b39c56000 [pid 5032] close(3) = 0 [pid 5032] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5030] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5032] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5033 attached ) = 0 [pid 5030] <... mprotect resumed>) = 0 [pid 5033] set_robust_list(0x7f0b39c769e0, 24 [pid 5032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5033] <... set_robust_list resumed>) = 0 [pid 5032] <... mmap resumed>) = 0x7f0b39c56000 [pid 5030] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5033] memfd_create("syzkaller", 0 [pid 5032] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5033] <... memfd_create resumed>) = 3 [pid 5032] <... mprotect resumed>) = 0 [pid 5033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5032] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5030] <... clone resumed>, parent_tid=[5034], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5034 ./strace-static-x86_64: Process 5034 attached [pid 5033] <... mmap resumed>) = 0x7f0b31856000 [pid 5001] <... umount2 resumed>) = 0 [pid 4999] <... umount2 resumed>) = 0 [pid 5034] set_robust_list(0x7f0b39c769e0, 24 [pid 5032] <... clone resumed>, parent_tid=[5035], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5035 [pid 5030] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... futex resumed>) = 0 [pid 5032] <... futex resumed>) = 0 [pid 5032] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5035 attached [pid 5034] <... set_robust_list resumed>) = 0 [pid 5030] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4999] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5035] set_robust_list(0x7f0b39c769e0, 24) = 0 [pid 5034] memfd_create("syzkaller", 0 [pid 5035] memfd_create("syzkaller", 0 [pid 5034] <... memfd_create resumed>) = 3 [pid 5002] <... umount2 resumed>) = 0 [pid 4999] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5035] <... memfd_create resumed>) = 3 [pid 5034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5002] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4999] lstat("./0/file1", [pid 5035] <... mmap resumed>) = 0x7f0b31856000 [pid 5002] lstat("./0/file1", [pid 5034] <... mmap resumed>) = 0x7f0b31856000 [pid 5002] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4999] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5002] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5002] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] getdents64(4, 0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5002] getdents64(4, 0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5001] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5002] close(4) = 0 [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5002] rmdir("./0/file1") = 0 [pid 5001] lstat("./0/file1", [pid 5002] getdents64(3, [pid 5001] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5001] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5002] close(3 [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5002] <... close resumed>) = 0 [pid 5001] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5002] rmdir("./0") = 0 [pid 5001] <... openat resumed>) = 4 [pid 5033] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5002] mkdir("./1", 0777 [pid 5001] fstat(4, [pid 4999] umount2("./0/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5002] <... mkdir resumed>) = 0 [pid 5001] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4999] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5002] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5001] getdents64(4, [pid 4999] openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5002] <... openat resumed>) = 3 [pid 5001] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5002] ioctl(3, LOOP_CLR_FD [pid 5001] getdents64(4, [pid 4999] <... openat resumed>) = 4 [pid 5002] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5001] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 4999] fstat(4, [pid 5002] close(3 [pid 5001] close(4 [pid 5002] <... close resumed>) = 0 [pid 5001] <... close resumed>) = 0 [pid 4999] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5001] rmdir("./0/file1" [pid 4999] getdents64(4, [pid 5001] <... rmdir resumed>) = 0 [pid 5002] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5036 [pid 5001] getdents64(3, [pid 4999] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5001] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 4999] getdents64(4, [pid 5001] close(3 [pid 4999] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5001] <... close resumed>) = 0 [pid 4999] close(4 [pid 5001] rmdir("./0") = 0 [pid 4999] <... close resumed>) = 0 [pid 5001] mkdir("./1", 0777 [pid 4999] rmdir("./0/file1"./strace-static-x86_64: Process 5036 attached [pid 5035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5001] <... mkdir resumed>) = 0 [pid 5036] set_robust_list(0x5555563d95e0, 24 [pid 5001] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 4999] <... rmdir resumed>) = 0 [pid 5036] <... set_robust_list resumed>) = 0 [pid 5001] <... openat resumed>) = 3 [pid 4999] getdents64(3, [pid 5036] chdir("./1" [pid 5001] ioctl(3, LOOP_CLR_FD [pid 5036] <... chdir resumed>) = 0 [pid 5001] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 4999] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5036] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5001] close(3 [pid 4999] close(3 [pid 5036] <... prctl resumed>) = 0 [pid 5001] <... close resumed>) = 0 [pid 5036] setpgid(0, 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4999] <... close resumed>) = 0 [pid 5036] <... setpgid resumed>) = 0 [pid 4999] rmdir("./0" [pid 5036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5001] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5037 [pid 5036] <... openat resumed>) = 3 [pid 4999] <... rmdir resumed>) = 0 [pid 5036] write(3, "1000", 4 [pid 4999] mkdir("./1", 0777 [pid 5036] <... write resumed>) = 4 ./strace-static-x86_64: Process 5037 attached [pid 5036] close(3 [pid 4999] <... mkdir resumed>) = 0 [pid 5037] set_robust_list(0x5555563d95e0, 24 [pid 5036] <... close resumed>) = 0 [pid 4999] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5037] <... set_robust_list resumed>) = 0 [pid 5036] symlink("/dev/binderfs", "./binderfs" [pid 5034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5037] chdir("./1" [pid 5036] <... symlink resumed>) = 0 [pid 4999] <... openat resumed>) = 3 [pid 5037] <... chdir resumed>) = 0 [pid 5036] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4999] ioctl(3, LOOP_CLR_FD [pid 5037] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5036] <... futex resumed>) = 0 [pid 5037] <... prctl resumed>) = 0 [pid 5036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4999] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5037] setpgid(0, 0 [pid 5036] <... mmap resumed>) = 0x7f0b39c56000 [pid 4999] close(3 [pid 5037] <... setpgid resumed>) = 0 [pid 5036] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5033] <... write resumed>) = 2097152 [pid 5037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5036] <... mprotect resumed>) = 0 [pid 4999] <... close resumed>) = 0 [pid 5037] <... openat resumed>) = 3 [pid 5036] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4999] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5037] write(3, "1000", 4) = 4 [pid 5036] <... clone resumed>, parent_tid=[5038], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5038 [pid 5037] close(3 [pid 5036] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5037] <... close resumed>) = 0 [pid 5036] <... futex resumed>) = 0 [pid 5037] symlink("/dev/binderfs", "./binderfs" [pid 5036] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4999] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5039 ./strace-static-x86_64: Process 5038 attached [pid 5037] <... symlink resumed>) = 0 [pid 5038] set_robust_list(0x7f0b39c769e0, 24 [pid 5037] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] <... set_robust_list resumed>) = 0 [pid 5037] <... futex resumed>) = 0 [pid 5038] memfd_create("syzkaller", 0 [pid 5037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5038] <... memfd_create resumed>) = 3 [pid 5037] <... mmap resumed>) = 0x7f0b39c56000 [pid 5038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5037] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5039 attached [pid 5038] <... mmap resumed>) = 0x7f0b31856000 [pid 5037] <... mprotect resumed>) = 0 [pid 5037] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5040], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5040 [pid 5039] set_robust_list(0x5555563d95e0, 24 [pid 5037] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5040 attached [pid 5040] set_robust_list(0x7f0b39c769e0, 24) = 0 [pid 5040] memfd_create("syzkaller", 0) = 3 [pid 5040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5039] <... set_robust_list resumed>) = 0 [pid 5035] <... write resumed>) = 2097152 [pid 5040] <... mmap resumed>) = 0x7f0b31856000 [pid 5039] chdir("./1" [pid 5033] munmap(0x7f0b31856000, 2097152 [pid 5039] <... chdir resumed>) = 0 [pid 5033] <... munmap resumed>) = 0 [pid 5039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5033] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5039] setpgid(0, 0 [pid 5033] <... openat resumed>) = 4 [pid 5033] ioctl(4, LOOP_SET_FD, 3 [pid 5039] <... setpgid resumed>) = 0 [pid 5039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5039] write(3, "1000", 4 [pid 5035] munmap(0x7f0b31856000, 2097152 [pid 5039] <... write resumed>) = 4 [pid 5038] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5034] <... write resumed>) = 2097152 [pid 5033] <... ioctl resumed>) = 0 [pid 5039] close(3 [pid 5035] <... munmap resumed>) = 0 [pid 5034] munmap(0x7f0b31856000, 2097152 [pid 5033] close(3 [pid 5039] <... close resumed>) = 0 [pid 5035] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5035] ioctl(4, LOOP_SET_FD, 3 [pid 5034] <... munmap resumed>) = 0 [pid 5039] symlink("/dev/binderfs", "./binderfs" [pid 5040] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5035] <... ioctl resumed>) = 0 [pid 5034] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5033] <... close resumed>) = 0 [pid 5039] <... symlink resumed>) = 0 [pid 5034] <... openat resumed>) = 4 [pid 5033] mkdir("./file1", 0777 [pid 5035] close(3) = 0 [pid 5035] mkdir("./file1", 0777 [pid 5033] <... mkdir resumed>) = 0 [pid 5039] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] ioctl(4, LOOP_SET_FD, 3 [pid 5035] <... mkdir resumed>) = 0 [ 72.888264][ T5033] loop1: detected capacity change from 0 to 4096 [ 72.912382][ T5035] loop3: detected capacity change from 0 to 4096 [ 72.930491][ T5034] loop0: detected capacity change from 0 to 4096 [pid 5035] mount("/dev/loop3", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5039] <... futex resumed>) = 0 [pid 5034] <... ioctl resumed>) = 0 [pid 5033] mount("/dev/loop1", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5040] <... write resumed>) = 2097152 [pid 5039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5034] close(3 [pid 5040] munmap(0x7f0b31856000, 2097152 [pid 5039] <... mmap resumed>) = 0x7f0b39c56000 [pid 5034] <... close resumed>) = 0 [pid 5040] <... munmap resumed>) = 0 [pid 5039] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5040] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5034] mkdir("./file1", 0777 [pid 5039] <... mprotect resumed>) = 0 [pid 5034] <... mkdir resumed>) = 0 [pid 5039] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5040] <... openat resumed>) = 4 [pid 5034] mount("/dev/loop0", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5040] ioctl(4, LOOP_SET_FD, 3 [pid 5039] <... clone resumed>, parent_tid=[5041], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5041 [ 72.935224][ T5035] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 72.950713][ T5033] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 72.969706][ T5040] loop4: detected capacity change from 0 to 4096 [ 72.970595][ T5034] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [pid 5039] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5038] <... write resumed>) = 2097152 ./strace-static-x86_64: Process 5041 attached [pid 5038] munmap(0x7f0b31856000, 2097152 [pid 5041] set_robust_list(0x7f0b39c769e0, 24 [pid 5038] <... munmap resumed>) = 0 [pid 5041] <... set_robust_list resumed>) = 0 [pid 5038] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5041] memfd_create("syzkaller", 0 [pid 5038] <... openat resumed>) = 4 [pid 5041] <... memfd_create resumed>) = 3 [pid 5038] ioctl(4, LOOP_SET_FD, 3 [pid 5041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b31856000 [pid 5040] <... ioctl resumed>) = 0 [pid 5038] <... ioctl resumed>) = 0 [pid 5040] close(3 [pid 5038] close(3 [pid 5040] <... close resumed>) = 0 [pid 5038] <... close resumed>) = 0 [pid 5040] mkdir("./file1", 0777 [pid 5038] mkdir("./file1", 0777 [pid 5040] <... mkdir resumed>) = 0 [pid 5038] <... mkdir resumed>) = 0 [pid 5040] mount("/dev/loop4", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [ 72.972812][ T5033] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 4096) [ 72.999501][ T5034] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 4096) [ 73.019197][ T5038] loop5: detected capacity change from 0 to 4096 [ 73.020976][ T5035] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 4096) [pid 5038] mount("/dev/loop5", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5034] <... mount resumed>) = 0 [pid 5033] <... mount resumed>) = 0 [pid 5033] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5033] chdir("./file1") = 0 [pid 5033] ioctl(4, LOOP_CLR_FD) = 0 [pid 5033] close(4) = 0 [pid 5033] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5031] <... futex resumed>) = 0 [pid 5033] creat("./bus", 026 [pid 5031] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5034] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5031] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] <... openat resumed>) = 3 [pid 5034] chdir("./file1") = 0 [pid 5034] ioctl(4, LOOP_CLR_FD) = 0 [pid 5034] close(4) = 0 [pid 5034] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5030] <... futex resumed>) = 0 [ 73.055936][ T5040] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 73.056042][ T5038] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 73.071551][ T5043] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 73.076971][ T5042] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5034] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5030] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5034] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5030] <... futex resumed>) = 0 [pid 5035] <... mount resumed>) = 0 [pid 5034] creat("./bus", 026 [pid 5030] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5035] chdir("./file1") = 0 [pid 5035] ioctl(4, LOOP_CLR_FD) = 0 [pid 5035] close(4) = 0 [pid 5035] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5032] <... futex resumed>) = 0 [pid 5031] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5035] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5032] <... futex resumed>) = 0 [pid 5031] <... futex resumed>) = 0 [ 73.114270][ T5040] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 4096) [ 73.128014][ T5044] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5035] creat("./bus", 026 [pid 5032] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b31a35000 [pid 5031] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5031] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5045], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5045 [pid 5031] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5031] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5045 attached [pid 5045] set_robust_list(0x7f0b31a559e0, 24) = 0 [pid 5045] rename("./bus", "./file1" [pid 5033] <... creat resumed>) = 4 [pid 5035] <... creat resumed>) = 4 [pid 5033] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5041] <... write resumed>) = 2097152 [pid 5035] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [ 73.158183][ T5038] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 4096) [pid 5034] <... creat resumed>) = 4 [pid 5033] <... futex resumed>) = 0 [pid 5035] <... futex resumed>) = 1 [pid 5033] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] <... futex resumed>) = 0 [pid 5035] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5032] <... futex resumed>) = 0 [pid 5035] rename("./bus", "./file1" [pid 5032] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5034] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5030] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] munmap(0x7f0b31856000, 2097152 [pid 5031] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5030] <... futex resumed>) = 0 [pid 5033] <... futex resumed>) = 0 [pid 5031] <... futex resumed>) = 1 [ 73.200237][ T5045] NILFS (loop1): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 73.209903][ T5045] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=15) [ 73.211428][ T5035] NILFS (loop3): DAT doesn't have a block to manage vblocknr = 38040525340672 [pid 5030] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5033] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5031] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] <... munmap resumed>) = 0 [pid 5034] <... futex resumed>) = 1 [pid 5033] <... open resumed>) = 5 [pid 5030] <... futex resumed>) = 0 [pid 5033] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5032] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5033] <... futex resumed>) = 1 [pid 5032] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] <... futex resumed>) = 0 [pid 5033] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] <... futex resumed>) = 0 [pid 5032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5041] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5034] rename("./bus", "./file1" [pid 5032] <... mmap resumed>) = 0x7f0b31a35000 [pid 5030] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... openat resumed>) = 4 [pid 5032] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5041] ioctl(4, LOOP_SET_FD, 3 [pid 5032] <... mprotect resumed>) = 0 [pid 5030] <... futex resumed>) = 0 [pid 5040] <... mount resumed>) = 0 [ 73.239063][ T27] audit: type=1804 audit(1683463062.493:5): pid=5033 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor323" name="/root/syzkaller.iMJHw8/1/file1/file1" dev="loop1" ino=18 res=1 errno=0 [ 73.260949][ T5035] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=15) [ 73.272212][ T5045] Remounting filesystem read-only [ 73.274240][ T5046] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 73.277277][ T5045] NILFS (loop1): error -5 truncating bmap (ino=15) [pid 5032] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5040] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5032] <... clone resumed>, parent_tid=[5047], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5047 [pid 5040] chdir("./file1" [pid 5032] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... chdir resumed>) = 0 [pid 5032] <... futex resumed>) = 0 [pid 5030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5040] ioctl(4, LOOP_CLR_FD [pid 5032] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] <... ioctl resumed>) = 0 [pid 5040] close(4./strace-static-x86_64: Process 5047 attached ) = 0 [pid 5047] set_robust_list(0x7f0b31a559e0, 24 [pid 5040] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] <... set_robust_list resumed>) = 0 [pid 5040] <... futex resumed>) = 1 [pid 5037] <... futex resumed>) = 0 [pid 5047] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5040] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] <... open resumed>) = 5 [pid 5040] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5037] <... futex resumed>) = 0 [pid 5047] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] creat("./bus", 026 [pid 5037] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] <... futex resumed>) = 1 [pid 5032] <... futex resumed>) = 0 [pid 5030] <... mmap resumed>) = 0x7f0b31a35000 [pid 5047] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5030] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5030] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5049], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5049 [pid 5030] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5030] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 5049 attached [pid 5041] close(3 [pid 5049] set_robust_list(0x7f0b31a559e0, 24 [pid 5041] <... close resumed>) = 0 [pid 5038] <... mount resumed>) = 0 [pid 5049] <... set_robust_list resumed>) = 0 [pid 5049] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE) = 5 [pid 5049] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5030] <... futex resumed>) = 0 [pid 5049] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] mkdir("./file1", 0777 [ 73.299602][ T5041] loop2: detected capacity change from 0 to 4096 [ 73.306822][ T5034] NILFS (loop0): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 73.331063][ T5048] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5038] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5041] <... mkdir resumed>) = 0 [pid 5038] <... openat resumed>) = 3 [pid 5037] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5037] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5038] chdir("./file1" [ 73.344391][ T27] audit: type=1804 audit(1683463062.573:6): pid=5047 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor323" name="/root/syzkaller.wEQC0i/1/file1/file1" dev="loop3" ino=18 res=1 errno=0 [ 73.350639][ T5034] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=15) [ 73.380198][ T5035] Remounting filesystem read-only [pid 5041] mount("/dev/loop2", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5040] <... creat resumed>) = 4 [pid 5037] <... mmap resumed>) = 0x7f0b31a35000 [pid 5038] <... chdir resumed>) = 0 [pid 5045] <... rename resumed>) = 0 [pid 5040] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] ioctl(4, LOOP_CLR_FD [pid 5037] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5037] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5050], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5050 [pid 5037] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5037] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5050 attached [pid 5050] set_robust_list(0x7f0b31a559e0, 24 [pid 5045] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... futex resumed>) = 0 [pid 5038] <... ioctl resumed>) = 0 [pid 5050] <... set_robust_list resumed>) = 0 [pid 5045] <... futex resumed>) = 0 [pid 5040] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5038] close(4 [pid 5031] exit_group(0 [pid 5050] rename("./bus", "./file1" [pid 5038] <... close resumed>) = 0 [pid 5033] <... futex resumed>) = ? [pid 5031] <... exit_group resumed>) = ? [pid 5038] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5033] +++ exited with 0 +++ [pid 5035] <... rename resumed>) = 0 [pid 5045] +++ exited with 0 +++ [pid 5038] <... futex resumed>) = 1 [pid 5036] <... futex resumed>) = 0 [pid 5035] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5031] +++ exited with 0 +++ [pid 5038] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [ 73.381010][ T27] audit: type=1804 audit(1683463062.593:7): pid=5049 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor323" name="/root/syzkaller.SxEkc1/1/file1/file1" dev="loop0" ino=18 res=1 errno=0 [ 73.386801][ T5034] Remounting filesystem read-only [ 73.414311][ T5035] NILFS (loop3): error -5 truncating bmap (ino=15) [ 73.423062][ T5041] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [pid 5036] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5035] <... futex resumed>) = 0 [pid 4998] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5031, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5036] <... futex resumed>) = 0 [pid 5035] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5032] exit_group(0 [pid 5047] <... futex resumed>) = ? [pid 5038] creat("./bus", 026 [pid 5036] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5035] <... futex resumed>) = ? [pid 5032] <... exit_group resumed>) = ? [pid 5047] +++ exited with 0 +++ [pid 5038] <... creat resumed>) = 4 [pid 5035] +++ exited with 0 +++ [pid 5032] +++ exited with 0 +++ [pid 5038] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5000] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5032, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5038] <... futex resumed>) = 1 [pid 5037] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5036] <... futex resumed>) = 0 [pid 5038] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5037] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5036] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5040] <... futex resumed>) = 0 [pid 5038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5037] <... futex resumed>) = 1 [pid 5036] <... futex resumed>) = 0 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5040] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5038] rename("./bus", "./file1" [pid 5037] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5036] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4998] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5040] <... open resumed>) = 5 [pid 4998] <... openat resumed>) = 3 [ 73.452078][ T5050] NILFS (loop4): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 73.480544][ T5041] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 4096) [pid 4998] fstat(3, [pid 5040] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4998] getdents64(3, 0x5555563da620 /* 4 entries */, 32768) = 112 [pid 4998] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4998] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4998] unlink("./1/binderfs") = 0 [pid 4998] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5040] <... futex resumed>) = 1 [pid 5037] <... futex resumed>) = 0 [ 73.497495][ T27] audit: type=1804 audit(1683463062.753:8): pid=5040 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor323" name="/root/syzkaller.YPcgfn/1/file1/file1" dev="loop4" ino=18 res=1 errno=0 [ 73.500612][ T5050] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=15) [ 73.525701][ T5038] NILFS (loop5): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 73.544025][ T4998] NILFS (loop1): discard dirty page: offset=0, ino=6 [pid 5041] <... mount resumed>) = 0 [pid 5040] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5036] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5036] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b31a35000 [pid 5036] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5036] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5052], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5052 [pid 5036] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5052 attached [pid 5041] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5036] <... futex resumed>) = 0 [pid 5000] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5041] <... openat resumed>) = 3 [pid 5036] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] set_robust_list(0x7f0b31a559e0, 24) = 0 [pid 5052] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE) = 5 [pid 5041] chdir("./file1" [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5052] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5036] <... futex resumed>) = 0 [ 73.547520][ T5051] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 73.560409][ T4998] NILFS (loop1): discard dirty block: blocknr=23, size=4096 [ 73.562124][ T5038] NILFS error (device loop5): nilfs_bmap_truncate: broken bmap (inode number=15) [ 73.569247][ T4998] NILFS (loop1): discard dirty page: offset=4096, ino=6 [ 73.587681][ T5038] Remounting filesystem read-only [ 73.593088][ T5038] NILFS (loop5): error -5 truncating bmap (ino=15) [pid 5052] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] <... chdir resumed>) = 0 [pid 5038] <... rename resumed>) = 0 [pid 5000] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5041] ioctl(4, LOOP_CLR_FD [pid 5038] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5000] <... openat resumed>) = 3 [pid 5036] exit_group(0 [pid 5052] <... futex resumed>) = ? [pid 5036] <... exit_group resumed>) = ? [pid 5052] +++ exited with 0 +++ [pid 5034] <... rename resumed>) = 0 [pid 5034] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... ioctl resumed>) = 0 [pid 5038] <... futex resumed>) = ? [pid 5030] exit_group(0 [pid 5000] fstat(3, [pid 5050] <... rename resumed>) = 0 [pid 5049] <... futex resumed>) = ? [pid 5041] close(4 [pid 5038] +++ exited with 0 +++ [pid 5036] +++ exited with 0 +++ [pid 5030] <... exit_group resumed>) = ? [pid 5050] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] +++ exited with 0 +++ [pid 5037] exit_group(0 [pid 5002] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5036, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5000] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5037] <... exit_group resumed>) = ? [pid 5034] <... futex resumed>) = ? [pid 5034] +++ exited with 0 +++ [pid 5030] +++ exited with 0 +++ [pid 5050] <... futex resumed>) = ? [pid 5041] <... close resumed>) = 0 [pid 5040] <... futex resumed>) = ? [pid 5000] getdents64(3, [pid 4997] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5030, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [ 73.598953][ T5034] NILFS (loop0): error -5 truncating bmap (ino=15) [ 73.602764][ T5050] Remounting filesystem read-only [ 73.610274][ T27] audit: type=1804 audit(1683463062.853:9): pid=5052 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor323" name="/root/syzkaller.Vob5rp/1/file1/file1" dev="loop5" ino=18 res=1 errno=0 [ 73.612869][ T5050] NILFS (loop4): error -5 truncating bmap (ino=15) [ 73.642216][ T4998] NILFS (loop1): discard dirty block: blocknr=24, size=4096 [pid 5050] +++ exited with 0 +++ [pid 5041] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] +++ exited with 0 +++ [pid 5037] +++ exited with 0 +++ [pid 5000] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5041] <... futex resumed>) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5000] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5041] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5039] <... futex resumed>) = 0 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5041] creat("./bus", 026 [pid 5039] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5000] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5002] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5037, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5000] unlink("./1/binderfs" [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5001] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5000] <... unlink resumed>) = 0 [pid 4997] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5002] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5002] <... openat resumed>) = 3 [pid 5001] <... openat resumed>) = 3 [pid 5000] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5041] <... creat resumed>) = 4 [pid 5002] fstat(3, [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./1/binderfs") = 0 [pid 5001] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5041] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5041] <... futex resumed>) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5002] getdents64(3, [pid 4997] <... openat resumed>) = 3 [pid 5041] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5039] <... futex resumed>) = 0 [pid 5002] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [ 73.655466][ T4998] NILFS (loop1): discard dirty page: offset=8192, ino=6 [ 73.670864][ T5000] NILFS (loop3): discard dirty page: offset=0, ino=6 [ 73.679086][ T5000] NILFS (loop3): discard dirty block: blocknr=23, size=4096 [ 73.680942][ T4998] NILFS (loop1): discard dirty block: blocknr=25, size=4096 [ 73.696349][ T5001] NILFS (loop4): discard dirty page: offset=0, ino=6 [pid 4997] fstat(3, [pid 5041] rename("./bus", "./file1" [pid 5039] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4997] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] getdents64(3, [pid 5002] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4997] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5002] unlink("./1/binderfs" [pid 4997] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5002] <... unlink resumed>) = 0 [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5002] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4997] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4997] unlink("./1/binderfs") = 0 [ 73.706259][ T5001] NILFS (loop4): discard dirty block: blocknr=23, size=4096 [ 73.718019][ T5041] NILFS (loop2): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 73.719573][ T5001] NILFS (loop4): discard dirty page: offset=4096, ino=6 [pid 4997] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5039] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5039] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b31a35000 [pid 5039] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5039] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5053], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5053 [pid 5039] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] <... umount2 resumed>) = 0 [pid 4998] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4998] lstat("./1/file1", [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4998] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4998] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4998] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4998] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 73.751162][ T5000] NILFS (loop3): discard dirty page: offset=4096, ino=6 [ 73.758993][ T5000] NILFS (loop3): discard dirty block: blocknr=24, size=4096 [ 73.771135][ T5041] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=15) [ 73.789296][ T5002] NILFS (loop5): discard dirty page: offset=0, ino=6 [ 73.789342][ T5041] Remounting filesystem read-only [pid 4998] getdents64(4, 0x5555563e2660 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 5053 attached [pid 4998] getdents64(4, 0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 4998] close(4) = 0 [pid 4998] rmdir("./1/file1") = 0 [pid 5053] set_robust_list(0x7f0b31a559e0, 24) = 0 [pid 4998] getdents64(3, 0x5555563da620 /* 0 entries */, 32768) = 0 [pid 4998] close(3) = 0 [pid 4998] rmdir("./1") = 0 [pid 5053] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 4998] mkdir("./2", 0777) = 0 [pid 4998] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5053] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5041] <... rename resumed>) = 0 [pid 5039] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4998] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4998] close(3 [pid 5053] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5041] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] <... close resumed>) = 0 [pid 4998] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5053] <... futex resumed>) = 0 [pid 5041] <... futex resumed>) = 0 [pid 5053] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4998] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5054 [ 73.796993][ T4997] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 73.802051][ T5000] NILFS (loop3): discard dirty page: offset=8192, ino=6 [ 73.815823][ T5001] NILFS (loop4): discard dirty block: blocknr=24, size=4096 [ 73.823955][ T5041] NILFS (loop2): error -5 truncating bmap (ino=15) [ 73.831300][ T5002] NILFS (loop5): discard dirty block: blocknr=23, size=4096 [ 73.839034][ T5002] NILFS (loop5): discard dirty page: offset=4096, ino=6 [ 73.846788][ T5000] NILFS (loop3): discard dirty block: blocknr=25, size=4096 ./strace-static-x86_64: Process 5054 attached [pid 5054] set_robust_list(0x5555563d95e0, 24 [pid 5039] exit_group(0 [pid 5054] <... set_robust_list resumed>) = 0 [pid 5053] <... futex resumed>) = ? [pid 5041] <... futex resumed>) = ? [pid 5039] <... exit_group resumed>) = ? [pid 5054] chdir("./2" [pid 5053] +++ exited with 0 +++ [pid 5041] +++ exited with 0 +++ [ 73.855294][ T5002] NILFS (loop5): discard dirty block: blocknr=24, size=4096 [ 73.861196][ T4997] NILFS (loop0): discard dirty block: blocknr=23, size=4096 [ 73.870123][ T5002] NILFS (loop5): discard dirty page: offset=8192, ino=6 [ 73.874738][ T5001] NILFS (loop4): discard dirty page: offset=8192, ino=6 [ 73.884578][ T5002] NILFS (loop5): discard dirty block: blocknr=25, size=4096 [ 73.886873][ T4997] NILFS (loop0): discard dirty page: offset=4096, ino=6 [pid 5054] <... chdir resumed>) = 0 [pid 5039] +++ exited with 0 +++ [pid 5054] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5000] <... umount2 resumed>) = 0 [pid 5054] <... prctl resumed>) = 0 [pid 4999] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5039, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5054] setpgid(0, 0) = 0 [pid 5054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 4999] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5054] <... openat resumed>) = 3 [pid 5054] write(3, "1000", 4 [pid 4999] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5054] <... write resumed>) = 4 [pid 4999] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5054] close(3 [pid 4999] <... openat resumed>) = 3 [pid 5054] <... close resumed>) = 0 [pid 5000] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4999] fstat(3, [pid 5054] symlink("/dev/binderfs", "./binderfs" [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4999] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4999] getdents64(3, 0x5555563da620 /* 4 entries */, 32768) = 112 [pid 4999] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4999] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 73.902698][ T5001] NILFS (loop4): discard dirty block: blocknr=25, size=4096 [pid 4999] unlink("./1/binderfs") = 0 [pid 4999] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5054] <... symlink resumed>) = 0 [pid 5054] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5000] lstat("./1/file1", [pid 5054] <... futex resumed>) = 0 [pid 5000] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5000] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5054] <... mmap resumed>) = 0x7f0b39c56000 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5054] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5000] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5054] <... mprotect resumed>) = 0 [pid 5054] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5000] <... openat resumed>) = 4 [pid 5000] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5054] <... clone resumed>, parent_tid=[5055], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5055 [pid 5054] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5000] getdents64(4, [pid 5054] <... futex resumed>) = 0 [pid 5000] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5054] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5000] getdents64(4, 0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5000] close(4) = 0 [pid 5000] rmdir("./1/file1") = 0 [pid 5000] getdents64(3, 0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5000] close(3) = 0 [pid 5000] rmdir("./1") = 0 ./strace-static-x86_64: Process 5055 attached [pid 5000] mkdir("./2", 0777 [pid 5055] set_robust_list(0x7f0b39c769e0, 24 [pid 5000] <... mkdir resumed>) = 0 [pid 5055] <... set_robust_list resumed>) = 0 [pid 5000] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [ 73.931667][ T4999] NILFS (loop2): discard dirty page: offset=0, ino=6 [ 73.938660][ T4999] NILFS (loop2): discard dirty block: blocknr=23, size=4096 [ 73.967442][ T4997] NILFS (loop0): discard dirty block: blocknr=24, size=4096 [ 73.967518][ T4999] NILFS (loop2): discard dirty page: offset=4096, ino=6 [pid 5000] ioctl(3, LOOP_CLR_FD [pid 5055] memfd_create("syzkaller", 0 [pid 5002] <... umount2 resumed>) = 0 [pid 5000] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5055] <... memfd_create resumed>) = 3 [pid 5002] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5000] close(3 [pid 5055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5000] <... close resumed>) = 0 [pid 5055] <... mmap resumed>) = 0x7f0b31856000 [pid 5002] lstat("./1/file1", [pid 5000] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5002] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5000] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5056 [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5002] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5002] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] getdents64(4, 0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5002] getdents64(4, 0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5002] close(4) = 0 [pid 5002] rmdir("./1/file1") = 0 [pid 5002] getdents64(3, 0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5002] close(3) = 0 [pid 5002] rmdir("./1") = 0 [pid 5002] mkdir("./2", 0777) = 0 [pid 5002] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5002] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5002] close(3) = 0 [pid 5002] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5001] <... umount2 resumed>) = 0 [pid 5001] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5002] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5057 [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 ./strace-static-x86_64: Process 5056 attached [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5056] set_robust_list(0x5555563d95e0, 24 [pid 5001] getdents64(4, [pid 5056] <... set_robust_list resumed>) = 0 [pid 5001] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5056] chdir("./2" [pid 5001] getdents64(4, [pid 5056] <... chdir resumed>) = 0 [pid 5001] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5056] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5001] close(4 [pid 5056] <... prctl resumed>) = 0 [pid 5001] <... close resumed>) = 0 ./strace-static-x86_64: Process 5057 attached [pid 5056] setpgid(0, 0 [pid 5001] rmdir("./1/file1" [pid 5057] set_robust_list(0x5555563d95e0, 24 [pid 5056] <... setpgid resumed>) = 0 [pid 5001] <... rmdir resumed>) = 0 [pid 5057] <... set_robust_list resumed>) = 0 [pid 5056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5001] getdents64(3, [pid 5057] chdir("./2" [pid 5056] <... openat resumed>) = 3 [pid 5055] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5001] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5057] <... chdir resumed>) = 0 [pid 5056] write(3, "1000", 4 [pid 5001] close(3 [pid 5057] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5056] <... write resumed>) = 4 [pid 5001] <... close resumed>) = 0 [pid 5056] close(3 [pid 5001] rmdir("./1" [pid 5057] <... prctl resumed>) = 0 [pid 5057] setpgid(0, 0 [pid 5056] <... close resumed>) = 0 [pid 5001] <... rmdir resumed>) = 0 [pid 5057] <... setpgid resumed>) = 0 [pid 5056] symlink("/dev/binderfs", "./binderfs" [pid 5001] mkdir("./2", 0777 [pid 5057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5056] <... symlink resumed>) = 0 [pid 5001] <... mkdir resumed>) = 0 [pid 5057] <... openat resumed>) = 3 [pid 5056] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5001] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5057] write(3, "1000", 4 [pid 5056] <... futex resumed>) = 0 [pid 5001] <... openat resumed>) = 3 [pid 5057] <... write resumed>) = 4 [ 74.013189][ T4999] NILFS (loop2): discard dirty block: blocknr=24, size=4096 [ 74.024578][ T4997] NILFS (loop0): discard dirty page: offset=8192, ino=6 [pid 5056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5001] ioctl(3, LOOP_CLR_FD [pid 5057] close(3 [pid 5056] <... mmap resumed>) = 0x7f0b39c56000 [pid 5001] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5057] <... close resumed>) = 0 [pid 5056] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5001] close(3 [pid 5057] symlink("/dev/binderfs", "./binderfs" [pid 5056] <... mprotect resumed>) = 0 [pid 5001] <... close resumed>) = 0 [pid 5057] <... symlink resumed>) = 0 [pid 5056] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5057] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] <... clone resumed>, parent_tid=[5058], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5058 [pid 5001] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5059 [pid 5057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5056] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] <... mmap resumed>) = 0x7f0b39c56000 [pid 5056] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5059 attached [pid 5057] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5056] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5059] set_robust_list(0x5555563d95e0, 24 [pid 5057] <... mprotect resumed>) = 0 [pid 5057] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5058 attached ./strace-static-x86_64: Process 5060 attached [pid 5059] <... set_robust_list resumed>) = 0 [pid 5059] chdir("./2" [pid 5058] set_robust_list(0x7f0b39c769e0, 24 [pid 5057] <... clone resumed>, parent_tid=[5060], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5060 [pid 5060] set_robust_list(0x7f0b39c769e0, 24) = 0 [pid 5059] <... chdir resumed>) = 0 [pid 5058] <... set_robust_list resumed>) = 0 [pid 5057] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] memfd_create("syzkaller", 0 [pid 5059] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5058] memfd_create("syzkaller", 0 [pid 5057] <... futex resumed>) = 0 [pid 5060] <... memfd_create resumed>) = 3 [pid 5059] <... prctl resumed>) = 0 [pid 5058] <... memfd_create resumed>) = 3 [pid 5057] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5059] setpgid(0, 0 [pid 5060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5059] <... setpgid resumed>) = 0 [pid 5058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5060] <... mmap resumed>) = 0x7f0b31856000 [pid 5059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5058] <... mmap resumed>) = 0x7f0b31856000 [pid 5059] <... openat resumed>) = 3 [pid 5059] write(3, "1000", 4) = 4 [pid 5059] close(3) = 0 [pid 5059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5055] <... write resumed>) = 2097152 [pid 5059] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 74.055505][ T4997] NILFS (loop0): discard dirty block: blocknr=25, size=4096 [ 74.055711][ T4999] NILFS (loop2): discard dirty page: offset=8192, ino=6 [pid 5059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b39c56000 [pid 5059] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5059] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5055] munmap(0x7f0b31856000, 2097152 [pid 5059] <... clone resumed>, parent_tid=[5061], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5061 [pid 5059] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5055] <... munmap resumed>) = 0 [pid 5055] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 ./strace-static-x86_64: Process 5061 attached [pid 5055] ioctl(4, LOOP_SET_FD, 3 [pid 5061] set_robust_list(0x7f0b39c769e0, 24) = 0 [pid 5061] memfd_create("syzkaller", 0 [pid 5058] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5061] <... memfd_create resumed>) = 3 [pid 5061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b31856000 [pid 5060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5055] <... ioctl resumed>) = 0 [pid 4997] <... umount2 resumed>) = 0 [pid 5055] close(3) = 0 [pid 4997] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5055] mkdir("./file1", 0777 [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5055] <... mkdir resumed>) = 0 [pid 4997] lstat("./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5055] mount("/dev/loop1", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 4997] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 74.115844][ T4999] NILFS (loop2): discard dirty block: blocknr=25, size=4096 [ 74.137657][ T5055] loop1: detected capacity change from 0 to 4096 [pid 4997] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5061] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 4997] <... openat resumed>) = 4 [pid 4997] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] getdents64(4, 0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 4997] getdents64(4, 0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 4997] close(4) = 0 [pid 4997] rmdir("./1/file1") = 0 [pid 4997] getdents64(3, [pid 5058] <... write resumed>) = 2097152 [pid 4997] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 4997] close(3) = 0 [pid 4997] rmdir("./1") = 0 [pid 5058] munmap(0x7f0b31856000, 2097152 [pid 4997] mkdir("./2", 0777 [pid 5058] <... munmap resumed>) = 0 [pid 4997] <... mkdir resumed>) = 0 [pid 4997] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5060] <... write resumed>) = 2097152 [pid 5058] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 4999] <... umount2 resumed>) = 0 [pid 5060] munmap(0x7f0b31856000, 2097152 [pid 5058] <... openat resumed>) = 4 [pid 4999] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4997] <... openat resumed>) = 3 [pid 5060] <... munmap resumed>) = 0 [ 74.191769][ T5055] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 74.228620][ T5055] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 4096) [pid 5058] ioctl(4, LOOP_SET_FD, 3 [pid 4999] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] ioctl(3, LOOP_CLR_FD [pid 5061] <... write resumed>) = 2097152 [pid 5060] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5058] <... ioctl resumed>) = 0 [pid 4999] lstat("./1/file1", [pid 5060] <... openat resumed>) = 4 [pid 5055] <... mount resumed>) = 0 [pid 4997] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5060] ioctl(4, LOOP_SET_FD, 3 [pid 5055] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 4997] close(3 [pid 5061] munmap(0x7f0b31856000, 2097152 [pid 5058] close(3 [pid 4999] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5061] <... munmap resumed>) = 0 [pid 5058] <... close resumed>) = 0 [pid 4999] umount2("./1/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5061] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5058] mkdir("./file1", 0777 [pid 4999] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5061] <... openat resumed>) = 4 [pid 5058] <... mkdir resumed>) = 0 [pid 4999] openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5061] ioctl(4, LOOP_SET_FD, 3 [pid 5058] mount("/dev/loop3", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 4999] <... openat resumed>) = 4 [pid 5061] <... ioctl resumed>) = 0 [pid 5055] <... openat resumed>) = 3 [pid 4999] fstat(4, [pid 4997] <... close resumed>) = 0 [pid 4999] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5061] close(3 [pid 5060] <... ioctl resumed>) = 0 [pid 5055] chdir("./file1" [pid 4997] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4999] getdents64(4, 0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 4999] getdents64(4, 0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5055] <... chdir resumed>) = 0 [pid 4999] close(4) = 0 [ 74.256396][ T5058] loop3: detected capacity change from 0 to 4096 [ 74.264430][ T5062] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 74.273482][ T5060] loop5: detected capacity change from 0 to 4096 [ 74.281691][ T5061] loop4: detected capacity change from 0 to 4096 [ 74.290415][ T5058] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [pid 4999] rmdir("./1/file1"./strace-static-x86_64: Process 5063 attached [pid 5061] <... close resumed>) = 0 [pid 5060] close(3 [pid 5055] ioctl(4, LOOP_CLR_FD [pid 5063] set_robust_list(0x5555563d95e0, 24 [pid 5061] mkdir("./file1", 0777 [pid 5060] <... close resumed>) = 0 [pid 5055] <... ioctl resumed>) = 0 [pid 4997] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5063 [pid 5063] <... set_robust_list resumed>) = 0 [pid 5061] <... mkdir resumed>) = 0 [pid 5060] mkdir("./file1", 0777 [pid 5055] close(4 [pid 5063] chdir("./2" [pid 5061] mount("/dev/loop4", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5060] <... mkdir resumed>) = 0 [pid 5055] <... close resumed>) = 0 [pid 4999] <... rmdir resumed>) = 0 [pid 5063] <... chdir resumed>) = 0 [pid 5060] mount("/dev/loop5", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5055] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4999] getdents64(3, [pid 5063] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5055] <... futex resumed>) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5063] <... prctl resumed>) = 0 [pid 5055] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] setpgid(0, 0) = 0 [pid 5063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5063] write(3, "1000", 4) = 4 [pid 5063] close(3) = 0 [pid 5054] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 4999] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5063] symlink("/dev/binderfs", "./binderfs" [pid 5055] <... futex resumed>) = 0 [pid 5054] <... futex resumed>) = 1 [pid 4999] close(3 [pid 5063] <... symlink resumed>) = 0 [pid 5055] creat("./bus", 026 [pid 5054] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4999] <... close resumed>) = 0 [pid 5063] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4999] rmdir("./1" [pid 5063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5055] <... creat resumed>) = 4 [pid 5063] <... mmap resumed>) = 0x7f0b39c56000 [pid 5055] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4999] <... rmdir resumed>) = 0 [pid 5063] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5055] <... futex resumed>) = 1 [pid 5054] <... futex resumed>) = 0 [pid 4999] mkdir("./2", 0777 [pid 5063] <... mprotect resumed>) = 0 [ 74.310167][ T5058] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 4096) [ 74.329610][ T5061] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 74.340009][ T5060] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [pid 5055] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5055] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5054] <... futex resumed>) = 0 [pid 4999] <... mkdir resumed>) = 0 [pid 5055] rename("./bus", "./file1" [pid 5054] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5063] <... clone resumed>, parent_tid=[5064], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5064 [pid 5063] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5064 attached [pid 5064] set_robust_list(0x7f0b39c769e0, 24) = 0 [pid 5064] memfd_create("syzkaller", 0 [pid 4999] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5064] <... memfd_create resumed>) = 3 [pid 5058] <... mount resumed>) = 0 [pid 5064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b31856000 [pid 4999] <... openat resumed>) = 3 [pid 5058] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 4999] ioctl(3, LOOP_CLR_FD [pid 5058] <... openat resumed>) = 3 [pid 4999] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5058] chdir("./file1" [pid 4999] close(3 [pid 5058] <... chdir resumed>) = 0 [ 74.367337][ T5060] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 4096) [ 74.369258][ T5061] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 4096) [ 74.389423][ T5055] NILFS (loop1): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 74.398731][ T5065] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4999] <... close resumed>) = 0 [pid 5058] ioctl(4, LOOP_CLR_FD [pid 4999] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5058] <... ioctl resumed>) = 0 [pid 5058] close(4) = 0 [pid 4999] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5066 [pid 5058] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5056] <... futex resumed>) = 0 [pid 5058] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5056] <... futex resumed>) = 0 [pid 5054] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) ./strace-static-x86_64: Process 5066 attached [pid 5058] creat("./bus", 026 [pid 5056] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] set_robust_list(0x5555563d95e0, 24 [pid 5054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] <... set_robust_list resumed>) = 0 [pid 5054] <... mmap resumed>) = 0x7f0b31a35000 [pid 5054] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5066] chdir("./2" [pid 5058] <... creat resumed>) = 4 [pid 5054] <... mprotect resumed>) = 0 [pid 5066] <... chdir resumed>) = 0 [pid 5058] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5058] <... futex resumed>) = 1 [pid 5056] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5068 attached [pid 5066] <... prctl resumed>) = 0 [pid 5058] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5056] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... clone resumed>, parent_tid=[5068], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5068 [pid 5056] <... futex resumed>) = 0 [ 74.416893][ T5055] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=15) [pid 5054] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] set_robust_list(0x7f0b31a559e0, 24 [pid 5066] setpgid(0, 0 [pid 5061] <... mount resumed>) = 0 [pid 5058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5056] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5054] <... futex resumed>) = 0 [pid 5068] <... set_robust_list resumed>) = 0 [pid 5066] <... setpgid resumed>) = 0 [pid 5061] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5058] rename("./bus", "./file1" [pid 5054] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5061] <... openat resumed>) = 3 [pid 5068] <... open resumed>) = 5 [pid 5066] <... openat resumed>) = 3 [pid 5061] chdir("./file1" [ 74.460189][ T5067] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 74.476571][ T27] audit: type=1804 audit(1683463063.733:10): pid=5068 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor323" name="/root/syzkaller.iMJHw8/2/file1/file1" dev="loop1" ino=18 res=1 errno=0 [ 74.478011][ T5058] NILFS (loop3): DAT doesn't have a block to manage vblocknr = 38040525340672 [pid 5064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5068] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] write(3, "1000", 4 [pid 5061] <... chdir resumed>) = 0 [pid 5056] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5054] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5056] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b31a35000 [pid 5056] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5056] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5070], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5070 [pid 5056] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5070 attached [pid 5068] <... futex resumed>) = 0 [pid 5066] <... write resumed>) = 4 [pid 5061] ioctl(4, LOOP_CLR_FD [pid 5056] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5060] <... mount resumed>) = 0 [pid 5060] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5060] chdir("./file1") = 0 [pid 5060] ioctl(4, LOOP_CLR_FD) = 0 [pid 5060] close(4) = 0 [pid 5070] set_robust_list(0x7f0b31a559e0, 24 [pid 5068] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] close(3 [pid 5061] <... ioctl resumed>) = 0 [pid 5060] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... set_robust_list resumed>) = 0 [pid 5066] <... close resumed>) = 0 [pid 5061] close(4 [pid 5060] <... futex resumed>) = 1 [pid 5057] <... futex resumed>) = 0 [pid 5070] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5066] symlink("/dev/binderfs", "./binderfs" [pid 5061] <... close resumed>) = 0 [pid 5060] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5057] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5066] <... symlink resumed>) = 0 [pid 5061] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5057] <... futex resumed>) = 0 [pid 5070] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = 1 [pid 5060] creat("./bus", 026 [pid 5059] <... futex resumed>) = 0 [pid 5057] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... futex resumed>) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5061] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... futex resumed>) = 0 [pid 5070] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5060] <... creat resumed>) = 4 [pid 5059] <... futex resumed>) = 0 [pid 5066] <... mmap resumed>) = 0x7f0b39c56000 [pid 5061] creat("./bus", 026 [pid 5060] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5060] <... futex resumed>) = 1 [pid 5057] <... futex resumed>) = 0 [pid 5066] <... mprotect resumed>) = 0 [pid 5061] <... creat resumed>) = 4 [pid 5060] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5057] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5061] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5057] <... futex resumed>) = 0 [pid 5061] <... futex resumed>) = 1 [ 74.508785][ T5055] Remounting filesystem read-only [ 74.513020][ T5058] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=15) [ 74.517088][ T5055] NILFS (loop1): error -5 truncating bmap (ino=15) [ 74.523262][ T5069] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 74.542345][ T5058] Remounting filesystem read-only [ 74.547434][ T5058] NILFS (loop3): error -5 truncating bmap (ino=15) [pid 5060] rename("./bus", "./file1" [pid 5059] <... futex resumed>) = 0 [pid 5057] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5066] <... clone resumed>, parent_tid=[5071], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5071 [pid 5061] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5059] <... futex resumed>) = 0 [pid 5055] <... rename resumed>) = 0 [pid 5064] <... write resumed>) = 2097152 [pid 5055] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] munmap(0x7f0b31856000, 2097152 [pid 5055] <... futex resumed>) = 0 [pid 5064] <... munmap resumed>) = 0 [pid 5055] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] exit_group(0 [pid 5068] <... futex resumed>) = ? [pid 5066] <... futex resumed>) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5061] rename("./bus", "./file1" [pid 5059] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... futex resumed>) = ? [pid 5054] <... exit_group resumed>) = ? ./strace-static-x86_64: Process 5071 attached [pid 5068] +++ exited with 0 +++ [pid 5066] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5064] <... openat resumed>) = 4 [pid 5055] +++ exited with 0 +++ [pid 5054] +++ exited with 0 +++ [pid 5064] ioctl(4, LOOP_SET_FD, 3 [pid 4998] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5054, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 5071] set_robust_list(0x7f0b39c769e0, 24) = 0 [pid 4998] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4998] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 74.594345][ T5060] NILFS (loop5): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 74.607407][ T5061] NILFS (loop4): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 74.612593][ T5064] loop0: detected capacity change from 0 to 4096 [ 74.628253][ T5060] NILFS error (device loop5): nilfs_bmap_truncate: broken bmap (inode number=15) [pid 4998] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4998] getdents64(3, [pid 5071] memfd_create("syzkaller", 0 [pid 4998] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5071] <... memfd_create resumed>) = 3 [pid 5064] <... ioctl resumed>) = 0 [pid 5057] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4998] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4998] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4998] unlink("./2/binderfs" [pid 5071] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5064] close(3 [pid 5060] <... rename resumed>) = 0 [pid 5059] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5057] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... mmap resumed>) = 0x7f0b31856000 [pid 5064] <... close resumed>) = 0 [pid 5060] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] <... futex resumed>) = 0 [pid 4998] <... unlink resumed>) = 0 [pid 5064] mkdir("./file1", 0777 [pid 5061] <... rename resumed>) = 0 [pid 5060] <... futex resumed>) = 0 [pid 5059] <... futex resumed>) = 0 [pid 5058] <... rename resumed>) = 0 [pid 5057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [ 74.638315][ T5061] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=15) [ 74.653287][ T5060] Remounting filesystem read-only [ 74.658803][ T5061] Remounting filesystem read-only [ 74.658816][ T5060] NILFS (loop5): error -5 truncating bmap (ino=15) [ 74.664469][ T5061] NILFS (loop4): error -5 truncating bmap (ino=15) [pid 4998] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5071] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5064] <... mkdir resumed>) = 0 [pid 5061] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5058] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] <... mmap resumed>) = 0x7f0b31a35000 [pid 5056] exit_group(0 [pid 5070] <... futex resumed>) = ? [pid 5064] mount("/dev/loop0", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5059] <... mmap resumed>) = 0x7f0b31a35000 [pid 5057] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5056] <... exit_group resumed>) = ? [pid 5070] +++ exited with 0 +++ [pid 5061] <... futex resumed>) = 0 [pid 5059] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5058] <... futex resumed>) = ? [pid 5057] <... mprotect resumed>) = 0 [pid 5059] <... mprotect resumed>) = 0 [pid 5057] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5059] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5057] <... clone resumed>, parent_tid=[5072], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5072 [pid 5059] <... clone resumed>, parent_tid=[5073], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5073 [pid 5057] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5057] <... futex resumed>) = 0 [pid 5059] <... futex resumed>) = 0 [pid 5057] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5059] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5073 attached [pid 5073] set_robust_list(0x7f0b31a559e0, 24) = 0 [pid 5073] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE) = -1 EROFS (Read-only file system) [pid 5073] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = 0 [pid 5059] exit_group(0) = ? [pid 5073] <... futex resumed>) = ? [pid 5073] +++ exited with 0 +++ [pid 5058] +++ exited with 0 +++ [pid 5056] +++ exited with 0 +++ [pid 5061] +++ exited with 0 +++ [pid 5059] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5059, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- ./strace-static-x86_64: Process 5072 attached [pid 5000] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5056, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- [ 74.688181][ T4998] NILFS (loop1): discard dirty page: offset=0, ino=6 [ 74.695449][ T4998] NILFS (loop1): discard dirty block: blocknr=23, size=4096 [ 74.703596][ T4998] NILFS (loop1): discard dirty page: offset=4096, ino=6 [ 74.706237][ T5064] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 74.711923][ T4998] NILFS (loop1): discard dirty block: blocknr=24, size=4096 [pid 5072] set_robust_list(0x7f0b31a559e0, 24) = 0 [pid 5072] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5001] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5000] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5072] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5001] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5000] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5001] <... openat resumed>) = 3 [pid 5072] <... futex resumed>) = 1 [pid 5000] <... openat resumed>) = 3 [pid 5072] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5001] fstat(3, [pid 5000] fstat(3, [pid 5057] <... futex resumed>) = 0 [pid 5057] exit_group(0 [pid 5060] <... futex resumed>) = ? [pid 5057] <... exit_group resumed>) = ? [pid 5072] <... futex resumed>) = ? [pid 5060] +++ exited with 0 +++ [pid 5000] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5071] <... write resumed>) = 2097152 [pid 5071] munmap(0x7f0b31856000, 2097152 [pid 5072] +++ exited with 0 +++ [pid 5057] +++ exited with 0 +++ [pid 5001] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5057, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5000] getdents64(3, [pid 5001] getdents64(3, [pid 5002] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5000] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5002] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5001] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5000] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5002] <... openat resumed>) = 3 [pid 5002] fstat(3, [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5002] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] lstat("./2/binderfs", [pid 5002] getdents64(3, [pid 5000] lstat("./2/binderfs", [pid 5001] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5002] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5000] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5002] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] unlink("./2/binderfs" [pid 5000] unlink("./2/binderfs" [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5071] <... munmap resumed>) = 0 [pid 5002] lstat("./2/binderfs", [pid 5001] <... unlink resumed>) = 0 [pid 5000] <... unlink resumed>) = 0 [ 74.735520][ T5064] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 4096) [ 74.735808][ T4998] NILFS (loop1): discard dirty page: offset=8192, ino=6 [ 74.767251][ T5071] loop2: detected capacity change from 0 to 4096 [ 74.768468][ T5001] NILFS (loop4): discard dirty page: offset=0, ino=6 [ 74.781328][ T5000] NILFS (loop3): discard dirty page: offset=0, ino=6 [pid 5071] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5002] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5000] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5002] unlink("./2/binderfs" [pid 5071] <... openat resumed>) = 4 [pid 5002] <... unlink resumed>) = 0 [pid 5002] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5071] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5071] close(3) = 0 [pid 5071] mkdir("./file1", 0777) = 0 [pid 5071] mount("/dev/loop2", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5064] <... mount resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5064] chdir("./file1") = 0 [pid 5064] ioctl(4, LOOP_CLR_FD) = 0 [ 74.788467][ T5000] NILFS (loop3): discard dirty block: blocknr=23, size=4096 [ 74.797078][ T5002] NILFS (loop5): discard dirty page: offset=0, ino=6 [ 74.806008][ T5002] NILFS (loop5): discard dirty block: blocknr=23, size=4096 [ 74.813808][ T5071] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 74.814508][ T4998] NILFS (loop1): discard dirty block: blocknr=25, size=4096 [ 74.831969][ T5001] NILFS (loop4): discard dirty block: blocknr=23, size=4096 [pid 5064] close(4) = 0 [pid 5064] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] <... futex resumed>) = 0 [pid 5063] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5064] <... futex resumed>) = 0 [pid 5064] creat("./bus", 026 [ 74.841822][ T5000] NILFS (loop3): discard dirty page: offset=4096, ino=6 [ 74.844835][ T5074] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 74.849356][ T5002] NILFS (loop5): discard dirty page: offset=4096, ino=6 [ 74.867668][ T5001] NILFS (loop4): discard dirty page: offset=4096, ino=6 [ 74.876040][ T5000] NILFS (loop3): discard dirty block: blocknr=24, size=4096 [ 74.884540][ T5002] NILFS (loop5): discard dirty block: blocknr=24, size=4096 [pid 5063] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5063] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b31a35000 [pid 5063] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5075], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5075 [pid 5063] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5075 attached [pid 5064] <... creat resumed>) = 4 [pid 5064] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] set_robust_list(0x7f0b31a559e0, 24) = 0 [ 74.892440][ T5001] NILFS (loop4): discard dirty block: blocknr=24, size=4096 [ 74.901944][ T5000] NILFS (loop3): discard dirty page: offset=8192, ino=6 [ 74.912274][ T5071] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 4096) [ 74.919870][ T5002] NILFS (loop5): discard dirty page: offset=8192, ino=6 [ 74.929278][ T5001] NILFS (loop4): discard dirty page: offset=8192, ino=6 [ 74.938294][ T5000] NILFS (loop3): discard dirty block: blocknr=25, size=4096 [pid 5075] rename("./bus", "./file1" [pid 4998] <... umount2 resumed>) = 0 [pid 4998] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4998] lstat("./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4998] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5063] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4998] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5063] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] <... openat resumed>) = 4 [pid 5063] <... futex resumed>) = 1 [pid 5064] <... futex resumed>) = 0 [ 74.960766][ T5002] NILFS (loop5): discard dirty block: blocknr=25, size=4096 [ 74.969319][ T5075] NILFS (loop0): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 74.978627][ T5001] NILFS (loop4): discard dirty block: blocknr=25, size=4096 [ 74.998824][ T5075] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=15) [pid 5064] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE) = 5 [pid 5064] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5000] <... umount2 resumed>) = 0 [pid 4998] fstat(4, [pid 5063] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5000] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4998] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4998] getdents64(4, 0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 4998] getdents64(4, 0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5071] <... mount resumed>) = 0 [pid 4998] close(4) = 0 [pid 5071] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 4998] rmdir("./2/file1" [pid 5071] chdir("./file1" [pid 4998] <... rmdir resumed>) = 0 [pid 5071] <... chdir resumed>) = 0 [pid 4998] getdents64(3, [pid 5071] ioctl(4, LOOP_CLR_FD [pid 4998] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5071] <... ioctl resumed>) = 0 [pid 4998] close(3 [pid 5071] close(4 [pid 4998] <... close resumed>) = 0 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4998] rmdir("./2" [pid 5000] lstat("./2/file1", [pid 4998] <... rmdir resumed>) = 0 [pid 5000] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4998] mkdir("./3", 0777 [pid 5000] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4998] <... mkdir resumed>) = 0 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4998] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5000] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4998] <... openat resumed>) = 3 [ 75.012240][ T27] audit: type=1804 audit(1683463064.273:11): pid=5064 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor323" name="/root/syzkaller.SxEkc1/2/file1/file1" dev="loop0" ino=18 res=1 errno=0 [ 75.015852][ T5076] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5000] <... openat resumed>) = 4 [pid 4998] ioctl(3, LOOP_CLR_FD [pid 5000] fstat(4, [pid 4998] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5000] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4998] close(3 [pid 5000] getdents64(4, [pid 4998] <... close resumed>) = 0 [pid 5000] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 4998] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5071] <... close resumed>) = 0 [pid 5000] getdents64(4, [pid 5071] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5000] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 4998] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5077 [pid 5071] <... futex resumed>) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5000] close(4 [pid 5071] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5000] <... close resumed>) = 0 [pid 5071] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5066] <... futex resumed>) = 0 [pid 5000] rmdir("./2/file1"./strace-static-x86_64: Process 5077 attached [pid 5071] creat("./bus", 026 [pid 5066] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5000] <... rmdir resumed>) = 0 [pid 5077] set_robust_list(0x5555563d95e0, 24 [pid 5000] getdents64(3, [pid 5077] <... set_robust_list resumed>) = 0 [pid 5001] <... umount2 resumed>) = 0 [pid 5000] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [ 75.071156][ T5075] Remounting filesystem read-only [pid 5077] chdir("./3" [pid 5000] close(3 [pid 5077] <... chdir resumed>) = 0 [pid 5000] <... close resumed>) = 0 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5001] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5000] rmdir("./2" [pid 5077] <... prctl resumed>) = 0 [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5000] <... rmdir resumed>) = 0 [pid 5077] setpgid(0, 0 [pid 5001] lstat("./2/file1", [pid 5000] mkdir("./3", 0777 [pid 5077] <... setpgid resumed>) = 0 [pid 5001] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5000] <... mkdir resumed>) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5001] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5000] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5077] <... openat resumed>) = 3 [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5000] <... openat resumed>) = 3 [pid 5077] write(3, "1000", 4 [pid 5001] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5000] ioctl(3, LOOP_CLR_FD [pid 5077] <... write resumed>) = 4 [pid 5001] <... openat resumed>) = 4 [pid 5000] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5077] close(3 [pid 5001] fstat(4, [pid 5000] close(3 [pid 5077] <... close resumed>) = 0 [pid 5001] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5000] <... close resumed>) = 0 [pid 5077] symlink("/dev/binderfs", "./binderfs" [pid 5002] <... umount2 resumed>) = 0 [pid 5001] getdents64(4, [pid 5000] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5077] <... symlink resumed>) = 0 [pid 5001] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5077] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5001] getdents64(4, [pid 5000] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5079 [pid 5077] <... futex resumed>) = 0 [pid 5002] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5001] close(4 [pid 5077] <... mmap resumed>) = 0x7f0b39c56000 [pid 5002] lstat("./2/file1", [pid 5001] <... close resumed>) = 0 ./strace-static-x86_64: Process 5079 attached [pid 5077] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5075] <... rename resumed>) = 0 [pid 5002] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] rmdir("./2/file1" [pid 5079] set_robust_list(0x5555563d95e0, 24 [pid 5077] <... mprotect resumed>) = 0 [pid 5075] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] <... rmdir resumed>) = 0 [pid 5079] <... set_robust_list resumed>) = 0 [pid 5077] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5075] <... futex resumed>) = 0 [pid 5066] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5063] exit_group(0 [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5001] getdents64(3, [pid 5079] chdir("./3" [pid 5063] <... exit_group resumed>) = ? [pid 5001] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5079] <... chdir resumed>) = 0 [pid 5077] <... clone resumed>, parent_tid=[5080], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5080 [pid 5075] +++ exited with 0 +++ [pid 5001] close(3 [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5077] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5001] <... close resumed>) = 0 [pid 5079] <... prctl resumed>) = 0 [pid 5077] <... futex resumed>) = 0 [pid 5001] rmdir("./2" [pid 5079] setpgid(0, 0 [pid 5077] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5001] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 5080 attached [pid 5079] <... setpgid resumed>) = 0 [pid 5066] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = ? [pid 5002] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5001] mkdir("./3", 0777 [pid 5080] set_robust_list(0x7f0b39c769e0, 24 [pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5066] <... futex resumed>) = 0 [pid 5064] +++ exited with 0 +++ [pid 5063] +++ exited with 0 +++ [pid 5002] <... openat resumed>) = 4 [pid 5001] <... mkdir resumed>) = 0 [pid 5080] <... set_robust_list resumed>) = 0 [pid 5079] <... openat resumed>) = 3 [pid 5071] <... creat resumed>) = 4 [pid 5066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5002] fstat(4, [pid 5001] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5080] memfd_create("syzkaller", 0 [pid 5079] write(3, "1000", 4 [pid 5071] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... mmap resumed>) = 0x7f0b31a35000 [pid 5002] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] <... openat resumed>) = 3 [pid 4997] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5063, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [ 75.101135][ T5075] NILFS (loop0): error -5 truncating bmap (ino=15) [pid 5080] <... memfd_create resumed>) = 3 [pid 5079] <... write resumed>) = 4 [pid 5071] <... futex resumed>) = 0 [pid 5066] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5002] getdents64(4, [pid 5001] ioctl(3, LOOP_CLR_FD [pid 4997] restart_syscall(<... resuming interrupted clone ...> [pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5079] close(3 [pid 5071] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... mprotect resumed>) = 0 [pid 5002] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5001] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 4997] <... restart_syscall resumed>) = 0 [pid 5080] <... mmap resumed>) = 0x7f0b31856000 [pid 5079] <... close resumed>) = 0 [pid 5066] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5002] getdents64(4, [pid 5001] close(3 [pid 5079] symlink("/dev/binderfs", "./binderfs" [pid 5002] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5001] <... close resumed>) = 0 [pid 5079] <... symlink resumed>) = 0 [pid 5066] <... clone resumed>, parent_tid=[5081], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5081 [pid 5002] close(4 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4997] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5079] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] <... close resumed>) = 0 [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5081 attached [pid 5079] <... futex resumed>) = 0 [pid 5066] <... futex resumed>) = 0 [pid 5002] rmdir("./2/file1" [pid 5001] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5082 [pid 4997] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5081] set_robust_list(0x7f0b31a559e0, 24 [pid 5079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5066] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] <... rmdir resumed>) = 0 [pid 4997] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5082 attached [pid 5081] <... set_robust_list resumed>) = 0 [pid 5079] <... mmap resumed>) = 0x7f0b39c56000 [pid 5002] getdents64(3, [pid 4997] fstat(3, [pid 5082] set_robust_list(0x5555563d95e0, 24 [pid 5081] rename("./bus", "./file1" [pid 5079] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5002] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 4997] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] <... set_robust_list resumed>) = 0 [pid 5080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5079] <... mprotect resumed>) = 0 [pid 5002] close(3 [pid 4997] getdents64(3, [pid 5082] chdir("./3" [pid 5079] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5002] <... close resumed>) = 0 [pid 4997] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5082] <... chdir resumed>) = 0 [pid 5002] rmdir("./2" [pid 4997] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5079] <... clone resumed>, parent_tid=[5083], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5083 [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5082] <... prctl resumed>) = 0 [pid 5079] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] <... rmdir resumed>) = 0 [pid 4997] lstat("./2/binderfs", [pid 5082] setpgid(0, 0 [pid 5079] <... futex resumed>) = 0 [pid 5002] mkdir("./3", 0777 [pid 4997] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5082] <... setpgid resumed>) = 0 [pid 5079] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4997] unlink("./2/binderfs" [pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5002] <... mkdir resumed>) = 0 [pid 4997] <... unlink resumed>) = 0 [pid 5082] <... openat resumed>) = 3 [pid 5002] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 4997] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5083 attached [pid 5082] write(3, "1000", 4 [pid 5002] <... openat resumed>) = 3 [pid 5083] set_robust_list(0x7f0b39c769e0, 24 [pid 5082] <... write resumed>) = 4 [pid 5083] <... set_robust_list resumed>) = 0 [pid 5002] ioctl(3, LOOP_CLR_FD [pid 5083] memfd_create("syzkaller", 0 [pid 5082] close(3 [pid 5002] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5083] <... memfd_create resumed>) = 3 [pid 5082] <... close resumed>) = 0 [pid 5002] close(3 [pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b31856000 [pid 5082] symlink("/dev/binderfs", "./binderfs" [pid 5002] <... close resumed>) = 0 [pid 5082] <... symlink resumed>) = 0 [pid 5066] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 75.194876][ T5081] NILFS (loop2): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 75.213391][ T4997] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 75.229866][ T4997] NILFS (loop0): discard dirty block: blocknr=23, size=4096 [ 75.237674][ T4997] NILFS (loop0): discard dirty page: offset=4096, ino=6 [pid 5002] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5082] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5084 attached [pid 5082] <... futex resumed>) = 0 [pid 5080] <... write resumed>) = 2097152 [pid 5071] <... futex resumed>) = 0 [pid 5066] <... futex resumed>) = 1 [pid 5082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5071] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5066] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5084 [pid 5084] set_robust_list(0x5555563d95e0, 24 [pid 5071] <... open resumed>) = 5 [pid 5084] <... set_robust_list resumed>) = 0 [pid 5082] <... mmap resumed>) = 0x7f0b39c56000 [pid 5080] munmap(0x7f0b31856000, 2097152 [pid 5071] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] chdir("./3" [pid 5071] <... futex resumed>) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5082] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5084] <... chdir resumed>) = 0 [pid 5083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5080] <... munmap resumed>) = 0 [pid 5071] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] <... mprotect resumed>) = 0 [pid 5082] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5080] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5084] <... prctl resumed>) = 0 [pid 5082] <... clone resumed>, parent_tid=[5085], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5085 [pid 5084] setpgid(0, 0 [pid 5082] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5085 attached [pid 5084] <... setpgid resumed>) = 0 [pid 5082] <... futex resumed>) = 0 [pid 5080] <... openat resumed>) = 4 [pid 5085] set_robust_list(0x7f0b39c769e0, 24 [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5082] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5080] ioctl(4, LOOP_SET_FD, 3 [pid 5084] <... openat resumed>) = 3 [pid 5084] write(3, "1000", 4) = 4 [pid 5085] <... set_robust_list resumed>) = 0 [pid 5080] <... ioctl resumed>) = 0 [pid 5084] close(3) = 0 [pid 5084] symlink("/dev/binderfs", "./binderfs" [pid 5085] memfd_create("syzkaller", 0 [pid 5084] <... symlink resumed>) = 0 [ 75.247861][ T5081] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=15) [ 75.271910][ T5080] loop1: detected capacity change from 0 to 4096 [ 75.289875][ T4997] NILFS (loop0): discard dirty block: blocknr=24, size=4096 [pid 5080] close(3 [pid 5085] <... memfd_create resumed>) = 3 [pid 5084] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... close resumed>) = 0 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5084] <... futex resumed>) = 0 [pid 5080] mkdir("./file1", 0777 [pid 5085] <... mmap resumed>) = 0x7f0b31856000 [pid 5081] <... rename resumed>) = 0 [pid 5081] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5080] <... mkdir resumed>) = 0 [pid 5066] exit_group(0 [pid 5084] <... mmap resumed>) = 0x7f0b39c56000 [pid 5066] <... exit_group resumed>) = ? [pid 5071] <... futex resumed>) = ? [pid 5071] +++ exited with 0 +++ [pid 5081] <... futex resumed>) = ? [pid 5081] +++ exited with 0 +++ [pid 5084] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5080] mount("/dev/loop1", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5066] +++ exited with 0 +++ [pid 5084] <... mprotect resumed>) = 0 [pid 4999] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5066, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5084] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4999] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] <... clone resumed>, parent_tid=[5086], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5086 [pid 5084] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 4999] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] <... futex resumed>) = 0 [pid 4999] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5084] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4999] <... openat resumed>) = 3 [pid 4999] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4999] getdents64(3, 0x5555563da620 /* 4 entries */, 32768) = 112 [pid 4999] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4999] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4999] unlink("./2/binderfs" [pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 4999] <... unlink resumed>) = 0 [pid 5083] <... write resumed>) = 2097152 [pid 5083] munmap(0x7f0b31856000, 2097152) = 0 ./strace-static-x86_64: Process 5086 attached [ 75.290432][ T5081] Remounting filesystem read-only [ 75.298094][ T4997] NILFS (loop0): discard dirty page: offset=8192, ino=6 [ 75.303577][ T5081] NILFS (loop2): error -5 truncating bmap (ino=15) [ 75.324883][ T4997] NILFS (loop0): discard dirty block: blocknr=25, size=4096 [pid 5086] set_robust_list(0x7f0b39c769e0, 24) = 0 [pid 5086] memfd_create("syzkaller", 0) = 3 [pid 5083] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 4999] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5083] <... openat resumed>) = 4 [pid 5086] <... mmap resumed>) = 0x7f0b31856000 [pid 5083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5083] close(3) = 0 [pid 5083] mkdir("./file1", 0777) = 0 [ 75.342395][ T5080] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 75.354674][ T4999] NILFS (loop2): discard dirty page: offset=0, ino=6 [ 75.357603][ T5083] loop3: detected capacity change from 0 to 4096 [ 75.368624][ T4999] NILFS (loop2): discard dirty block: blocknr=23, size=4096 [ 75.378560][ T5080] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 4096) [pid 5083] mount("/dev/loop3", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5085] <... write resumed>) = 2097152 [pid 5085] munmap(0x7f0b31856000, 2097152) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5085] <... openat resumed>) = 4 [pid 5085] ioctl(4, LOOP_SET_FD, 3 [pid 5080] <... mount resumed>) = 0 [ 75.394178][ T4999] NILFS (loop2): discard dirty page: offset=4096, ino=6 [ 75.397873][ T5083] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 75.409324][ T4999] NILFS (loop2): discard dirty block: blocknr=24, size=4096 [ 75.426646][ T4999] NILFS (loop2): discard dirty page: offset=8192, ino=6 [ 75.435133][ T5087] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5085] <... ioctl resumed>) = 0 [pid 5080] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5080] chdir("./file1" [pid 5085] close(3 [pid 5080] <... chdir resumed>) = 0 [pid 5085] <... close resumed>) = 0 [pid 5080] ioctl(4, LOOP_CLR_FD [pid 5085] mkdir("./file1", 0777) = 0 [pid 5080] <... ioctl resumed>) = 0 [pid 5085] mount("/dev/loop4", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5080] close(4) = 0 [pid 5080] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 75.461019][ T5085] loop4: detected capacity change from 0 to 4096 [ 75.472235][ T4999] NILFS (loop2): discard dirty block: blocknr=25, size=4096 [ 75.491445][ T5085] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [pid 5080] creat("./bus", 026) = 4 [pid 5080] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5077] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4997] <... umount2 resumed>) = 0 [pid 5080] rename("./bus", "./file1" [pid 4997] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4997] lstat("./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4997] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4997] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] getdents64(4, 0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 4997] getdents64(4, 0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 4997] close(4) = 0 [pid 4997] rmdir("./2/file1") = 0 [pid 4997] getdents64(3, 0x5555563da620 /* 0 entries */, 32768) = 0 [pid 4997] close(3) = 0 [pid 4997] rmdir("./2") = 0 [pid 4997] mkdir("./3", 0777) = 0 [pid 4997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4997] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4997] close(3 [pid 5086] <... write resumed>) = 2097152 [pid 4997] <... close resumed>) = 0 [pid 5086] munmap(0x7f0b31856000, 2097152 [pid 4997] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5086] <... munmap resumed>) = 0 [pid 5077] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5077] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4997] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5088 [pid 5077] <... futex resumed>) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5086] <... openat resumed>) = 4 [pid 5077] <... mmap resumed>) = 0x7f0b31a35000 [ 75.505886][ T5083] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 4096) [ 75.520530][ T5085] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 4096) [ 75.534350][ T5080] NILFS (loop1): DAT doesn't have a block to manage vblocknr = 38040525340672 [pid 5086] ioctl(4, LOOP_SET_FD, 3 [pid 5077] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 5088 attached [pid 5077] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5089 attached [pid 5088] set_robust_list(0x5555563d95e0, 24 [pid 5089] set_robust_list(0x7f0b31a559e0, 24 [pid 5088] <... set_robust_list resumed>) = 0 [pid 5077] <... clone resumed>, parent_tid=[5089], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5089 [pid 5089] <... set_robust_list resumed>) = 0 [pid 5088] chdir("./3" [pid 5077] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 4999] <... umount2 resumed>) = 0 [pid 5089] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5088] <... chdir resumed>) = 0 [pid 5077] <... futex resumed>) = 0 [pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5077] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... prctl resumed>) = 0 [pid 5089] <... open resumed>) = 5 [pid 5088] setpgid(0, 0 [pid 4999] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5088] <... setpgid resumed>) = 0 [pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5088] write(3, "1000", 4) = 4 [pid 5088] close(3 [pid 5089] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... close resumed>) = 0 [ 75.584612][ T5080] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=15) [ 75.587673][ T5086] loop5: detected capacity change from 0 to 4096 [ 75.613987][ T5080] Remounting filesystem read-only [ 75.620943][ T5080] NILFS (loop1): error -5 truncating bmap (ino=15) [pid 5080] <... rename resumed>) = 0 [pid 4999] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5088] symlink("/dev/binderfs", "./binderfs" [pid 5083] <... mount resumed>) = 0 [pid 5088] <... symlink resumed>) = 0 [pid 5083] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5088] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... openat resumed>) = 3 [pid 5088] <... futex resumed>) = 0 [pid 5083] chdir("./file1" [pid 5088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5083] <... chdir resumed>) = 0 [pid 5088] <... mmap resumed>) = 0x7f0b39c56000 [pid 5083] ioctl(4, LOOP_CLR_FD [pid 5089] <... futex resumed>) = 1 [pid 5088] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5083] <... ioctl resumed>) = 0 [pid 5077] <... futex resumed>) = 0 [pid 4999] lstat("./2/file1", [pid 5080] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5088] <... mprotect resumed>) = 0 [pid 5085] <... mount resumed>) = 0 [pid 5083] close(4 [pid 5077] exit_group(0 [pid 5080] <... futex resumed>) = 0 [pid 4999] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5088] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5085] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5083] <... close resumed>) = 0 [pid 5085] <... openat resumed>) = 3 [pid 5089] <... futex resumed>) = ? [pid 5083] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... exit_group resumed>) = ? [pid 4999] umount2("./2/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5089] +++ exited with 0 +++ [pid 5088] <... clone resumed>, parent_tid=[5092], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5092 [pid 5085] chdir("./file1" [pid 5083] <... futex resumed>) = 1 [pid 5080] +++ exited with 0 +++ [pid 5079] <... futex resumed>) = 0 [pid 5088] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... chdir resumed>) = 0 [pid 5083] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] +++ exited with 0 +++ [pid 4999] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5088] <... futex resumed>) = 0 [pid 5085] ioctl(4, LOOP_CLR_FD [pid 5083] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5079] <... futex resumed>) = 0 [pid 4999] openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4998] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- ./strace-static-x86_64: Process 5092 attached [pid 5088] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5085] <... ioctl resumed>) = 0 [pid 5083] creat("./bus", 026 [pid 5079] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4999] <... openat resumed>) = 4 [pid 4998] restart_syscall(<... resuming interrupted clone ...> [pid 5092] set_robust_list(0x7f0b39c769e0, 24 [pid 5086] <... ioctl resumed>) = 0 [pid 5085] close(4 [pid 4998] <... restart_syscall resumed>) = 0 [pid 5086] close(3 [pid 5085] <... close resumed>) = 0 [pid 4999] fstat(4, [pid 5086] <... close resumed>) = 0 [pid 5085] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4999] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] mkdir("./file1", 0777 [pid 5085] <... futex resumed>) = 1 [pid 5082] <... futex resumed>) = 0 [pid 4999] getdents64(4, [pid 4998] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5092] <... set_robust_list resumed>) = 0 [pid 5086] <... mkdir resumed>) = 0 [pid 5085] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] <... creat resumed>) = 4 [pid 5082] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 4999] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5092] memfd_create("syzkaller", 0 [ 75.630562][ T5090] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 75.644249][ T5091] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5086] mount("/dev/loop5", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5083] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 4999] getdents64(4, [pid 4998] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5092] <... memfd_create resumed>) = 3 [pid 5085] creat("./bus", 026 [pid 5083] <... futex resumed>) = 1 [pid 5082] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... futex resumed>) = 0 [pid 4999] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 4998] <... openat resumed>) = 3 [pid 5092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5083] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 4999] close(4 [pid 4998] fstat(3, [pid 5092] <... mmap resumed>) = 0x7f0b31856000 [pid 5083] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5079] <... futex resumed>) = 0 [pid 4999] <... close resumed>) = 0 [pid 4998] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5083] rename("./bus", "./file1" [pid 5079] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4998] getdents64(3, 0x5555563da620 /* 4 entries */, 32768) = 112 [pid 4998] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4998] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4999] rmdir("./2/file1" [pid 4998] unlink("./3/binderfs" [pid 4999] <... rmdir resumed>) = 0 [pid 4998] <... unlink resumed>) = 0 [pid 5085] <... creat resumed>) = 4 [pid 4999] getdents64(3, [pid 4998] umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4999] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5092] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5085] <... futex resumed>) = 1 [pid 5082] <... futex resumed>) = 0 [pid 4999] close(3 [pid 5085] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 4999] <... close resumed>) = 0 [ 75.684330][ T5086] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 75.702676][ T5083] NILFS (loop3): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 75.716350][ T4998] NILFS (loop1): discard dirty page: offset=0, ino=6 [ 75.724309][ T4998] NILFS (loop1): discard dirty block: blocknr=23, size=4096 [pid 5085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] <... futex resumed>) = 0 [pid 4999] rmdir("./2" [pid 5085] rename("./bus", "./file1" [pid 5082] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4999] <... rmdir resumed>) = 0 [pid 4999] mkdir("./3", 0777 [pid 5079] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5079] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b31a35000 [pid 5079] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5079] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5093], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5093 [pid 5079] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4999] <... mkdir resumed>) = 0 [pid 4999] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [ 75.734484][ T5083] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=15) [ 75.749482][ T5085] NILFS (loop4): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 75.753031][ T5086] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 4096) [ 75.771357][ T4998] NILFS (loop1): discard dirty page: offset=4096, ino=6 [pid 4999] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5093 attached ) = -1 ENXIO (No such device or address) [pid 5093] set_robust_list(0x7f0b31a559e0, 24 [pid 5092] <... write resumed>) = 2097152 [pid 4999] close(3 [pid 5093] <... set_robust_list resumed>) = 0 [pid 5092] munmap(0x7f0b31856000, 2097152 [pid 4999] <... close resumed>) = 0 [pid 5093] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5092] <... munmap resumed>) = 0 [pid 5082] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4999] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5082] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5093] <... open resumed>) = 5 [pid 5082] <... futex resumed>) = 0 [pid 5082] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b31a35000 [pid 5082] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5093] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4999] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5094 [pid 5093] <... futex resumed>) = 0 [pid 5092] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5082] <... mprotect resumed>) = 0 [pid 5093] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] <... openat resumed>) = 4 [ 75.772357][ T5085] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=15) [ 75.780975][ T5083] Remounting filesystem read-only [ 75.795288][ T4998] NILFS (loop1): discard dirty block: blocknr=24, size=4096 [ 75.809828][ T5085] Remounting filesystem read-only [ 75.816562][ T5092] loop0: detected capacity change from 0 to 4096 [ 75.824200][ T5085] NILFS (loop4): error -5 truncating bmap (ino=15) [pid 5082] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5092] ioctl(4, LOOP_SET_FD, 3 [pid 5082] <... clone resumed>, parent_tid=[5095], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5095 [pid 5082] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5095 attached [pid 5095] set_robust_list(0x7f0b31a559e0, 24) = 0 [pid 5095] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE) = -1 EROFS (Read-only file system) [pid 5095] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5095] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5082] <... futex resumed>) = 1 [pid 5095] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) ./strace-static-x86_64: Process 5094 attached [pid 5092] <... ioctl resumed>) = 0 [pid 5085] <... rename resumed>) = 0 [pid 5094] set_robust_list(0x5555563d95e0, 24 [pid 5092] close(3 [pid 5085] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... set_robust_list resumed>) = 0 [pid 5092] <... close resumed>) = 0 [pid 5085] <... futex resumed>) = 0 [pid 5082] exit_group(0 [pid 5095] <... futex resumed>) = ? [pid 5094] chdir("./3" [pid 5092] mkdir("./file1", 0777 [pid 5082] <... exit_group resumed>) = ? [pid 5095] +++ exited with 0 +++ [pid 5094] <... chdir resumed>) = 0 [pid 5092] <... mkdir resumed>) = 0 [pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5092] mount("/dev/loop0", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5085] +++ exited with 0 +++ [pid 5082] +++ exited with 0 +++ [pid 5094] setpgid(0, 0) = 0 [pid 5086] <... mount resumed>) = 0 [pid 5083] <... rename resumed>) = 0 [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- [pid 5086] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5086] chdir("./file1") = 0 [pid 5086] ioctl(4, LOOP_CLR_FD) = 0 [pid 5086] close(4) = 0 [pid 5086] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 75.840294][ T5083] NILFS (loop3): error -5 truncating bmap (ino=15) [ 75.848533][ T4998] NILFS (loop1): discard dirty page: offset=8192, ino=6 [ 75.865921][ T5092] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 75.866197][ T4998] NILFS (loop1): discard dirty block: blocknr=25, size=4096 [pid 5086] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5084] <... futex resumed>) = 0 [pid 5083] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... openat resumed>) = 3 [pid 5084] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5094] write(3, "1000", 4 [pid 5079] exit_group(0 [pid 5094] <... write resumed>) = 4 [pid 5086] <... futex resumed>) = 0 [pid 5084] <... futex resumed>) = 1 [pid 5083] ???( [pid 5086] creat("./bus", 026 [pid 5079] <... exit_group resumed>) = ? [pid 5094] close(3 [pid 5093] <... futex resumed>) = ? [pid 5084] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... ??? resumed>) = ? [pid 5094] <... close resumed>) = 0 [pid 5093] +++ exited with 0 +++ [pid 5083] +++ exited with 0 +++ [pid 5079] +++ exited with 0 +++ [pid 5094] symlink("/dev/binderfs", "./binderfs" [pid 5001] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5000] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5094] <... symlink resumed>) = 0 [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5000] restart_syscall(<... resuming interrupted clone ...> [pid 5094] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5001] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5000] <... restart_syscall resumed>) = 0 [pid 5094] <... futex resumed>) = 0 [pid 5001] <... openat resumed>) = 3 [pid 5094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5001] fstat(3, [pid 5094] <... mmap resumed>) = 0x7f0b39c56000 [pid 5001] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5000] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5094] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5001] getdents64(3, [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5094] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5001] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [ 75.879583][ T5096] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5000] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5094] <... clone resumed>, parent_tid=[5097], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5097 [pid 5001] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5000] <... openat resumed>) = 3 [pid 5094] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5000] fstat(3, ./strace-static-x86_64: Process 5097 attached [pid 5097] set_robust_list(0x7f0b39c769e0, 24 [pid 5094] <... futex resumed>) = 0 [pid 5001] lstat("./3/binderfs", [pid 5000] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5094] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5001] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5000] getdents64(3, [pid 5097] <... set_robust_list resumed>) = 0 [pid 5001] unlink("./3/binderfs" [pid 5000] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5001] <... unlink resumed>) = 0 [pid 5000] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5000] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5000] unlink("./3/binderfs") = 0 [pid 5000] umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5097] memfd_create("syzkaller", 0) = 3 [pid 5084] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4998] <... umount2 resumed>) = 0 [pid 5084] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... creat resumed>) = 4 [pid 5086] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5086] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... futex resumed>) = 0 [pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b31a35000 [pid 5084] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5084] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5098], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5098 [pid 5097] <... mmap resumed>) = 0x7f0b31856000 [pid 5084] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 75.921992][ T5092] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 4096) [ 75.946952][ T5001] NILFS (loop4): discard dirty page: offset=0, ino=6 [ 75.955758][ T5000] NILFS (loop3): discard dirty page: offset=0, ino=6 [pid 5084] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5098 attached [pid 4998] umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5098] set_robust_list(0x7f0b31a559e0, 24 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5098] <... set_robust_list resumed>) = 0 [pid 4998] lstat("./3/file1", [pid 5098] rename("./bus", "./file1" [pid 4998] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4998] umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5084] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4998] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5084] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] <... openat resumed>) = 4 [pid 5086] <... futex resumed>) = 0 [pid 5084] <... futex resumed>) = 1 [pid 4998] fstat(4, [pid 5086] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE) = 5 [ 75.969475][ T5001] NILFS (loop4): discard dirty block: blocknr=23, size=4096 [ 75.987725][ T5098] NILFS (loop5): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 75.988207][ T5000] NILFS (loop3): discard dirty block: blocknr=23, size=4096 [ 76.002472][ T5098] NILFS error (device loop5): nilfs_bmap_truncate: broken bmap (inode number=15) [pid 5084] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4998] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5086] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5086] <... futex resumed>) = 0 [pid 5086] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4998] getdents64(4, [pid 5092] <... mount resumed>) = 0 [pid 5092] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5092] chdir("./file1") = 0 [pid 5092] ioctl(4, LOOP_CLR_FD) = 0 [pid 5092] close(4 [pid 4998] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5092] <... close resumed>) = 0 [pid 5092] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = 0 [pid 5088] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... futex resumed>) = 1 [pid 5092] creat("./bus", 026 [pid 4998] getdents64(4, 0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 4998] close(4) = 0 [pid 4998] rmdir("./3/file1") = 0 [pid 4998] getdents64(3, 0x5555563da620 /* 0 entries */, 32768) = 0 [pid 4998] close(3) = 0 [ 76.030232][ T5098] Remounting filesystem read-only [ 76.034616][ T5099] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 76.036041][ T5098] NILFS (loop5): error -5 truncating bmap (ino=15) [ 76.059833][ T5001] NILFS (loop4): discard dirty page: offset=4096, ino=6 [pid 4998] rmdir("./3" [pid 5098] <... rename resumed>) = 0 [pid 5097] <... write resumed>) = 2097152 [pid 4998] <... rmdir resumed>) = 0 [pid 5098] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] munmap(0x7f0b31856000, 2097152 [pid 5092] <... creat resumed>) = 4 [pid 5088] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5084] exit_group(0 [pid 4998] mkdir("./4", 0777 [pid 5092] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5088] <... futex resumed>) = 0 [pid 5092] rename("./bus", "./file1" [ 76.075578][ T5001] NILFS (loop4): discard dirty block: blocknr=24, size=4096 [ 76.075894][ T5000] NILFS (loop3): discard dirty page: offset=4096, ino=6 [ 76.084575][ T5000] NILFS (loop3): discard dirty block: blocknr=24, size=4096 [ 76.094209][ T5001] NILFS (loop4): discard dirty page: offset=8192, ino=6 [ 76.107011][ T5001] NILFS (loop4): discard dirty block: blocknr=25, size=4096 [ 76.114051][ T5000] NILFS (loop3): discard dirty page: offset=8192, ino=6 [pid 5088] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] <... futex resumed>) = ? [pid 5097] <... munmap resumed>) = 0 [pid 5086] <... futex resumed>) = ? [pid 5084] <... exit_group resumed>) = ? [pid 4998] <... mkdir resumed>) = 0 [pid 5086] +++ exited with 0 +++ [pid 5098] +++ exited with 0 +++ [pid 5097] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5084] +++ exited with 0 +++ [pid 5001] <... umount2 resumed>) = 0 [pid 4998] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5097] <... openat resumed>) = 4 [pid 4998] <... openat resumed>) = 3 [pid 5097] ioctl(4, LOOP_SET_FD, 3 [pid 4998] ioctl(3, LOOP_CLR_FD [pid 5001] umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5002] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 4998] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5088] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5088] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b31a35000 [pid 5088] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE) = 0 [ 76.122532][ T5092] NILFS (loop0): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 76.139300][ T5092] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=15) [ 76.151430][ T5000] NILFS (loop3): discard dirty block: blocknr=25, size=4096 [ 76.152204][ T5097] loop2: detected capacity change from 0 to 4096 [pid 5088] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5002] restart_syscall(<... resuming interrupted clone ...> [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4998] close(3 [pid 5002] <... restart_syscall resumed>) = 0 [pid 5001] lstat("./3/file1", [pid 5088] <... clone resumed>, parent_tid=[5100], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5100 [pid 4998] <... close resumed>) = 0 [pid 5088] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4998] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5001] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5002] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5001] umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4998] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5101 [pid 5002] <... openat resumed>) = 3 [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5100 attached [pid 5100] set_robust_list(0x7f0b31a559e0, 24) = 0 [pid 5100] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5002] fstat(3, [pid 5001] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5100] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5001] <... openat resumed>) = 4 [pid 5002] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5100] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = 0 [pid 5100] <... futex resumed>) = 1 [pid 5002] getdents64(3, [pid 5001] fstat(4, [pid 5100] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5002] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5001] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] getdents64(4, ./strace-static-x86_64: Process 5101 attached [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5001] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5002] lstat("./3/binderfs", [pid 5001] getdents64(4, [pid 5101] set_robust_list(0x5555563d95e0, 24 [pid 5097] <... ioctl resumed>) = 0 [pid 5002] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5101] <... set_robust_list resumed>) = 0 [pid 5101] chdir("./4" [pid 5097] close(3 [pid 5002] unlink("./3/binderfs" [pid 5001] close(4 [pid 5101] <... chdir resumed>) = 0 [pid 5101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5002] <... unlink resumed>) = 0 [pid 5101] setpgid(0, 0 [pid 5097] <... close resumed>) = 0 [pid 5002] umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] <... close resumed>) = 0 [pid 5101] <... setpgid resumed>) = 0 [pid 5101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5097] mkdir("./file1", 0777 [pid 5001] rmdir("./3/file1" [pid 5101] <... openat resumed>) = 3 [pid 5000] <... umount2 resumed>) = 0 [pid 5101] write(3, "1000", 4) = 4 [pid 5101] close(3) = 0 [pid 5101] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5001] <... rmdir resumed>) = 0 [pid 5101] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5001] getdents64(3, [pid 5101] <... futex resumed>) = 0 [pid 5001] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5001] close(3 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5001] <... close resumed>) = 0 [pid 5101] <... mmap resumed>) = 0x7f0b39c56000 [pid 5001] rmdir("./3" [pid 5101] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5101] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5001] <... rmdir resumed>) = 0 [pid 5001] mkdir("./4", 0777 [pid 5101] <... clone resumed>, parent_tid=[5102], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5102 [pid 5000] umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5101] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5101] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5001] <... mkdir resumed>) = 0 [pid 5000] lstat("./3/file1", [pid 5001] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5000] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5102 attached [pid 5000] umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5102] set_robust_list(0x7f0b39c769e0, 24 [pid 5001] ioctl(3, LOOP_CLR_FD [pid 5102] <... set_robust_list resumed>) = 0 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 76.183626][ T5092] Remounting filesystem read-only [ 76.188743][ T5092] NILFS (loop0): error -5 truncating bmap (ino=15) [ 76.215547][ T5002] NILFS (loop5): discard dirty page: offset=0, ino=6 [pid 5102] memfd_create("syzkaller", 0 [pid 5097] <... mkdir resumed>) = 0 [pid 5001] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5000] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5102] <... memfd_create resumed>) = 3 [pid 5000] <... openat resumed>) = 4 [pid 5102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5000] fstat(4, [pid 5102] <... mmap resumed>) = 0x7f0b31856000 [pid 5000] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5097] mount("/dev/loop2", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5001] close(3 [pid 5000] getdents64(4, [pid 5092] <... rename resumed>) = 0 [pid 5001] <... close resumed>) = 0 [pid 5000] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5092] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5000] getdents64(4, [pid 5092] <... futex resumed>) = 0 [pid 5000] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5092] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5000] close(4) = 0 [pid 5000] rmdir("./3/file1" [pid 5088] exit_group(0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5100] <... futex resumed>) = ? [pid 5092] <... futex resumed>) = ? [pid 5088] <... exit_group resumed>) = ? [pid 5100] +++ exited with 0 +++ [pid 5092] +++ exited with 0 +++ [pid 5088] +++ exited with 0 +++ [pid 5000] <... rmdir resumed>) = 0 [pid 5000] getdents64(3, [pid 5001] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5103 [pid 5000] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 4997] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5088, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5000] close(3) = 0 [pid 5000] rmdir("./3") = 0 [pid 5000] mkdir("./4", 0777) = 0 [pid 4997] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4997] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5000] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 4997] <... openat resumed>) = 3 [pid 5000] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4997] fstat(3, [pid 5000] close(3) = 0 [pid 4997] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5000] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5102] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5000] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5104 [pid 4997] getdents64(3, ./strace-static-x86_64: Process 5104 attached [pid 5104] set_robust_list(0x5555563d95e0, 24 [pid 4997] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 4997] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5104] <... set_robust_list resumed>) = 0 [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] lstat("./3/binderfs", [pid 5104] chdir("./4" [pid 4997] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4997] unlink("./3/binderfs" [pid 5104] <... chdir resumed>) = 0 [pid 5104] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 4997] <... unlink resumed>) = 0 [pid 4997] umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5104] <... prctl resumed>) = 0 [pid 5104] setpgid(0, 0) = 0 [ 76.235845][ T5002] NILFS (loop5): discard dirty block: blocknr=23, size=4096 [ 76.257494][ T5097] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 76.275264][ T5002] NILFS (loop5): discard dirty page: offset=4096, ino=6 ./strace-static-x86_64: Process 5103 attached [pid 5104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5104] write(3, "1000", 4) = 4 [pid 5104] close(3) = 0 [pid 5104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5104] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b39c56000 [pid 5104] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5104] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5105], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5105 [pid 5104] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5104] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5103] set_robust_list(0x5555563d95e0, 24) = 0 [pid 5103] chdir("./4"./strace-static-x86_64: Process 5105 attached [pid 5105] set_robust_list(0x7f0b39c769e0, 24) = 0 [pid 5105] memfd_create("syzkaller", 0 [pid 5103] <... chdir resumed>) = 0 [pid 5105] <... memfd_create resumed>) = 3 [pid 5105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b31856000 [pid 5103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5103] setpgid(0, 0) = 0 [pid 5103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5103] write(3, "1000", 4) = 4 [pid 5103] close(3) = 0 [pid 5103] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5103] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 76.282754][ T4997] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 76.300459][ T5097] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 4096) [ 76.304694][ T4997] NILFS (loop0): discard dirty block: blocknr=23, size=4096 [ 76.311308][ T5002] NILFS (loop5): discard dirty block: blocknr=24, size=4096 [pid 5103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b39c56000 [pid 5103] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5103] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5107], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5107 [pid 5097] <... mount resumed>) = 0 ./strace-static-x86_64: Process 5107 attached [pid 5103] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5097] chdir("./file1") = 0 [pid 5097] ioctl(4, LOOP_CLR_FD) = 0 [pid 5097] close(4) = 0 [pid 5097] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] set_robust_list(0x7f0b39c769e0, 24 [pid 5103] <... futex resumed>) = 0 [pid 5107] <... set_robust_list resumed>) = 0 [pid 5103] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] memfd_create("syzkaller", 0 [pid 5097] <... futex resumed>) = 0 [pid 5094] <... futex resumed>) = 1 [pid 5107] <... memfd_create resumed>) = 3 [pid 5097] creat("./bus", 026 [pid 5094] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b31856000 [pid 5102] <... write resumed>) = 2097152 [pid 5102] munmap(0x7f0b31856000, 2097152 [pid 5097] <... creat resumed>) = 4 [pid 5102] <... munmap resumed>) = 0 [pid 5097] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5094] <... futex resumed>) = 0 [pid 5105] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5097] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5094] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5094] <... futex resumed>) = 0 [pid 5097] rename("./bus", "./file1" [ 76.344154][ T5002] NILFS (loop5): discard dirty page: offset=8192, ino=6 [ 76.356213][ T5106] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 76.360044][ T4997] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 76.367798][ T5002] NILFS (loop5): discard dirty block: blocknr=25, size=4096 [pid 5094] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5107] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5102] <... openat resumed>) = 4 [pid 5102] ioctl(4, LOOP_SET_FD, 3) = 0 [ 76.415391][ T5097] NILFS (loop2): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 76.441007][ T5102] loop1: detected capacity change from 0 to 4096 [ 76.450134][ T5097] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=15) [pid 5094] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5094] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b31a35000 [pid 5094] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5094] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5108], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5108 [pid 5094] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5108 attached [pid 5108] set_robust_list(0x7f0b31a559e0, 24) = 0 [pid 5108] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE) = 5 [pid 5108] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = 0 [pid 5108] <... futex resumed>) = 1 [pid 5108] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] close(3) = 0 [pid 5102] mkdir("./file1", 0777) = 0 [pid 5102] mount("/dev/loop1", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5002] <... umount2 resumed>) = 0 [ 76.463953][ T4997] NILFS (loop0): discard dirty block: blocknr=24, size=4096 [ 76.494407][ T5102] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 76.495589][ T4997] NILFS (loop0): discard dirty page: offset=8192, ino=6 [pid 5002] umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5107] <... write resumed>) = 2097152 [pid 5107] munmap(0x7f0b31856000, 2097152 [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5107] <... munmap resumed>) = 0 [pid 5002] lstat("./3/file1", [pid 5107] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5002] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5107] <... openat resumed>) = 4 [pid 5002] umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5107] ioctl(4, LOOP_SET_FD, 3 [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5002] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5105] <... write resumed>) = 2097152 [pid 5105] munmap(0x7f0b31856000, 2097152 [pid 5002] <... openat resumed>) = 4 [pid 5002] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] getdents64(4, 0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5002] getdents64(4, [pid 5105] <... munmap resumed>) = 0 [pid 5002] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5107] <... ioctl resumed>) = 0 [pid 5105] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5002] close(4 [pid 4997] <... umount2 resumed>) = 0 [pid 5105] <... openat resumed>) = 4 [pid 5107] close(3 [pid 5105] ioctl(4, LOOP_SET_FD, 3 [pid 5002] <... close resumed>) = 0 [ 76.513293][ T5097] Remounting filesystem read-only [ 76.518347][ T4997] NILFS (loop0): discard dirty block: blocknr=25, size=4096 [ 76.534236][ T5107] loop4: detected capacity change from 0 to 4096 [ 76.545071][ T5102] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 4096) [pid 4997] umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5107] <... close resumed>) = 0 [pid 5002] rmdir("./3/file1" [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5107] mkdir("./file1", 0777 [pid 5105] <... ioctl resumed>) = 0 [pid 5002] <... rmdir resumed>) = 0 [pid 4997] lstat("./3/file1", [pid 5097] <... rename resumed>) = 0 [pid 5107] <... mkdir resumed>) = 0 [pid 5097] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] getdents64(3, [pid 4997] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5094] exit_group(0 [pid 5107] mount("/dev/loop4", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5105] close(3 [pid 5002] close(3 [pid 4997] umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5002] <... close resumed>) = 0 [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5002] rmdir("./3" [pid 5108] <... futex resumed>) = ? [pid 5094] <... exit_group resumed>) = ? [pid 5108] +++ exited with 0 +++ [pid 4997] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5097] <... futex resumed>) = ? [pid 5002] <... rmdir resumed>) = 0 [pid 4997] <... openat resumed>) = 4 [pid 5002] mkdir("./4", 0777 [pid 4997] fstat(4, [pid 5105] <... close resumed>) = 0 [pid 4997] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] <... mkdir resumed>) = 0 [pid 4997] getdents64(4, [pid 5105] mkdir("./file1", 0777 [pid 4997] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5105] <... mkdir resumed>) = 0 [pid 5002] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 4997] getdents64(4, [pid 5097] +++ exited with 0 +++ [pid 5094] +++ exited with 0 +++ [pid 5002] <... openat resumed>) = 3 [pid 5002] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5002] close(3) = 0 [pid 5002] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563d95d0) = 5109 [pid 5105] mount("/dev/loop3", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 4997] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 4999] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5094, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 4997] close(4./strace-static-x86_64: Process 5109 attached [pid 5109] set_robust_list(0x5555563d95e0, 24) = 0 [ 76.567361][ T5105] loop3: detected capacity change from 0 to 4096 [ 76.575352][ T5097] NILFS (loop2): error -5 truncating bmap (ino=15) [ 76.593553][ T5107] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [pid 5109] chdir("./4" [pid 4997] <... close resumed>) = 0 [pid 4997] rmdir("./3/file1" [pid 4999] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4997] <... rmdir resumed>) = 0 [pid 5109] <... chdir resumed>) = 0 [pid 5109] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4999] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4997] getdents64(3, [pid 5109] setpgid(0, 0) = 0 [pid 4999] <... openat resumed>) = 3 [pid 4997] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5109] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 4999] fstat(3, [pid 4997] close(3 [pid 4999] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5109] <... openat resumed>) = 3 [pid 4997] <... close resumed>) = 0 [pid 4999] getdents64(3, [pid 5109] write(3, "1000", 4 [pid 4999] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 4997] rmdir("./3" [pid 5109] <... write resumed>) = 4 [pid 5102] <... mount resumed>) = 0 [pid 4999] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5109] close(3 [pid 5102] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 4999] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] <... rmdir resumed>) = 0 [pid 5109] <... close resumed>) = 0 [pid 5102] <... openat resumed>) = 3 [pid 5109] symlink("/dev/binderfs", "./binderfs" [pid 5102] chdir("./file1" [pid 5109] <... symlink resumed>) = 0 [pid 5102] <... chdir resumed>) = 0 [pid 5109] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] ioctl(4, LOOP_CLR_FD [pid 5109] <... futex resumed>) = 0 [pid 5102] <... ioctl resumed>) = 0 [pid 5109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5102] close(4 [pid 5109] <... mmap resumed>) = 0x7f0b39c56000 [pid 5102] <... close resumed>) = 0 [pid 4999] lstat("./3/binderfs", [pid 4997] mkdir("./4", 0777 [pid 5109] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5102] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4999] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5109] <... mprotect resumed>) = 0 [pid 5102] <... futex resumed>) = 1 [pid 5101] <... futex resumed>) = 0 [pid 4999] unlink("./3/binderfs" [pid 4997] <... mkdir resumed>) = 0 [pid 5109] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [ 76.611696][ T5105] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 76.637130][ T5110] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 76.651387][ T5107] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 4096) [pid 5102] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5101] <... futex resumed>) = 0 [pid 4999] <... unlink resumed>) = 0 [pid 4997] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5109] <... clone resumed>, parent_tid=[5111], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5111 [pid 5102] creat("./bus", 026 [pid 5101] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5111 attached [pid 5111] set_robust_list(0x7f0b39c769e0, 24) = 0 [pid 5111] memfd_create("syzkaller", 0 [pid 4999] umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5111] <... memfd_create resumed>) = 3 [pid 4997] <... openat resumed>) = 3 [pid 5111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b31856000 [pid 4997] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5102] <... creat resumed>) = 4 [pid 4997] close(3 [pid 5102] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5101] <... futex resumed>) = 0 [pid 4997] <... close resumed>) = 0 [pid 5102] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5101] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5101] <... futex resumed>) = 0 [ 76.667932][ T5105] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 4096) [ 76.681394][ T4999] NILFS (loop2): discard dirty page: offset=0, ino=6 [ 76.688421][ T4999] NILFS (loop2): discard dirty block: blocknr=23, size=4096 [ 76.703215][ T4999] NILFS (loop2): discard dirty page: offset=4096, ino=6 [pid 5102] rename("./bus", "./file1" [pid 5101] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4997] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563d95d0) = 5112 ./strace-static-x86_64: Process 5112 attached [pid 5112] set_robust_list(0x5555563d95e0, 24) = 0 [pid 5112] chdir("./4") = 0 [pid 5112] prctl(PR_SET_PDEATHSIG, SIGKILL [ 76.708915][ T5102] NILFS (loop1): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 76.720096][ T5102] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=15) [ 76.723060][ T4999] NILFS (loop2): discard dirty block: blocknr=24, size=4096 [pid 5111] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5112] <... prctl resumed>) = 0 [pid 5112] setpgid(0, 0) = 0 [pid 5105] <... mount resumed>) = 0 [pid 5112] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5112] write(3, "1000", 4) = 4 [pid 5112] close(3) = 0 [pid 5105] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5101] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5112] symlink("/dev/binderfs", "./binderfs" [pid 5101] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... symlink resumed>) = 0 [pid 5101] <... futex resumed>) = 0 [pid 5112] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... openat resumed>) = 3 [pid 5101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5112] <... futex resumed>) = 0 [pid 5107] <... mount resumed>) = 0 [pid 5101] <... mmap resumed>) = 0x7f0b31a35000 [pid 5112] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5107] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5101] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5112] <... mmap resumed>) = 0x7f0b39c56000 [pid 5107] <... openat resumed>) = 3 [pid 5105] chdir("./file1" [pid 5102] <... rename resumed>) = 0 [pid 5101] <... mprotect resumed>) = 0 [pid 5112] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [ 76.768066][ T5114] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 76.782436][ T5102] Remounting filesystem read-only [ 76.787784][ T5113] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 76.798712][ T5102] NILFS (loop1): error -5 truncating bmap (ino=15) [ 76.807043][ T4999] NILFS (loop2): discard dirty page: offset=8192, ino=6 [pid 5107] chdir("./file1" [pid 5101] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5112] <... mprotect resumed>) = 0 [pid 5107] <... chdir resumed>) = 0 [pid 5112] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5107] ioctl(4, LOOP_CLR_FD [pid 5101] <... clone resumed>, parent_tid=[5115], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5115 [pid 5107] <... ioctl resumed>) = 0 [pid 5105] <... chdir resumed>) = 0 [pid 5102] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... clone resumed>, parent_tid=[5116], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5116 [pid 5107] close(4 [pid 5105] ioctl(4, LOOP_CLR_FD [pid 5102] <... futex resumed>) = 0 [pid 5101] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5115 attached [pid 5112] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... close resumed>) = 0 [pid 5101] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5116 attached [pid 5115] set_robust_list(0x7f0b31a559e0, 24 [pid 5112] <... futex resumed>) = 0 [pid 5107] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... ioctl resumed>) = 0 [pid 5102] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] set_robust_list(0x7f0b39c769e0, 24 [pid 5115] <... set_robust_list resumed>) = 0 [pid 5112] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5107] <... futex resumed>) = 1 [pid 5105] close(4 [pid 5103] <... futex resumed>) = 0 [pid 5116] <... set_robust_list resumed>) = 0 [pid 5115] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5107] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] <... close resumed>) = 0 [pid 5103] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] memfd_create("syzkaller", 0 [pid 5115] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5107] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5105] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5116] <... memfd_create resumed>) = 3 [pid 5115] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] creat("./bus", 026 [pid 5105] <... futex resumed>) = 1 [pid 5104] <... futex resumed>) = 0 [pid 5103] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 76.815088][ T4999] NILFS (loop2): discard dirty block: blocknr=25, size=4096 [pid 5116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5115] <... futex resumed>) = 1 [pid 5111] <... write resumed>) = 2097152 [pid 5104] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] <... futex resumed>) = 0 [pid 5105] creat("./bus", 026 [pid 5116] <... mmap resumed>) = 0x7f0b31856000 [pid 5107] <... creat resumed>) = 4 [pid 5115] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] <... futex resumed>) = 0 [pid 5101] exit_group(0 [pid 5107] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = ? [pid 5107] <... futex resumed>) = 1 [pid 5104] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... futex resumed>) = 0 [pid 5102] <... futex resumed>) = ? [pid 5101] <... exit_group resumed>) = ? [pid 5103] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] +++ exited with 0 +++ [pid 5103] <... futex resumed>) = 0 [pid 5103] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] +++ exited with 0 +++ [pid 5107] rename("./bus", "./file1" [pid 5101] +++ exited with 0 +++ [pid 4998] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5101, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=9 /* 0.09 s */} --- [pid 4998] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4998] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4998] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4998] getdents64(3, 0x5555563da620 /* 4 entries */, 32768) = 112 [pid 4998] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4998] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4998] unlink("./4/binderfs") = 0 [pid 4998] umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5111] munmap(0x7f0b31856000, 2097152 [pid 5105] <... creat resumed>) = 4 [pid 4999] <... umount2 resumed>) = 0 [pid 5105] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5103] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5105] <... futex resumed>) = 0 [pid 5103] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5103] <... futex resumed>) = 0 [pid 5111] <... munmap resumed>) = 0 [pid 5104] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [ 76.875273][ T5107] NILFS (loop4): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 76.890963][ T4998] NILFS (loop1): discard dirty page: offset=0, ino=6 [ 76.896417][ T5107] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=15) [ 76.897701][ T4998] NILFS (loop1): discard dirty block: blocknr=23, size=4096 [ 76.920394][ T5107] Remounting filesystem read-only [pid 5103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b31a35000 [pid 5111] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5105] <... futex resumed>) = 0 [pid 5104] <... futex resumed>) = 1 [pid 5103] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 4999] umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5111] <... openat resumed>) = 4 [pid 5105] rename("./bus", "./file1" [pid 5104] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... mprotect resumed>) = 0 [pid 5116] <... write resumed>) = 2097152 [pid 5111] ioctl(4, LOOP_SET_FD, 3 [pid 5107] <... rename resumed>) = 0 [pid 5103] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4999] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5116] munmap(0x7f0b31856000, 2097152 [pid 5103] <... clone resumed>, parent_tid=[5117], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5117 [pid 5103] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5117 attached [pid 5117] set_robust_list(0x7f0b31a559e0, 24) = 0 [pid 5117] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE) = -1 EROFS (Read-only file system) [pid 5117] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5117] <... futex resumed>) = 1 [pid 5117] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5107] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4999] lstat("./3/file1", [pid 5103] exit_group(0 [pid 5117] <... futex resumed>) = ? [pid 5103] <... exit_group resumed>) = ? [pid 5117] +++ exited with 0 +++ [ 76.929553][ T5107] NILFS (loop4): error -5 truncating bmap (ino=15) [ 76.941294][ T5105] NILFS (loop3): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 76.949709][ T4998] NILFS (loop1): discard dirty page: offset=4096, ino=6 [ 76.957537][ T4998] NILFS (loop1): discard dirty block: blocknr=24, size=4096 [ 76.966512][ T5111] loop5: detected capacity change from 0 to 4096 [pid 5116] <... munmap resumed>) = 0 [pid 5111] <... ioctl resumed>) = 0 [pid 5107] <... futex resumed>) = ? [pid 4999] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5107] +++ exited with 0 +++ [pid 5111] close(3 [pid 5103] +++ exited with 0 +++ [pid 4999] umount2("./3/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5116] <... openat resumed>) = 4 [pid 5111] <... close resumed>) = 0 [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5103, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 4999] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5111] mkdir("./file1", 0777 [pid 5116] ioctl(4, LOOP_SET_FD, 3 [pid 4999] openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5111] <... mkdir resumed>) = 0 [pid 4999] <... openat resumed>) = 4 [pid 5111] mount("/dev/loop5", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 4999] fstat(4, [pid 5104] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5104] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4999] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5104] <... futex resumed>) = 0 [pid 5104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5001] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5104] <... mmap resumed>) = 0x7f0b31a35000 [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4999] getdents64(4, [pid 5104] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5116] <... ioctl resumed>) = 0 [pid 5104] <... mprotect resumed>) = 0 [pid 5001] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4999] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 4998] <... umount2 resumed>) = 0 [pid 5116] close(3 [pid 5104] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5001] <... openat resumed>) = 3 [pid 4999] getdents64(4, [pid 4998] umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5116] <... close resumed>) = 0 [pid 5001] fstat(3, [pid 4999] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5116] mkdir("./file1", 0777 [pid 5104] <... clone resumed>, parent_tid=[5118], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5118 [ 76.976291][ T5105] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=15) [ 76.988975][ T4998] NILFS (loop1): discard dirty page: offset=8192, ino=6 [ 76.999942][ T4998] NILFS (loop1): discard dirty block: blocknr=25, size=4096 [ 77.000789][ T5116] loop0: detected capacity change from 0 to 4096 [ 77.018497][ T5111] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [pid 5001] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4999] close(4 [pid 4998] lstat("./4/file1", [pid 5116] <... mkdir resumed>) = 0 [pid 5104] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5118 attached [pid 5118] set_robust_list(0x7f0b31a559e0, 24) = 0 [pid 5118] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE) = -1 EROFS (Read-only file system) [pid 5118] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5001] getdents64(3, [pid 5118] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4999] <... close resumed>) = 0 [pid 4998] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5116] mount("/dev/loop0", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5104] <... futex resumed>) = 1 [pid 5001] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5118] <... futex resumed>) = 0 [pid 5118] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 4999] rmdir("./3/file1" [pid 4998] umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5105] <... rename resumed>) = 0 [pid 5105] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4999] <... rmdir resumed>) = 0 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5104] exit_group(0 [pid 4998] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5104] <... exit_group resumed>) = ? [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5118] <... futex resumed>) = ? [pid 4998] <... openat resumed>) = 4 [pid 5118] +++ exited with 0 +++ [pid 5001] lstat("./4/binderfs", [pid 4998] fstat(4, [pid 4999] getdents64(3, [pid 5105] <... futex resumed>) = ? [pid 5001] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4998] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] unlink("./4/binderfs" [pid 4999] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 4998] getdents64(4, [pid 5105] +++ exited with 0 +++ [pid 5104] +++ exited with 0 +++ [pid 5001] <... unlink resumed>) = 0 [pid 5000] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5104, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 4998] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 4999] close(3 [pid 5001] umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5000] restart_syscall(<... resuming interrupted clone ...> [pid 4998] getdents64(4, [pid 4999] <... close resumed>) = 0 [pid 5000] <... restart_syscall resumed>) = 0 [pid 4998] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 4999] rmdir("./3" [pid 4998] close(4 [pid 4999] <... rmdir resumed>) = 0 [pid 5000] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4999] mkdir("./4", 0777 [pid 4998] <... close resumed>) = 0 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4998] rmdir("./4/file1" [pid 5000] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4998] <... rmdir resumed>) = 0 [pid 5000] <... openat resumed>) = 3 [pid 5000] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4999] <... mkdir resumed>) = 0 [pid 5000] getdents64(3, [pid 4998] getdents64(3, [pid 5000] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 4999] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5000] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4998] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4999] <... openat resumed>) = 3 [pid 5000] lstat("./4/binderfs", [pid 4998] close(3 [pid 5000] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4999] ioctl(3, LOOP_CLR_FD [pid 5000] unlink("./4/binderfs") = 0 [pid 4999] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 4998] <... close resumed>) = 0 [pid 5000] umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4998] rmdir("./4" [ 77.040050][ T5105] Remounting filesystem read-only [ 77.040871][ T5111] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 4096) [ 77.045202][ T5105] NILFS (loop3): error -5 truncating bmap (ino=15) [ 77.074087][ T5116] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [pid 4999] close(3) = 0 [pid 4998] <... rmdir resumed>) = 0 [pid 5111] <... mount resumed>) = 0 [pid 4999] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4998] mkdir("./5", 0777 [pid 5111] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 4998] <... mkdir resumed>) = 0 [pid 4999] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5120 [pid 4998] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 4998] ioctl(3, LOOP_CLR_FD [pid 5111] <... openat resumed>) = 3 [pid 4998] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 4998] close(3) = 0 [pid 4998] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563d95d0) = 5121 ./strace-static-x86_64: Process 5120 attached [pid 5120] set_robust_list(0x5555563d95e0, 24) = 0 [pid 5120] chdir("./4" [pid 5111] chdir("./file1" [pid 5120] <... chdir resumed>) = 0 [pid 5111] <... chdir resumed>) = 0 [pid 5120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5120] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 5121 attached [pid 5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5121] set_robust_list(0x5555563d95e0, 24 [pid 5120] <... openat resumed>) = 3 [ 77.097270][ T5119] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 77.108585][ T5001] NILFS (loop4): discard dirty page: offset=0, ino=6 [ 77.118886][ T5000] NILFS (loop3): discard dirty page: offset=0, ino=6 [ 77.126832][ T5116] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 4096) [ 77.140100][ T5001] NILFS (loop4): discard dirty block: blocknr=23, size=4096 [pid 5121] <... set_robust_list resumed>) = 0 [pid 5120] write(3, "1000", 4 [pid 5111] ioctl(4, LOOP_CLR_FD [pid 5121] chdir("./5" [pid 5120] <... write resumed>) = 4 [pid 5121] <... chdir resumed>) = 0 [pid 5120] close(3 [pid 5121] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5120] <... close resumed>) = 0 [pid 5121] <... prctl resumed>) = 0 [pid 5120] symlink("/dev/binderfs", "./binderfs" [pid 5121] setpgid(0, 0 [pid 5120] <... symlink resumed>) = 0 [pid 5121] <... setpgid resumed>) = 0 [pid 5120] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5120] <... futex resumed>) = 0 [pid 5121] <... openat resumed>) = 3 [pid 5120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5121] write(3, "1000", 4 [pid 5120] <... mmap resumed>) = 0x7f0b39c56000 [pid 5121] <... write resumed>) = 4 [pid 5120] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5121] close(3 [pid 5120] <... mprotect resumed>) = 0 [pid 5121] <... close resumed>) = 0 [pid 5120] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5111] <... ioctl resumed>) = 0 [pid 5121] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5120] <... clone resumed>, parent_tid=[5122], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5122 [pid 5121] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... futex resumed>) = 0 [pid 5120] <... futex resumed>) = 0 [pid 5111] close(4 [pid 5121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5120] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5121] <... mmap resumed>) = 0x7f0b39c56000 [pid 5121] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5121] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5123], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5123 ./strace-static-x86_64: Process 5122 attached [pid 5121] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] set_robust_list(0x7f0b39c769e0, 24 [pid 5121] <... futex resumed>) = 0 [pid 5122] <... set_robust_list resumed>) = 0 [pid 5121] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5122] memfd_create("syzkaller", 0) = 3 [pid 5122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b31856000 [pid 5111] <... close resumed>) = 0 [ 77.150431][ T5001] NILFS (loop4): discard dirty page: offset=4096, ino=6 [ 77.157441][ T5001] NILFS (loop4): discard dirty block: blocknr=24, size=4096 [ 77.169828][ T5000] NILFS (loop3): discard dirty block: blocknr=23, size=4096 [ 77.191431][ T5000] NILFS (loop3): discard dirty page: offset=4096, ino=6 ./strace-static-x86_64: Process 5123 attached [pid 5123] set_robust_list(0x7f0b39c769e0, 24) = 0 [pid 5123] memfd_create("syzkaller", 0) = 3 [pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b31856000 [pid 5111] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5111] creat("./bus", 026 [pid 5109] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] <... creat resumed>) = 4 [pid 5109] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5111] <... futex resumed>) = 0 [ 77.198532][ T5000] NILFS (loop3): discard dirty block: blocknr=24, size=4096 [pid 5109] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] rename("./bus", "./file1" [pid 5116] <... mount resumed>) = 0 [pid 5116] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5116] <... openat resumed>) = 3 [pid 5122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [ 77.227576][ T5124] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 77.241341][ T5001] NILFS (loop4): discard dirty page: offset=8192, ino=6 [ 77.248660][ T5001] NILFS (loop4): discard dirty block: blocknr=25, size=4096 [ 77.256464][ T5111] NILFS (loop5): DAT doesn't have a block to manage vblocknr = 38040525340672 [pid 5116] chdir("./file1") = 0 [pid 5109] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5116] ioctl(4, LOOP_CLR_FD [pid 5109] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... ioctl resumed>) = 0 [pid 5109] <... futex resumed>) = 0 [pid 5116] close(4 [pid 5109] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5116] <... close resumed>) = 0 [pid 5109] <... mmap resumed>) = 0x7f0b31a35000 [pid 5116] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5116] <... futex resumed>) = 1 [pid 5112] <... futex resumed>) = 0 [pid 5109] <... mprotect resumed>) = 0 [pid 5116] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5112] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5116] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5112] <... futex resumed>) = 0 [pid 5116] creat("./bus", 026 [pid 5112] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] <... clone resumed>, parent_tid=[5125], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5125 [pid 5109] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... creat resumed>) = 4 [pid 5109] <... futex resumed>) = 0 [pid 5116] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [ 77.269348][ T5111] NILFS error (device loop5): nilfs_bmap_truncate: broken bmap (inode number=15) [ 77.282743][ T5000] NILFS (loop3): discard dirty page: offset=8192, ino=6 [pid 5109] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5125 attached [pid 5125] set_robust_list(0x7f0b31a559e0, 24) = 0 [pid 5125] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE) = 5 [pid 5116] <... futex resumed>) = 1 [pid 5125] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5109] <... futex resumed>) = 0 [pid 5125] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5112] <... futex resumed>) = 0 [pid 5112] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5112] <... futex resumed>) = 1 [pid 5116] rename("./bus", "./file1" [ 77.320692][ T5111] Remounting filesystem read-only [ 77.325908][ T27] kauditd_printk_skb: 5 callbacks suppressed [ 77.325922][ T27] audit: type=1804 audit(1683463066.583:17): pid=5125 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor323" name="/root/syzkaller.Vob5rp/4/file1/file1" dev="loop5" ino=18 res=1 errno=0 [ 77.330185][ T5000] NILFS (loop3): discard dirty block: blocknr=25, size=4096 [ 77.344619][ T5111] NILFS (loop5): error -5 truncating bmap (ino=15) [pid 5112] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5122] <... write resumed>) = 2097152 [pid 5122] munmap(0x7f0b31856000, 2097152 [pid 5123] <... write resumed>) = 2097152 [pid 5122] <... munmap resumed>) = 0 [pid 5122] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5123] munmap(0x7f0b31856000, 2097152 [pid 5001] <... umount2 resumed>) = 0 [pid 5123] <... munmap resumed>) = 0 [pid 5122] <... openat resumed>) = 4 [pid 5001] umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5122] ioctl(4, LOOP_SET_FD, 3 [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5123] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [ 77.375030][ T5116] NILFS (loop0): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 77.406591][ T5122] loop2: detected capacity change from 0 to 4096 [ 77.410270][ T5116] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=15) [pid 5123] ioctl(4, LOOP_SET_FD, 3 [pid 5112] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5001] lstat("./4/file1", [pid 5112] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5001] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5112] <... futex resumed>) = 0 [pid 5001] umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5112] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5112] <... mmap resumed>) = 0x7f0b31a35000 [pid 5111] <... rename resumed>) = 0 [pid 5001] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5112] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5111] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] exit_group(0 [pid 5125] <... futex resumed>) = ? [pid 5109] <... exit_group resumed>) = ? [pid 5125] +++ exited with 0 +++ [pid 5112] <... mprotect resumed>) = 0 [pid 5001] <... openat resumed>) = 4 [pid 5112] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5111] <... futex resumed>) = ? [pid 5001] fstat(4, [pid 5122] <... ioctl resumed>) = 0 [pid 5123] <... ioctl resumed>) = 0 [pid 5122] close(3 [pid 5123] close(3 [pid 5122] <... close resumed>) = 0 [pid 5123] <... close resumed>) = 0 [pid 5122] mkdir("./file1", 0777 [pid 5123] mkdir("./file1", 0777 [pid 5122] <... mkdir resumed>) = 0 [pid 5123] <... mkdir resumed>) = 0 [pid 5122] mount("/dev/loop2", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, ""./strace-static-x86_64: Process 5126 attached [pid 5123] mount("/dev/loop1", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5112] <... clone resumed>, parent_tid=[5126], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5126 [pid 5111] +++ exited with 0 +++ [pid 5109] +++ exited with 0 +++ [pid 5001] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5126] set_robust_list(0x7f0b31a559e0, 24 [pid 5116] <... rename resumed>) = 0 [ 77.417687][ T5123] loop1: detected capacity change from 0 to 4096 [ 77.439172][ T5116] Remounting filesystem read-only [ 77.445950][ T5116] NILFS (loop0): error -5 truncating bmap (ino=15) [ 77.458573][ T5122] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [pid 5112] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5001] getdents64(4, [pid 5126] <... set_robust_list resumed>) = 0 [pid 5116] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... futex resumed>) = 0 [pid 5002] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5109, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5001] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5126] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5112] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] getdents64(4, [pid 5116] <... futex resumed>) = 0 [pid 5126] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5001] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5126] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5001] close(4 [pid 5126] <... futex resumed>) = 1 [pid 5116] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5112] <... futex resumed>) = 0 [pid 5002] <... openat resumed>) = 3 [pid 5001] <... close resumed>) = 0 [pid 5126] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5112] exit_group(0 [pid 5002] fstat(3, [pid 5112] <... exit_group resumed>) = ? [pid 5002] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] rmdir("./4/file1" [pid 5002] getdents64(3, 0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5002] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] <... rmdir resumed>) = 0 [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5002] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5126] <... futex resumed>) = ? [pid 5002] unlink("./4/binderfs" [pid 5001] getdents64(3, [pid 5126] +++ exited with 0 +++ [pid 5002] <... unlink resumed>) = 0 [pid 5001] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5002] umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] close(3 [pid 5116] <... futex resumed>) = ? [pid 5001] <... close resumed>) = 0 [pid 5116] +++ exited with 0 +++ [pid 5112] +++ exited with 0 +++ [pid 5001] rmdir("./4" [pid 4997] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5112, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 4997] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] <... rmdir resumed>) = 0 [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5001] mkdir("./5", 0777 [pid 4997] <... openat resumed>) = 3 [pid 4997] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] getdents64(3, 0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5001] <... mkdir resumed>) = 0 [pid 4997] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4997] lstat("./4/binderfs", [ 77.469561][ T5123] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 77.494986][ T5002] NILFS (loop5): discard dirty page: offset=0, ino=6 [ 77.503052][ T5002] NILFS (loop5): discard dirty block: blocknr=23, size=4096 [pid 5001] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 4997] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] <... openat resumed>) = 3 [pid 4997] unlink("./4/binderfs") = 0 [pid 4997] umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5000] <... umount2 resumed>) = 0 [pid 5000] umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5127 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5000] lstat("./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5000] umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5000] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5000] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5000] getdents64(4, ./strace-static-x86_64: Process 5127 attached 0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5000] getdents64(4, 0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5000] close(4 [pid 5127] set_robust_list(0x5555563d95e0, 24 [pid 5000] <... close resumed>) = 0 [ 77.520478][ T5122] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 4096) [ 77.531581][ T4997] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 77.542214][ T4997] NILFS (loop0): discard dirty block: blocknr=23, size=4096 [pid 5127] <... set_robust_list resumed>) = 0 [pid 5000] rmdir("./4/file1") = 0 [pid 5000] getdents64(3, 0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5000] close(3) = 0 [pid 5000] rmdir("./4") = 0 [pid 5000] mkdir("./5", 0777) = 0 [pid 5127] chdir("./5" [pid 5000] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5000] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5000] close(3) = 0 [pid 5000] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563d95d0) = 5129 [pid 5127] <... chdir resumed>) = 0 [ 77.568608][ T5002] NILFS (loop5): discard dirty page: offset=4096, ino=6 [ 77.574618][ T4997] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 77.578592][ T5002] NILFS (loop5): discard dirty block: blocknr=24, size=4096 [ 77.588054][ T4997] NILFS (loop0): discard dirty block: blocknr=24, size=4096 [ 77.599320][ T5128] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds ./strace-static-x86_64: Process 5129 attached [pid 5127] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5122] <... mount resumed>) = 0 [pid 5129] set_robust_list(0x5555563d95e0, 24 [pid 5127] <... prctl resumed>) = 0 [pid 5122] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5129] <... set_robust_list resumed>) = 0 [pid 5127] setpgid(0, 0 [pid 5122] <... openat resumed>) = 3 [pid 5129] chdir("./5" [pid 5127] <... setpgid resumed>) = 0 [pid 5122] chdir("./file1") = 0 [pid 5127] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5122] ioctl(4, LOOP_CLR_FD [pid 5129] <... chdir resumed>) = 0 [pid 5122] <... ioctl resumed>) = 0 [pid 5129] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5127] <... openat resumed>) = 3 [pid 5122] close(4 [pid 5129] <... prctl resumed>) = 0 [pid 5127] write(3, "1000", 4 [pid 5122] <... close resumed>) = 0 [pid 5127] <... write resumed>) = 4 [pid 5129] setpgid(0, 0) = 0 [pid 5127] close(3 [pid 5122] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... close resumed>) = 0 [pid 5122] <... futex resumed>) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5127] symlink("/dev/binderfs", "./binderfs" [pid 5122] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] <... symlink resumed>) = 0 [pid 5122] creat("./bus", 026 [pid 5129] <... openat resumed>) = 3 [pid 5129] write(3, "1000", 4 [pid 5127] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... write resumed>) = 4 [pid 5127] <... futex resumed>) = 0 [pid 5129] close(3 [pid 5127] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5122] <... creat resumed>) = 4 [pid 5129] <... close resumed>) = 0 [pid 5127] <... mmap resumed>) = 0x7f0b39c56000 [pid 5122] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] symlink("/dev/binderfs", "./binderfs" [pid 5127] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5122] <... futex resumed>) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5129] <... symlink resumed>) = 0 [pid 5120] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... mprotect resumed>) = 0 [pid 5122] rename("./bus", "./file1" [ 77.610549][ T5123] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 4096) [ 77.621570][ T4997] NILFS (loop0): discard dirty page: offset=8192, ino=6 [ 77.629612][ T5002] NILFS (loop5): discard dirty page: offset=8192, ino=6 [ 77.635932][ T4997] NILFS (loop0): discard dirty block: blocknr=25, size=4096 [ 77.639821][ T5002] NILFS (loop5): discard dirty block: blocknr=25, size=4096 [pid 5120] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... futex resumed>) = 0 [pid 5127] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 5131 attached ) = 0x7f0b39c56000 [pid 5123] <... mount resumed>) = 0 [pid 5131] set_robust_list(0x7f0b39c769e0, 24 [pid 5129] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5127] <... clone resumed>, parent_tid=[5131], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5131 [pid 5123] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5131] <... set_robust_list resumed>) = 0 [pid 5129] <... mprotect resumed>) = 0 [pid 5127] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... openat resumed>) = 3 [pid 5129] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5127] <... futex resumed>) = 0 [pid 5123] chdir("./file1" [pid 5127] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5123] <... chdir resumed>) = 0 [pid 5123] ioctl(4, LOOP_CLR_FD) = 0 [pid 5129] <... clone resumed>, parent_tid=[5132], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5132 [pid 5131] memfd_create("syzkaller", 0 [pid 5123] close(4 [pid 5129] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] <... close resumed>) = 0 [pid 5131] <... memfd_create resumed>) = 3 [pid 5129] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5123] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5123] <... futex resumed>) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5123] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5121] <... futex resumed>) = 0 [pid 5131] <... mmap resumed>) = 0x7f0b31856000 [pid 5123] creat("./bus", 026 [pid 5121] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4997] <... umount2 resumed>) = 0 [pid 4997] umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4997] lstat("./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 ./strace-static-x86_64: Process 5132 attached [pid 5132] set_robust_list(0x7f0b39c769e0, 24) = 0 [pid 4997] umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5132] memfd_create("syzkaller", 0 [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5120] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5132] <... memfd_create resumed>) = 3 [pid 5120] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4997] <... openat resumed>) = 4 [pid 5132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5120] <... futex resumed>) = 0 [pid 5120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4997] fstat(4, [pid 5120] <... mmap resumed>) = 0x7f0b31a35000 [pid 5132] <... mmap resumed>) = 0x7f0b31856000 [ 77.673237][ T5122] NILFS (loop2): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 77.681010][ T5130] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 77.707832][ T5122] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=15) [pid 5120] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 4997] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5120] <... mprotect resumed>) = 0 [pid 5120] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4997] getdents64(4, 0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5120] <... clone resumed>, parent_tid=[5133], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5133 [pid 4997] getdents64(4, [pid 5120] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 4997] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5120] <... futex resumed>) = 0 [pid 4997] close(4 [pid 5120] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4997] <... close resumed>) = 0 [pid 4997] rmdir("./4/file1" [pid 5123] <... creat resumed>) = 4 [pid 4997] <... rmdir resumed>) = 0 [pid 5123] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4997] getdents64(3, [pid 5123] <... futex resumed>) = 1 [pid 5121] <... futex resumed>) = 0 [pid 4997] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5123] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 4997] close(3 [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5121] <... futex resumed>) = 0 [pid 4997] <... close resumed>) = 0 [pid 5123] rename("./bus", "./file1" [pid 5121] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4997] rmdir("./4") = 0 [pid 4997] mkdir("./5", 0777./strace-static-x86_64: Process 5133 attached ) = 0 [pid 5133] set_robust_list(0x7f0b31a559e0, 24 [pid 4997] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5133] <... set_robust_list resumed>) = 0 [pid 4997] <... openat resumed>) = 3 [pid 5133] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 4997] ioctl(3, LOOP_CLR_FD [pid 5133] <... open resumed>) = 5 [pid 4997] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5133] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4997] close(3 [pid 5133] <... futex resumed>) = 1 [pid 5120] <... futex resumed>) = 0 [pid 4997] <... close resumed>) = 0 [pid 5133] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4997] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563d95d0) = 5134 ./strace-static-x86_64: Process 5134 attached [pid 5134] set_robust_list(0x5555563d95e0, 24) = 0 [pid 5134] chdir("./5") = 0 [pid 5134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5134] setpgid(0, 0) = 0 [pid 5134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5134] write(3, "1000", 4 [pid 5121] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5134] <... write resumed>) = 4 [pid 5121] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] close(3 [pid 5121] <... futex resumed>) = 0 [pid 5134] <... close resumed>) = 0 [pid 5121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5134] symlink("/dev/binderfs", "./binderfs" [pid 5121] <... mmap resumed>) = 0x7f0b31a35000 [ 77.737228][ T5123] NILFS (loop1): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 77.751842][ T27] audit: type=1804 audit(1683463067.013:18): pid=5133 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor323" name="/root/syzkaller.kicUbe/4/file1/file1" dev="loop2" ino=18 res=1 errno=0 [ 77.756504][ T5123] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=15) [pid 5134] <... symlink resumed>) = 0 [pid 5121] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5134] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... mprotect resumed>) = 0 [pid 5134] <... futex resumed>) = 0 [pid 5121] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b39c56000 [pid 5121] <... clone resumed>, parent_tid=[5135], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5135 [pid 5134] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5121] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... mprotect resumed>) = 0 [pid 5121] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5135 attached [pid 5134] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5121] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] <... umount2 resumed>) = 0 [pid 5135] set_robust_list(0x7f0b31a559e0, 24) = 0 [pid 5134] <... clone resumed>, parent_tid=[5136], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5136 [pid 5135] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5134] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... open resumed>) = 5 [pid 5134] <... futex resumed>) = 0 [pid 5135] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5135] <... futex resumed>) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5135] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5002] umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5136 attached [pid 5002] lstat("./4/file1", [pid 5136] set_robust_list(0x7f0b39c769e0, 24) = 0 [pid 5002] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5002] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5136] memfd_create("syzkaller", 0) = 3 [pid 5002] <... openat resumed>) = 4 [pid 5002] fstat(4, [pid 5136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5002] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] getdents64(4, 0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5002] getdents64(4, 0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5136] <... mmap resumed>) = 0x7f0b31856000 [pid 5002] close(4) = 0 [pid 5002] rmdir("./4/file1") = 0 [pid 5002] getdents64(3, 0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5002] close(3) = 0 [pid 5002] rmdir("./4" [pid 5122] <... rename resumed>) = 0 [pid 5002] <... rmdir resumed>) = 0 [pid 5122] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] mkdir("./5", 0777 [pid 5122] <... futex resumed>) = 0 [ 77.802678][ T5122] Remounting filesystem read-only [ 77.808244][ T5122] NILFS (loop2): error -5 truncating bmap (ino=15) [ 77.822326][ T27] audit: type=1804 audit(1683463067.063:19): pid=5135 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor323" name="/root/syzkaller.iMJHw8/5/file1/file1" dev="loop1" ino=18 res=1 errno=0 [pid 5120] exit_group(0 [pid 5133] <... futex resumed>) = ? [pid 5132] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5120] <... exit_group resumed>) = ? [pid 5002] <... mkdir resumed>) = 0 [pid 5133] +++ exited with 0 +++ [pid 5122] +++ exited with 0 +++ [pid 5120] +++ exited with 0 +++ [pid 5002] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 4999] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5120, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5002] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5002] close(3 [pid 4999] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5002] <... close resumed>) = 0 [pid 4999] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4999] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4999] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4999] getdents64(3, 0x5555563da620 /* 4 entries */, 32768) = 112 [pid 4999] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4999] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4999] unlink("./4/binderfs" [pid 5002] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4999] <... unlink resumed>) = 0 [pid 4999] umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5002] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5137 ./strace-static-x86_64: Process 5137 attached [pid 5137] set_robust_list(0x5555563d95e0, 24) = 0 [pid 5137] chdir("./5") = 0 [pid 5123] <... rename resumed>) = 0 [ 77.879036][ T5123] Remounting filesystem read-only [ 77.896772][ T5123] NILFS (loop1): error -5 truncating bmap (ino=15) [pid 5137] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5136] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5132] <... write resumed>) = 2097152 [pid 5131] <... write resumed>) = 2097152 [pid 5123] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... prctl resumed>) = 0 [pid 5123] <... futex resumed>) = 0 [pid 5121] exit_group(0 [pid 5137] setpgid(0, 0 [pid 5135] <... futex resumed>) = ? [pid 5121] <... exit_group resumed>) = ? [pid 5137] <... setpgid resumed>) = 0 [pid 5135] +++ exited with 0 +++ [pid 5123] +++ exited with 0 +++ [pid 5121] +++ exited with 0 +++ [pid 4998] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5121, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 4998] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5131] munmap(0x7f0b31856000, 2097152 [pid 4998] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4998] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4998] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4998] getdents64(3, [pid 5137] <... openat resumed>) = 3 [pid 4998] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5137] write(3, "1000", 4 [pid 4998] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5137] <... write resumed>) = 4 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5137] close(3 [pid 4998] lstat("./5/binderfs", [pid 5137] <... close resumed>) = 0 [pid 4998] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5137] symlink("/dev/binderfs", "./binderfs" [pid 4998] unlink("./5/binderfs" [pid 5137] <... symlink resumed>) = 0 [pid 4998] <... unlink resumed>) = 0 [pid 5137] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5137] <... futex resumed>) = 0 [pid 5131] <... munmap resumed>) = 0 [pid 5137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b39c56000 [pid 5136] <... write resumed>) = 2097152 [pid 5132] munmap(0x7f0b31856000, 2097152 [ 77.930962][ T4999] NILFS (loop2): discard dirty page: offset=0, ino=6 [ 77.937723][ T4999] NILFS (loop2): discard dirty block: blocknr=23, size=4096 [ 77.965781][ T4998] NILFS (loop1): discard dirty page: offset=0, ino=6 [ 77.973451][ T4998] NILFS (loop1): discard dirty block: blocknr=23, size=4096 [pid 5131] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5137] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5136] munmap(0x7f0b31856000, 2097152 [pid 5132] <... munmap resumed>) = 0 [pid 5131] <... openat resumed>) = 4 [pid 5137] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5136] <... munmap resumed>) = 0 [pid 5132] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5131] ioctl(4, LOOP_SET_FD, 3 [pid 5136] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5132] <... openat resumed>) = 4 ./strace-static-x86_64: Process 5138 attached [pid 5137] <... clone resumed>, parent_tid=[5138], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5138 [pid 5136] <... openat resumed>) = 4 [pid 5132] ioctl(4, LOOP_SET_FD, 3 [pid 5131] <... ioctl resumed>) = 0 [ 77.983468][ T4999] NILFS (loop2): discard dirty page: offset=4096, ino=6 [ 77.990051][ T4998] NILFS (loop1): discard dirty page: offset=4096, ino=6 [ 77.992292][ T4999] NILFS (loop2): discard dirty block: blocknr=24, size=4096 [ 78.000332][ T4998] NILFS (loop1): discard dirty block: blocknr=24, size=4096 [ 78.007378][ T4999] NILFS (loop2): discard dirty page: offset=8192, ino=6 [ 78.013464][ T5131] loop4: detected capacity change from 0 to 4096 [ 78.020746][ T4999] NILFS (loop2): discard dirty block: blocknr=25, size=4096 [pid 5137] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] ioctl(4, LOOP_SET_FD, 3 [pid 5131] close(3) = 0 [pid 5131] mkdir("./file1", 0777 [pid 5138] set_robust_list(0x7f0b39c769e0, 24 [pid 5137] <... futex resumed>) = 0 [pid 5136] <... ioctl resumed>) = 0 [pid 5132] <... ioctl resumed>) = 0 [pid 5138] <... set_robust_list resumed>) = 0 [pid 5137] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5132] close(3 [pid 5136] close(3 [pid 5138] memfd_create("syzkaller", 0 [pid 5132] <... close resumed>) = 0 [pid 5131] <... mkdir resumed>) = 0 [pid 5138] <... memfd_create resumed>) = 3 [pid 5136] <... close resumed>) = 0 [pid 5132] mkdir("./file1", 0777 [pid 5138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5131] mount("/dev/loop4", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5132] <... mkdir resumed>) = 0 [pid 5138] <... mmap resumed>) = 0x7f0b31856000 [ 78.034522][ T5132] loop3: detected capacity change from 0 to 4096 [ 78.035199][ T4998] NILFS (loop1): discard dirty page: offset=8192, ino=6 [ 78.041394][ T5136] loop0: detected capacity change from 0 to 4096 [ 78.051669][ T4998] NILFS (loop1): discard dirty block: blocknr=25, size=4096 [ 78.071523][ T5132] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [pid 5132] mount("/dev/loop3", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5136] mkdir("./file1", 0777) = 0 [pid 5136] mount("/dev/loop0", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [ 78.082413][ T5131] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 78.096037][ T5132] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 4096) [ 78.107211][ T5136] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 78.120349][ T5131] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 4096) [pid 5138] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 4999] <... umount2 resumed>) = 0 [pid 4999] umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5132] <... mount resumed>) = 0 [pid 4999] lstat("./4/file1", [pid 5132] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 4999] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5138] <... write resumed>) = 2097152 [pid 5132] chdir("./file1" [pid 4999] umount2("./4/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5138] munmap(0x7f0b31856000, 2097152 [pid 5132] <... chdir resumed>) = 0 [pid 4999] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4999] openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5132] ioctl(4, LOOP_CLR_FD [pid 4999] <... openat resumed>) = 4 [pid 5132] <... ioctl resumed>) = 0 [ 78.141636][ T5136] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 4096) [ 78.170391][ T5139] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4999] fstat(4, [pid 5138] <... munmap resumed>) = 0 [pid 5136] <... mount resumed>) = 0 [pid 5132] close(4 [pid 5131] <... mount resumed>) = 0 [pid 4999] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4998] <... umount2 resumed>) = 0 [pid 4999] getdents64(4, [pid 5138] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5136] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5132] <... close resumed>) = 0 [pid 5131] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 4999] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 4999] getdents64(4, 0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 4999] close(4) = 0 [pid 4999] rmdir("./4/file1" [pid 5138] <... openat resumed>) = 4 [pid 5136] <... openat resumed>) = 3 [pid 5132] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4999] <... rmdir resumed>) = 0 [pid 5131] <... openat resumed>) = 3 [pid 4999] getdents64(3, [pid 5138] ioctl(4, LOOP_SET_FD, 3 [pid 5136] chdir("./file1" [pid 5132] <... futex resumed>) = 1 [pid 5131] chdir("./file1" [pid 5129] <... futex resumed>) = 0 [pid 4999] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 4999] close(3) = 0 [pid 4999] rmdir("./4") = 0 [pid 4999] mkdir("./5", 0777 [pid 5138] <... ioctl resumed>) = 0 [pid 5136] <... chdir resumed>) = 0 [pid 5132] creat("./bus", 026 [pid 5131] <... chdir resumed>) = 0 [pid 5129] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 4999] <... mkdir resumed>) = 0 [pid 5136] ioctl(4, LOOP_CLR_FD [pid 5129] <... futex resumed>) = 0 [pid 4999] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5136] <... ioctl resumed>) = 0 [pid 5131] ioctl(4, LOOP_CLR_FD [pid 5129] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4999] <... openat resumed>) = 3 [pid 5136] close(4 [pid 5131] <... ioctl resumed>) = 0 [pid 4999] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4999] close(3 [pid 5136] <... close resumed>) = 0 [pid 5131] close(4 [pid 4999] <... close resumed>) = 0 [pid 5136] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... close resumed>) = 0 [pid 4999] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5136] <... futex resumed>) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5132] <... creat resumed>) = 4 [pid 5131] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = 1 [pid 5127] <... futex resumed>) = 0 [pid 4999] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5142 [pid 5136] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5134] <... futex resumed>) = 0 [pid 5132] <... futex resumed>) = 1 [pid 5131] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] <... futex resumed>) = 0 [pid 5127] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] close(3 [pid 5136] creat("./bus", 026 [pid 5134] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5129] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5142 attached [ 78.197736][ T5140] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 78.198346][ T5141] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 78.232506][ T5138] loop5: detected capacity change from 0 to 4096 [pid 5132] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5131] creat("./bus", 026 [pid 5129] <... futex resumed>) = 0 [pid 5127] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] set_robust_list(0x5555563d95e0, 24 [pid 5132] rename("./bus", "./file1" [pid 5129] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4998] umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5142] <... set_robust_list resumed>) = 0 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5142] chdir("./5" [pid 4998] lstat("./5/file1", [pid 5142] <... chdir resumed>) = 0 [pid 4998] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5142] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 4998] umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5142] <... prctl resumed>) = 0 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5142] setpgid(0, 0 [pid 4998] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5142] <... setpgid resumed>) = 0 [pid 4998] <... openat resumed>) = 4 [pid 5142] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 4998] fstat(4, [pid 5142] <... openat resumed>) = 3 [pid 4998] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5142] write(3, "1000", 4 [pid 4998] getdents64(4, [pid 5142] <... write resumed>) = 4 [pid 4998] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5142] close(3 [pid 4998] getdents64(4, [pid 5142] <... close resumed>) = 0 [pid 4998] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5142] symlink("/dev/binderfs", "./binderfs" [pid 4998] close(4 [pid 5142] <... symlink resumed>) = 0 [pid 5138] <... close resumed>) = 0 [pid 5131] <... creat resumed>) = 4 [pid 4998] <... close resumed>) = 0 [pid 5142] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] mkdir("./file1", 0777 [pid 5131] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... creat resumed>) = 4 [pid 4998] rmdir("./5/file1" [pid 5142] <... futex resumed>) = 0 [pid 5138] <... mkdir resumed>) = 0 [pid 5136] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = 1 [pid 5127] <... futex resumed>) = 0 [pid 4998] <... rmdir resumed>) = 0 [pid 5142] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5138] mount("/dev/loop5", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5136] <... futex resumed>) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5131] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5127] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] getdents64(3, [pid 5142] <... mmap resumed>) = 0x7f0b39c56000 [pid 5136] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5127] <... futex resumed>) = 0 [pid 4998] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5142] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5136] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5134] <... futex resumed>) = 0 [pid 5131] rename("./bus", "./file1" [pid 5127] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 78.259137][ T5132] NILFS (loop3): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 78.279795][ T5138] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 78.290020][ T5132] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=15) [pid 4998] close(3 [pid 5142] <... mprotect resumed>) = 0 [pid 5136] rename("./bus", "./file1" [pid 5134] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4998] <... close resumed>) = 0 [pid 5142] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4998] rmdir("./5") = 0 [pid 5142] <... clone resumed>, parent_tid=[5143], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5143 [pid 4998] mkdir("./6", 0777 [pid 5142] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] <... mkdir resumed>) = 0 [pid 5142] <... futex resumed>) = 0 [pid 4998] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5142] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4998] <... openat resumed>) = 3 [pid 4998] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4998] close(3) = 0 [pid 4998] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5143 attached [pid 5129] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4998] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5144 [pid 5143] set_robust_list(0x7f0b39c769e0, 24) = 0 [pid 5129] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] memfd_create("syzkaller", 0) = 3 [pid 5143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b31856000 [pid 5129] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5144 attached [pid 5129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b31a35000 [pid 5129] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5129] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5145], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5145 [pid 5144] set_robust_list(0x5555563d95e0, 24 [pid 5129] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5134] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b31a35000 [pid 5134] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 5145 attached ) = 0 [pid 5145] set_robust_list(0x7f0b31a559e0, 24 [pid 5134] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5145] <... set_robust_list resumed>) = 0 [pid 5127] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5145] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5134] <... clone resumed>, parent_tid=[5146], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5146 [ 78.302592][ T5131] NILFS (loop4): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 78.313576][ T5136] NILFS (loop0): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 78.325399][ T5138] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 4096) [ 78.330445][ T5131] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=15) [ 78.347474][ T5136] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=15) [pid 5129] <... futex resumed>) = 0 [pid 5127] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] <... open resumed>) = 5 [pid 5144] <... set_robust_list resumed>) = 0 [pid 5134] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = 0 [pid 5145] <... futex resumed>) = 0 [pid 5134] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5146 attached [pid 5145] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] set_robust_list(0x7f0b31a559e0, 24) = 0 [pid 5146] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE) = 5 [pid 5129] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] <... futex resumed>) = 0 [pid 5144] chdir("./6" [pid 5146] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] <... futex resumed>) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5146] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] <... chdir resumed>) = 0 [ 78.359379][ T27] audit: type=1804 audit(1683463067.623:20): pid=5145 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor323" name="/root/syzkaller.wEQC0i/5/file1/file1" dev="loop3" ino=18 res=1 errno=0 [ 78.380457][ T5132] Remounting filesystem read-only [ 78.389369][ T5136] Remounting filesystem read-only [ 78.395880][ T5132] NILFS (loop3): error -5 truncating bmap (ino=15) [ 78.404109][ T5131] Remounting filesystem read-only [pid 5144] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5127] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b31a35000 [pid 5127] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5127] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5147], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5147 [pid 5144] <... prctl resumed>) = 0 [pid 5136] <... rename resumed>) = 0 [pid 5132] <... rename resumed>) = 0 [pid 5127] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5147 attached [pid 5147] set_robust_list(0x7f0b31a559e0, 24) = 0 [pid 5147] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE) = -1 EROFS (Read-only file system) [pid 5147] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] setpgid(0, 0 [pid 5147] <... futex resumed>) = 1 [pid 5144] <... setpgid resumed>) = 0 [pid 5138] <... mount resumed>) = 0 [pid 5136] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] exit_group(0 [pid 5132] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... rename resumed>) = 0 [pid 5127] <... futex resumed>) = 0 [pid 5147] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] <... futex resumed>) = ? [pid 5144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5138] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5134] <... exit_group resumed>) = ? [pid 5146] +++ exited with 0 +++ [pid 5144] <... openat resumed>) = 3 [pid 5138] <... openat resumed>) = 3 [pid 5136] <... futex resumed>) = ? [pid 5132] <... futex resumed>) = 0 [pid 5131] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] exit_group(0 [pid 5145] <... futex resumed>) = ? [pid 5144] write(3, "1000", 4 [pid 5138] chdir("./file1" [pid 5136] +++ exited with 0 +++ [pid 5134] +++ exited with 0 +++ [pid 5131] <... futex resumed>) = 0 [pid 5129] <... exit_group resumed>) = ? [pid 5145] +++ exited with 0 +++ [pid 5138] <... chdir resumed>) = 0 [pid 5132] +++ exited with 0 +++ [pid 5131] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5127] exit_group(0 [pid 4997] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5134, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=11 /* 0.11 s */} --- [pid 5147] <... futex resumed>) = ? [pid 5144] <... write resumed>) = 4 [pid 5138] ioctl(4, LOOP_CLR_FD [pid 5131] <... futex resumed>) = ? [pid 5129] +++ exited with 0 +++ [pid 5127] <... exit_group resumed>) = ? [pid 5147] +++ exited with 0 +++ [pid 5144] close(3 [pid 5138] <... ioctl resumed>) = 0 [pid 5131] +++ exited with 0 +++ [pid 5127] +++ exited with 0 +++ [ 78.412397][ T5136] NILFS (loop0): error -5 truncating bmap (ino=15) [ 78.421337][ T5131] NILFS (loop4): error -5 truncating bmap (ino=15) [ 78.428813][ T5148] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5144] <... close resumed>) = 0 [pid 5138] close(4 [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5127, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5000] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5129, si_uid=0, si_status=0, si_utime=3 /* 0.03 s */, si_stime=7 /* 0.07 s */} --- [pid 4997] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5138] <... close resumed>) = 0 [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5138] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4997] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5138] <... futex resumed>) = 1 [pid 5001] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4997] <... openat resumed>) = 3 [pid 5138] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] fstat(3, [pid 5001] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4997] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] <... openat resumed>) = 3 [pid 4997] getdents64(3, [pid 5001] fstat(3, [pid 4997] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5001] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] getdents64(3, [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5001] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 4997] lstat("./5/binderfs", [pid 5001] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4997] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] unlink("./5/binderfs" [pid 5001] lstat("./5/binderfs", [pid 4997] <... unlink resumed>) = 0 [pid 5001] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4997] umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5143] <... write resumed>) = 2097152 [pid 5001] unlink("./5/binderfs" [pid 5143] munmap(0x7f0b31856000, 2097152 [pid 5001] <... unlink resumed>) = 0 [pid 5144] symlink("/dev/binderfs", "./binderfs" [pid 5137] <... futex resumed>) = 0 [pid 5001] umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5000] restart_syscall(<... resuming interrupted clone ...> [pid 5144] <... symlink resumed>) = 0 [ 78.477096][ T27] audit: type=1804 audit(1683463067.643:21): pid=5146 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor323" name="/root/syzkaller.SxEkc1/5/file1/file1" dev="loop0" ino=18 res=1 errno=0 [ 78.501540][ T4997] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 78.508510][ T4997] NILFS (loop0): discard dirty block: blocknr=23, size=4096 [pid 5137] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5000] <... restart_syscall resumed>) = 0 [pid 5144] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... futex resumed>) = 0 [pid 5137] <... futex resumed>) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5143] <... munmap resumed>) = 0 [pid 5138] creat("./bus", 026 [pid 5137] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5143] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5000] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5144] <... mmap resumed>) = 0x7f0b39c56000 [ 78.525076][ T5001] NILFS (loop4): discard dirty page: offset=0, ino=6 [ 78.538663][ T5001] NILFS (loop4): discard dirty block: blocknr=23, size=4096 [ 78.548778][ T5143] loop2: detected capacity change from 0 to 4096 [ 78.552803][ T4997] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 78.563153][ T5001] NILFS (loop4): discard dirty page: offset=4096, ino=6 [pid 5143] ioctl(4, LOOP_SET_FD, 3 [pid 5138] <... creat resumed>) = 4 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5144] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5143] <... ioctl resumed>) = 0 [pid 5143] close(3) = 0 [pid 5143] mkdir("./file1", 0777) = 0 [pid 5143] mount("/dev/loop2", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5144] <... mprotect resumed>) = 0 [pid 5138] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5000] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5137] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5000] <... openat resumed>) = 3 [pid 5138] <... futex resumed>) = 0 [pid 5137] <... futex resumed>) = 0 [pid 5144] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5138] rename("./bus", "./file1" [pid 5137] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5000] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5144] <... clone resumed>, parent_tid=[5149], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5149 [pid 5000] getdents64(3, [pid 5144] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5000] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5144] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5149 attached [ 78.571498][ T5001] NILFS (loop4): discard dirty block: blocknr=24, size=4096 [ 78.579968][ T4997] NILFS (loop0): discard dirty block: blocknr=24, size=4096 [ 78.591196][ T4997] NILFS (loop0): discard dirty page: offset=8192, ino=6 [ 78.592676][ T5138] NILFS (loop5): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 78.598458][ T5143] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 78.618524][ T5001] NILFS (loop4): discard dirty page: offset=8192, ino=6 [pid 5000] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5149] set_robust_list(0x7f0b39c769e0, 24 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5149] <... set_robust_list resumed>) = 0 [pid 5000] lstat("./5/binderfs", [pid 5137] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5137] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5000] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5149] memfd_create("syzkaller", 0 [pid 5137] <... futex resumed>) = 0 [pid 5000] unlink("./5/binderfs" [pid 5137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5000] <... unlink resumed>) = 0 [pid 5137] <... mmap resumed>) = 0x7f0b31a35000 [pid 5149] <... memfd_create resumed>) = 3 [pid 5137] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5000] umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5137] <... mprotect resumed>) = 0 [pid 5149] <... mmap resumed>) = 0x7f0b31856000 [pid 5137] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5150], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5150 ./strace-static-x86_64: Process 5150 attached [pid 5150] set_robust_list(0x7f0b31a559e0, 24) = 0 [ 78.619199][ T4997] NILFS (loop0): discard dirty block: blocknr=25, size=4096 [ 78.627054][ T5138] NILFS error (device loop5): nilfs_bmap_truncate: broken bmap (inode number=15) [ 78.649923][ T5143] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 4096) [ 78.662771][ T5000] NILFS (loop3): discard dirty page: offset=0, ino=6 [ 78.669674][ T5000] NILFS (loop3): discard dirty block: blocknr=23, size=4096 [pid 5150] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5150] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE) = 5 [pid 5150] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 4997] <... umount2 resumed>) = 0 [ 78.677557][ T27] audit: type=1804 audit(1683463067.923:22): pid=5150 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor323" name="/root/syzkaller.Vob5rp/5/file1/file1" dev="loop5" ino=18 res=1 errno=0 [ 78.704944][ T5001] NILFS (loop4): discard dirty block: blocknr=25, size=4096 [pid 4997] umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5143] <... mount resumed>) = 0 [pid 5143] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5143] chdir("./file1") = 0 [pid 5143] ioctl(4, LOOP_CLR_FD) = 0 [pid 5143] close(4) = 0 [pid 5143] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5142] <... futex resumed>) = 0 [pid 5143] creat("./bus", 026 [pid 5142] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] lstat("./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4997] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4997] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] getdents64(4, 0x5555563e2660 /* 2 entries */, 32768) = 48 [ 78.726766][ T5000] NILFS (loop3): discard dirty page: offset=4096, ino=6 [ 78.736675][ T5151] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 78.761915][ T5138] Remounting filesystem read-only [ 78.767747][ T5138] NILFS (loop5): error -5 truncating bmap (ino=15) [pid 4997] getdents64(4, 0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 4997] close(4) = 0 [pid 4997] rmdir("./5/file1") = 0 [pid 4997] getdents64(3, 0x5555563da620 /* 0 entries */, 32768) = 0 [pid 4997] close(3) = 0 [pid 4997] rmdir("./5") = 0 [pid 4997] mkdir("./6", 0777) = 0 [pid 4997] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5142] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4997] <... openat resumed>) = 3 [pid 5142] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4997] ioctl(3, LOOP_CLR_FD [pid 5142] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4997] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5142] <... mmap resumed>) = 0x7f0b31a35000 [pid 4997] close(3 [ 78.774690][ T5000] NILFS (loop3): discard dirty block: blocknr=24, size=4096 [pid 5142] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 4997] <... close resumed>) = 0 [pid 5142] <... mprotect resumed>) = 0 [pid 4997] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5142] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5143] <... creat resumed>) = 4 [pid 4997] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5152 [pid 5143] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5142] <... clone resumed>, parent_tid=[5153], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5153 [pid 5143] <... futex resumed>) = 0 [pid 5142] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5153 attached [pid 5149] <... write resumed>) = 2097152 [pid 5143] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5142] <... futex resumed>) = 0 [pid 5001] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 5152 attached [pid 5142] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] set_robust_list(0x5555563d95e0, 24) = 0 [pid 5152] chdir("./6") = 0 [pid 5153] set_robust_list(0x7f0b31a559e0, 24 [pid 5152] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5153] <... set_robust_list resumed>) = 0 [pid 5152] <... prctl resumed>) = 0 [pid 5153] rename("./bus", "./file1" [pid 5152] setpgid(0, 0 [pid 5149] munmap(0x7f0b31856000, 2097152 [pid 5001] umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5152] <... setpgid resumed>) = 0 [pid 5152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5152] write(3, "1000", 4) = 4 [pid 5149] <... munmap resumed>) = 0 [pid 5152] close(3 [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5152] <... close resumed>) = 0 [pid 5152] symlink("/dev/binderfs", "./binderfs" [pid 5001] lstat("./5/file1", [pid 5152] <... symlink resumed>) = 0 [pid 5152] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b39c56000 [pid 5152] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5152] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5138] <... rename resumed>) = 0 [pid 5138] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... clone resumed>, parent_tid=[5154], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5154 [pid 5138] <... futex resumed>) = 0 [pid 5152] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5154 attached [pid 5001] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5154] set_robust_list(0x7f0b39c769e0, 24 [pid 5137] exit_group(0 [pid 5154] <... set_robust_list resumed>) = 0 [pid 5150] <... futex resumed>) = ? [pid 5149] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5138] <... futex resumed>) = ? [pid 5137] <... exit_group resumed>) = ? [pid 5001] umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5154] memfd_create("syzkaller", 0 [pid 5150] +++ exited with 0 +++ [pid 5138] +++ exited with 0 +++ [ 78.819865][ T5000] NILFS (loop3): discard dirty page: offset=8192, ino=6 [ 78.835008][ T5000] NILFS (loop3): discard dirty block: blocknr=25, size=4096 [ 78.849052][ T5153] NILFS (loop2): DAT doesn't have a block to manage vblocknr = 38040525340672 [pid 5154] <... memfd_create resumed>) = 3 [pid 5149] <... openat resumed>) = 4 [pid 5137] +++ exited with 0 +++ [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5149] ioctl(4, LOOP_SET_FD, 3 [pid 5154] <... mmap resumed>) = 0x7f0b31856000 [pid 5142] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5002] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5137, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5001] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5149] <... ioctl resumed>) = 0 [pid 5142] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5149] close(3 [pid 5143] <... futex resumed>) = 0 [pid 5142] <... futex resumed>) = 1 [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5001] <... openat resumed>) = 4 [pid 5149] <... close resumed>) = 0 [ 78.869858][ T5153] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=15) [ 78.890924][ T5149] loop1: detected capacity change from 0 to 4096 [pid 5143] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5142] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5001] fstat(4, [pid 5149] mkdir("./file1", 0777 [pid 5143] <... open resumed>) = 5 [pid 5002] <... openat resumed>) = 3 [pid 5000] <... umount2 resumed>) = 0 [pid 5143] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] fstat(3, [pid 5143] <... futex resumed>) = 1 [pid 5142] <... futex resumed>) = 0 [pid 5002] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5143] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5002] getdents64(3, [pid 5001] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5149] <... mkdir resumed>) = 0 [pid 5002] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5001] getdents64(4, [pid 5000] umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5002] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5149] mount("/dev/loop1", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5001] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5002] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5002] unlink("./5/binderfs" [pid 5001] getdents64(4, [pid 5000] lstat("./5/file1", [pid 5002] <... unlink resumed>) = 0 [pid 5001] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5000] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] close(4 [pid 5000] umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] <... close resumed>) = 0 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5001] rmdir("./5/file1" [pid 5000] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5001] <... rmdir resumed>) = 0 [pid 5001] getdents64(3, [pid 5000] <... openat resumed>) = 4 [pid 5001] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5000] fstat(4, [pid 5001] close(3 [pid 5000] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] <... close resumed>) = 0 [pid 5000] getdents64(4, [pid 5001] rmdir("./5" [pid 5000] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5001] <... rmdir resumed>) = 0 [pid 5000] getdents64(4, [pid 5001] mkdir("./6", 0777 [pid 5000] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5001] <... mkdir resumed>) = 0 [pid 5000] close(4 [pid 5154] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5153] <... rename resumed>) = 0 [ 78.908708][ T27] audit: type=1804 audit(1683463068.163:23): pid=5143 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor323" name="/root/syzkaller.kicUbe/5/file1/file1" dev="loop2" ino=18 res=1 errno=0 [ 78.930647][ T5153] Remounting filesystem read-only [ 78.938156][ T5153] NILFS (loop2): error -5 truncating bmap (ino=15) [ 78.957355][ T5149] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [pid 5001] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5000] <... close resumed>) = 0 [pid 5153] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5001] <... openat resumed>) = 3 [pid 5000] rmdir("./5/file1" [pid 5153] <... futex resumed>) = 0 [pid 5142] exit_group(0 [pid 5001] ioctl(3, LOOP_CLR_FD [pid 5000] <... rmdir resumed>) = 0 [pid 5143] <... futex resumed>) = ? [pid 5142] <... exit_group resumed>) = ? [pid 5143] +++ exited with 0 +++ [pid 5001] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5000] getdents64(3, [pid 5153] +++ exited with 0 +++ [pid 5142] +++ exited with 0 +++ [pid 5001] close(3 [pid 5000] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5001] <... close resumed>) = 0 [pid 5000] close(3 [pid 4999] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5142, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 4999] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4999] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4999] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4999] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4999] getdents64(3, [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5000] <... close resumed>) = 0 [pid 4999] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 4999] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5000] rmdir("./5" [pid 4999] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4999] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4999] unlink("./5/binderfs" [pid 5000] <... rmdir resumed>) = 0 [pid 4999] <... unlink resumed>) = 0 [pid 4999] umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5155 [pid 5000] mkdir("./6", 0777) = 0 [pid 5000] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5000] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5000] close(3) = 0 [pid 5000] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563d95d0) = 5156 [ 78.986305][ T5002] NILFS (loop5): discard dirty page: offset=0, ino=6 [ 78.997030][ T5149] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 4096) [ 79.010187][ T5002] NILFS (loop5): discard dirty block: blocknr=23, size=4096 [ 79.018197][ T5002] NILFS (loop5): discard dirty page: offset=4096, ino=6 ./strace-static-x86_64: Process 5156 attached [pid 5156] set_robust_list(0x5555563d95e0, 24) = 0 ./strace-static-x86_64: Process 5155 attached [pid 5155] set_robust_list(0x5555563d95e0, 24) = 0 [pid 5156] chdir("./6") = 0 [pid 5155] chdir("./6") = 0 [pid 5155] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5155] <... prctl resumed>) = 0 [pid 5155] setpgid(0, 0) = 0 [pid 5156] setpgid(0, 0 [pid 5155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5156] <... setpgid resumed>) = 0 [pid 5156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5155] <... openat resumed>) = 3 [pid 5154] <... write resumed>) = 2097152 [ 79.045313][ T4999] NILFS (loop2): discard dirty page: offset=0, ino=6 [ 79.060054][ T5002] NILFS (loop5): discard dirty block: blocknr=24, size=4096 [ 79.079533][ T4999] NILFS (loop2): discard dirty block: blocknr=23, size=4096 [pid 5156] <... openat resumed>) = 3 [pid 5155] write(3, "1000", 4 [pid 5154] munmap(0x7f0b31856000, 2097152 [pid 5149] <... mount resumed>) = 0 [pid 5156] write(3, "1000", 4 [pid 5154] <... munmap resumed>) = 0 [pid 5156] <... write resumed>) = 4 [pid 5156] close(3) = 0 [pid 5156] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5156] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5154] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5154] <... openat resumed>) = 4 [pid 5156] <... mmap resumed>) = 0x7f0b39c56000 [pid 5154] ioctl(4, LOOP_SET_FD, 3 [pid 5156] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5155] <... write resumed>) = 4 [pid 5149] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5156] <... mprotect resumed>) = 0 [pid 5155] close(3 [pid 5149] <... openat resumed>) = 3 [pid 5156] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5155] <... close resumed>) = 0 [pid 5149] chdir("./file1" [pid 5155] symlink("/dev/binderfs", "./binderfs" [pid 5149] <... chdir resumed>) = 0 [pid 5156] <... clone resumed>, parent_tid=[5158], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5158 [pid 5156] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5155] <... symlink resumed>) = 0 [pid 5149] ioctl(4, LOOP_CLR_FD [pid 5155] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... ioctl resumed>) = 0 [pid 5155] <... futex resumed>) = 0 [pid 5149] close(4./strace-static-x86_64: Process 5158 attached [pid 5155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5149] <... close resumed>) = 0 [pid 5158] set_robust_list(0x7f0b39c769e0, 24) = 0 [pid 5155] <... mmap resumed>) = 0x7f0b39c56000 [pid 5149] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] memfd_create("syzkaller", 0 [pid 5155] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5149] <... futex resumed>) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5158] <... memfd_create resumed>) = 3 [pid 5155] <... mprotect resumed>) = 0 [pid 5149] creat("./bus", 026 [pid 5144] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5154] <... ioctl resumed>) = 0 [pid 5155] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5158] <... mmap resumed>) = 0x7f0b31856000 [pid 5154] close(3 [pid 5149] <... creat resumed>) = 4 [pid 5144] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5159 attached [pid 5154] <... close resumed>) = 0 [pid 5149] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] mkdir("./file1", 0777 [pid 5155] <... clone resumed>, parent_tid=[5159], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5159 [pid 5149] <... futex resumed>) = 0 [pid 5144] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5159] set_robust_list(0x7f0b39c769e0, 24 [pid 5154] <... mkdir resumed>) = 0 [pid 5159] <... set_robust_list resumed>) = 0 [pid 5155] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] mount("/dev/loop0", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5149] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] memfd_create("syzkaller", 0 [pid 5155] <... futex resumed>) = 0 [pid 5149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5144] <... futex resumed>) = 0 [ 79.090284][ T5157] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 79.096579][ T5154] loop0: detected capacity change from 0 to 4096 [ 79.115792][ T5002] NILFS (loop5): discard dirty page: offset=8192, ino=6 [ 79.131196][ T4999] NILFS (loop2): discard dirty page: offset=4096, ino=6 [ 79.138531][ T4999] NILFS (loop2): discard dirty block: blocknr=24, size=4096 [pid 5159] <... memfd_create resumed>) = 3 [pid 5155] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5149] rename("./bus", "./file1" [pid 5144] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b31856000 [ 79.165977][ T5154] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 79.174659][ T5002] NILFS (loop5): discard dirty block: blocknr=25, size=4096 [ 79.191306][ T5149] NILFS (loop1): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 79.201968][ T5154] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 4096) [pid 5158] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5159] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5144] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5144] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b31a35000 [pid 5144] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5144] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5160], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5160 [pid 5144] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5158] <... write resumed>) = 2097152 ./strace-static-x86_64: Process 5160 attached [pid 5160] set_robust_list(0x7f0b31a559e0, 24) = 0 [ 79.220794][ T5149] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=15) [ 79.255941][ T4999] NILFS (loop2): discard dirty page: offset=8192, ino=6 [pid 5160] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE) = 5 [pid 5159] <... write resumed>) = 2097152 [pid 5160] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5160] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] munmap(0x7f0b31856000, 2097152) = 0 [pid 5158] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 79.266975][ T27] audit: type=1804 audit(1683463068.523:24): pid=5160 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor323" name="/root/syzkaller.iMJHw8/6/file1/file1" dev="loop1" ino=18 res=1 errno=0 [ 79.296258][ T5161] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 79.301737][ T5158] loop3: detected capacity change from 0 to 4096 [ 79.314046][ T5149] Remounting filesystem read-only [pid 5158] ioctl(4, LOOP_SET_FD, 3 [pid 5159] munmap(0x7f0b31856000, 2097152 [pid 5002] <... umount2 resumed>) = 0 [pid 5154] <... mount resumed>) = 0 [pid 5154] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5154] chdir("./file1") = 0 [pid 5159] <... munmap resumed>) = 0 [pid 5154] ioctl(4, LOOP_CLR_FD) = 0 [pid 5002] umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5159] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5154] close(4 [pid 5159] <... openat resumed>) = 4 [pid 5154] <... close resumed>) = 0 [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5154] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5154] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] <... futex resumed>) = 0 [pid 5154] creat("./bus", 026 [pid 5152] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] ioctl(4, LOOP_SET_FD, 3 [pid 5002] lstat("./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5149] <... rename resumed>) = 0 [pid 5149] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] exit_group(0 [pid 5002] umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5149] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5144] <... exit_group resumed>) = ? [pid 5160] <... futex resumed>) = ? [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5160] +++ exited with 0 +++ [pid 5002] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5149] <... futex resumed>) = ? [pid 5002] <... openat resumed>) = 4 [pid 5002] fstat(4, [pid 5154] <... creat resumed>) = 4 [pid 5002] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5154] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] getdents64(4, [pid 5154] <... futex resumed>) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5154] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] <... futex resumed>) = 0 [pid 5002] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5154] rename("./bus", "./file1" [pid 5152] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] getdents64(4, 0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5002] close(4) = 0 [pid 5002] rmdir("./5/file1") = 0 [pid 5002] getdents64(3, 0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5002] close(3) = 0 [pid 5158] <... ioctl resumed>) = 0 [pid 5149] +++ exited with 0 +++ [pid 5144] +++ exited with 0 +++ [pid 5159] <... ioctl resumed>) = 0 [pid 5158] close(3 [pid 5002] rmdir("./5" [pid 4998] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5144, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5158] <... close resumed>) = 0 [pid 5158] mkdir("./file1", 0777 [pid 5159] close(3 [pid 5158] <... mkdir resumed>) = 0 [pid 5002] <... rmdir resumed>) = 0 [pid 4998] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5158] mount("/dev/loop3", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 79.319117][ T5149] NILFS (loop1): error -5 truncating bmap (ino=15) [ 79.328738][ T4999] NILFS (loop2): discard dirty block: blocknr=25, size=4096 [ 79.341516][ T5159] loop4: detected capacity change from 0 to 4096 [ 79.357177][ T5154] NILFS (loop0): DAT doesn't have a block to manage vblocknr = 38040525340672 [pid 5159] <... close resumed>) = 0 [pid 5002] mkdir("./6", 0777 [pid 4998] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5159] mkdir("./file1", 0777 [pid 4998] <... openat resumed>) = 3 [pid 4998] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] <... mkdir resumed>) = 0 [pid 4998] getdents64(3, 0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5159] <... mkdir resumed>) = 0 [pid 5152] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5002] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 4998] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5152] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5159] mount("/dev/loop4", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5152] <... futex resumed>) = 0 [pid 5002] <... openat resumed>) = 3 [pid 4998] lstat("./6/binderfs", [pid 5152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4998] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5152] <... mmap resumed>) = 0x7f0b31a35000 [pid 5002] ioctl(3, LOOP_CLR_FD [pid 4998] unlink("./6/binderfs" [pid 5152] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 4998] <... unlink resumed>) = 0 [pid 5152] <... mprotect resumed>) = 0 [pid 4998] umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5152] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5162], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5162 [pid 5152] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4999] <... umount2 resumed>) = 0 [pid 4999] umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5002] <... ioctl resumed>) = -1 ENXIO (No such device or address) ./strace-static-x86_64: Process 5162 attached [ 79.385544][ T5158] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 79.398731][ T5154] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=15) [ 79.411692][ T5159] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 79.423587][ T4998] NILFS (loop1): discard dirty page: offset=0, ino=6 [pid 5002] close(3) = 0 [pid 4999] lstat("./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4999] umount2("./5/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4999] openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4999] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4999] getdents64(4, 0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 4999] getdents64(4, 0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 4999] close(4) = 0 [pid 4999] rmdir("./5/file1" [pid 5162] set_robust_list(0x7f0b31a559e0, 24 [pid 5002] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5163 attached [pid 5162] <... set_robust_list resumed>) = 0 [pid 4999] <... rmdir resumed>) = 0 [pid 4999] getdents64(3, [pid 5163] set_robust_list(0x5555563d95e0, 24 [pid 5162] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5152] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5002] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5163 [pid 4999] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [ 79.438049][ T4998] NILFS (loop1): discard dirty block: blocknr=23, size=4096 [ 79.447305][ T5158] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 4096) [ 79.457146][ T5159] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 4096) [ 79.458386][ T5154] Remounting filesystem read-only [pid 4999] close(3 [pid 5162] <... open resumed>) = 5 [pid 4999] <... close resumed>) = 0 [pid 4999] rmdir("./5") = 0 [pid 4999] mkdir("./6", 0777) = 0 [pid 4999] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 4999] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4999] close(3) = 0 [pid 4999] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563d95d0) = 5164 ./strace-static-x86_64: Process 5164 attached [pid 5164] set_robust_list(0x5555563d95e0, 24) = 0 [pid 5164] chdir("./6") = 0 [pid 5164] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5164] setpgid(0, 0) = 0 [pid 5164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5163] <... set_robust_list resumed>) = 0 [pid 5162] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... openat resumed>) = 3 [pid 5163] chdir("./6" [pid 5162] <... futex resumed>) = 0 [pid 5164] write(3, "1000", 4 [pid 5163] <... chdir resumed>) = 0 [pid 5162] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] <... write resumed>) = 4 [pid 5163] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5164] close(3 [pid 5163] <... prctl resumed>) = 0 [pid 5164] <... close resumed>) = 0 [pid 5163] setpgid(0, 0 [pid 5164] symlink("/dev/binderfs", "./binderfs" [pid 5163] <... setpgid resumed>) = 0 [pid 5164] <... symlink resumed>) = 0 [pid 5163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5164] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] <... openat resumed>) = 3 [pid 5164] <... futex resumed>) = 0 [pid 5163] write(3, "1000", 4 [pid 5164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5163] <... write resumed>) = 4 [pid 5164] <... mmap resumed>) = 0x7f0b39c56000 [pid 5163] close(3 [pid 5164] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5163] <... close resumed>) = 0 [pid 5164] <... mprotect resumed>) = 0 [pid 5163] symlink("/dev/binderfs", "./binderfs" [pid 5164] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5163] <... symlink resumed>) = 0 [ 79.474810][ T27] audit: type=1804 audit(1683463068.733:25): pid=5162 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor323" name="/root/syzkaller.SxEkc1/6/file1/file1" dev="loop0" ino=18 res=1 errno=0 [ 79.488562][ T4998] NILFS (loop1): discard dirty page: offset=4096, ino=6 [ 79.528189][ T5165] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5163] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... clone resumed>, parent_tid=[5166], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5166 [pid 5163] <... futex resumed>) = 0 [pid 5159] <... mount resumed>) = 0 [pid 5164] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5159] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 5166 attached [pid 5164] <... futex resumed>) = 0 [pid 5163] <... mmap resumed>) = 0x7f0b39c56000 [pid 5166] set_robust_list(0x7f0b39c769e0, 24 [pid 5164] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5163] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5159] <... openat resumed>) = 3 [pid 5166] <... set_robust_list resumed>) = 0 [pid 5166] memfd_create("syzkaller", 0 [pid 5163] <... mprotect resumed>) = 0 [pid 5159] chdir("./file1" [pid 5158] <... mount resumed>) = 0 [pid 5166] <... memfd_create resumed>) = 3 [pid 5158] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5158] <... openat resumed>) = 3 [pid 5166] <... mmap resumed>) = 0x7f0b31856000 [pid 5158] chdir("./file1") = 0 [pid 5163] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5159] <... chdir resumed>) = 0 [pid 5158] ioctl(4, LOOP_CLR_FD [pid 5159] ioctl(4, LOOP_CLR_FD [pid 5158] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 5168 attached [pid 5158] close(4 [pid 5159] <... ioctl resumed>) = 0 [pid 5163] <... clone resumed>, parent_tid=[5168], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5168 [pid 5158] <... close resumed>) = 0 [pid 5158] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5163] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] close(4 [pid 5158] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5168] set_robust_list(0x7f0b39c769e0, 24 [pid 5156] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5156] <... futex resumed>) = 0 [pid 5168] <... set_robust_list resumed>) = 0 [pid 5163] <... futex resumed>) = 0 [pid 5159] <... close resumed>) = 0 [pid 5158] creat("./bus", 026 [pid 5156] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] memfd_create("syzkaller", 0 [pid 5163] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5159] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] <... memfd_create resumed>) = 3 [pid 5159] <... futex resumed>) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5159] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] <... mmap resumed>) = 0x7f0b31856000 [pid 5159] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5155] <... futex resumed>) = 0 [pid 5159] creat("./bus", 026 [pid 5155] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... creat resumed>) = 4 [ 79.528489][ T5154] NILFS (loop0): error -5 truncating bmap (ino=15) [ 79.554535][ T5167] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 79.579919][ T4998] NILFS (loop1): discard dirty block: blocknr=24, size=4096 [pid 5159] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] <... creat resumed>) = 4 [pid 5159] <... futex resumed>) = 1 [pid 5158] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = 0 [pid 5154] <... rename resumed>) = 0 [pid 5166] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5159] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] <... futex resumed>) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5155] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5158] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = 0 [pid 5154] <... futex resumed>) = 0 [pid 5152] exit_group(0 [pid 5162] <... futex resumed>) = ? [pid 5159] rename("./bus", "./file1" [pid 5158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5156] <... futex resumed>) = 0 [pid 5155] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... exit_group resumed>) = ? [pid 5162] +++ exited with 0 +++ [pid 5158] rename("./bus", "./file1" [pid 5156] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] +++ exited with 0 +++ [pid 5168] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5152] +++ exited with 0 +++ [pid 4997] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5152, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 4997] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4997] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4997] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] getdents64(3, 0x5555563da620 /* 4 entries */, 32768) = 112 [pid 4997] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4997] lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4997] unlink("./6/binderfs") = 0 [ 79.606172][ T4998] NILFS (loop1): discard dirty page: offset=8192, ino=6 [ 79.631365][ T4998] NILFS (loop1): discard dirty block: blocknr=25, size=4096 [ 79.645330][ T5158] NILFS (loop3): DAT doesn't have a block to manage vblocknr = 38040525340672 [pid 4997] umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5168] <... write resumed>) = 2097152 [pid 5155] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5168] munmap(0x7f0b31856000, 2097152 [pid 5156] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5155] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b31a35000 [pid 5156] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE) = 0 [ 79.662931][ T4997] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 79.681253][ T5159] NILFS (loop4): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 79.687306][ T4997] NILFS (loop0): discard dirty block: blocknr=23, size=4096 [ 79.696925][ T5159] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=15) [pid 5156] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5168] <... munmap resumed>) = 0 [pid 5156] <... clone resumed>, parent_tid=[5169], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5169 [pid 5155] <... futex resumed>) = 0 [pid 5156] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5156] <... futex resumed>) = 0 [pid 5155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5168] <... openat resumed>) = 4 [pid 5166] <... write resumed>) = 2097152 [pid 5156] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5155] <... mmap resumed>) = 0x7f0b31a35000 [pid 5168] ioctl(4, LOOP_SET_FD, 3 [pid 5155] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5166] munmap(0x7f0b31856000, 2097152 [pid 5155] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 5169 attached [pid 5155] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5169] set_robust_list(0x7f0b31a559e0, 24 [pid 5155] <... clone resumed>, parent_tid=[5170], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5170 [pid 5169] <... set_robust_list resumed>) = 0 [pid 5169] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5155] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 79.701190][ T5158] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=15) [ 79.727304][ T5168] loop5: detected capacity change from 0 to 4096 [ 79.739360][ T27] audit: type=1804 audit(1683463068.993:26): pid=5169 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor323" name="/root/syzkaller.wEQC0i/6/file1/file1" dev="loop3" ino=18 res=1 errno=0 [pid 5155] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] <... munmap resumed>) = 0 [pid 5166] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5166] ioctl(4, LOOP_SET_FD, 3 [pid 5169] <... open resumed>) = 5 [pid 5169] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] <... umount2 resumed>) = 0 [pid 5169] <... futex resumed>) = 1 [pid 5156] <... futex resumed>) = 0 [pid 5169] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5170 attached [pid 5168] <... ioctl resumed>) = 0 [pid 4998] umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5170] set_robust_list(0x7f0b31a559e0, 24 [pid 5168] close(3 [pid 5170] <... set_robust_list resumed>) = 0 [pid 5168] <... close resumed>) = 0 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4998] lstat("./6/file1", [pid 5170] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5168] mkdir("./file1", 0777 [pid 4998] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5170] <... open resumed>) = 5 [pid 4998] umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4998] openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5170] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5170] <... futex resumed>) = 1 [pid 5155] <... futex resumed>) = 0 [pid 4998] getdents64(4, [pid 5170] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4998] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5168] <... mkdir resumed>) = 0 [pid 4998] getdents64(4, [pid 5168] mount("/dev/loop5", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 4998] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [ 79.743127][ T5166] loop2: detected capacity change from 0 to 4096 [ 79.773798][ T4997] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 79.790991][ T5158] Remounting filesystem read-only [ 79.792183][ T5168] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 79.796055][ T5158] NILFS (loop3): error -5 truncating bmap (ino=15) [pid 4998] close(4) = 0 [pid 4998] rmdir("./6/file1") = 0 [pid 4998] getdents64(3, 0x5555563da620 /* 0 entries */, 32768) = 0 [pid 4998] close(3) = 0 [pid 4998] rmdir("./6") = 0 [pid 4998] mkdir("./7", 0777) = 0 [pid 4998] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 4998] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4998] close(3) = 0 [pid 4998] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563d95d0) = 5171 [pid 5166] <... ioctl resumed>) = 0 [pid 5166] close(3) = 0 [pid 5166] mkdir("./file1", 0777) = 0 [ 79.813528][ T5159] Remounting filesystem read-only [ 79.818439][ T4997] NILFS (loop0): discard dirty block: blocknr=24, size=4096 [ 79.819320][ T5168] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 4096) [ 79.830518][ T4997] NILFS (loop0): discard dirty page: offset=8192, ino=6 [ 79.844813][ T5159] NILFS (loop4): error -5 truncating bmap (ino=15) [ 79.852539][ T5166] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [pid 5166] mount("/dev/loop2", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5158] <... rename resumed>) = 0 ./strace-static-x86_64: Process 5171 attached [pid 5159] <... rename resumed>) = 0 [pid 5171] set_robust_list(0x5555563d95e0, 24 [pid 5159] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... set_robust_list resumed>) = 0 [pid 5159] <... futex resumed>) = 0 [pid 5158] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] chdir("./7" [pid 5159] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] exit_group(0 [pid 5155] exit_group(0 [pid 5171] <... chdir resumed>) = 0 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5170] <... futex resumed>) = ? [pid 5169] <... futex resumed>) = ? [pid 5159] <... futex resumed>) = ? [pid 5158] <... futex resumed>) = ? [pid 5156] <... exit_group resumed>) = ? [pid 5155] <... exit_group resumed>) = ? [pid 5170] +++ exited with 0 +++ [pid 5169] +++ exited with 0 +++ [pid 5159] +++ exited with 0 +++ [pid 5158] +++ exited with 0 +++ [pid 5171] <... prctl resumed>) = 0 [pid 5156] +++ exited with 0 +++ [pid 5155] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5155, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=10 /* 0.10 s */} --- [pid 5171] setpgid(0, 0) = 0 [pid 5001] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5000] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5156, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5000] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5171] <... openat resumed>) = 3 [pid 5001] <... openat resumed>) = 3 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5171] write(3, "1000", 4 [pid 5001] fstat(3, [pid 5000] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5171] <... write resumed>) = 4 [pid 5001] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5000] <... openat resumed>) = 3 [pid 5171] close(3 [pid 5001] getdents64(3, [pid 5000] fstat(3, [pid 5171] <... close resumed>) = 0 [pid 5001] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5000] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5171] symlink("/dev/binderfs", "./binderfs" [pid 5001] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5000] getdents64(3, [pid 5001] lstat("./6/binderfs", [pid 5171] <... symlink resumed>) = 0 [pid 5001] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5000] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5171] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5001] unlink("./6/binderfs" [pid 5000] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5171] <... futex resumed>) = 0 [pid 5001] <... unlink resumed>) = 0 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5001] umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [ 79.863146][ T4997] NILFS (loop0): discard dirty block: blocknr=25, size=4096 [ 79.878729][ T5166] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 4096) [ 79.900308][ T5172] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5000] lstat("./6/binderfs", [pid 5171] <... mmap resumed>) = 0x7f0b39c56000 [pid 5168] <... mount resumed>) = 0 [pid 5000] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5171] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5168] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5000] unlink("./6/binderfs" [pid 5171] <... mprotect resumed>) = 0 [pid 5168] <... openat resumed>) = 3 [pid 5000] <... unlink resumed>) = 0 [pid 5168] chdir("./file1" [pid 5171] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5000] umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5168] <... chdir resumed>) = 0 [pid 5168] ioctl(4, LOOP_CLR_FD [pid 5171] <... clone resumed>, parent_tid=[5173], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5173 [pid 5168] <... ioctl resumed>) = 0 [pid 5171] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5168] close(4) = 0 [pid 5171] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5168] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5168] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5163] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5173 attached [pid 5168] creat("./bus", 026 [pid 5163] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] set_robust_list(0x7f0b39c769e0, 24) = 0 [ 79.913039][ T5001] NILFS (loop4): discard dirty page: offset=0, ino=6 [ 79.921983][ T5001] NILFS (loop4): discard dirty block: blocknr=23, size=4096 [ 79.933155][ T5000] NILFS (loop3): discard dirty page: offset=0, ino=6 [ 79.944468][ T5000] NILFS (loop3): discard dirty block: blocknr=23, size=4096 [ 79.953669][ T5000] NILFS (loop3): discard dirty page: offset=4096, ino=6 [pid 5173] memfd_create("syzkaller", 0) = 3 [pid 5173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b31856000 [pid 5168] <... creat resumed>) = 4 [pid 5168] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5168] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5168] <... futex resumed>) = 0 [pid 5173] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5168] rename("./bus", "./file1" [pid 5166] <... mount resumed>) = 0 [pid 5163] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 4997] <... umount2 resumed>) = 0 [pid 5166] chdir("./file1") = 0 [pid 5166] ioctl(4, LOOP_CLR_FD) = 0 [pid 5166] close(4) = 0 [pid 5166] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5166] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5164] <... futex resumed>) = 0 [pid 5166] creat("./bus", 026 [ 79.963613][ T5000] NILFS (loop3): discard dirty block: blocknr=24, size=4096 [ 79.976408][ T5001] NILFS (loop4): discard dirty page: offset=4096, ino=6 [ 79.987532][ T5174] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 79.992604][ T5000] NILFS (loop3): discard dirty page: offset=8192, ino=6 [ 80.005884][ T5000] NILFS (loop3): discard dirty block: blocknr=25, size=4096 [pid 5164] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4997] umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4997] lstat("./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4997] openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4997] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] getdents64(4, 0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 4997] getdents64(4, 0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 4997] close(4) = 0 [pid 4997] rmdir("./6/file1") = 0 [pid 4997] getdents64(3, 0x5555563da620 /* 0 entries */, 32768) = 0 [pid 4997] close(3) = 0 [pid 4997] rmdir("./6") = 0 [pid 4997] mkdir("./7", 0777) = 0 [pid 4997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4997] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5166] <... creat resumed>) = 4 [pid 5166] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4997] close(3 [pid 5166] <... futex resumed>) = 1 [pid 5164] <... futex resumed>) = 0 [pid 4997] <... close resumed>) = 0 [pid 5166] rename("./bus", "./file1" [pid 5164] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 4997] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4997] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5175 [pid 5163] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b31a35000 [pid 5163] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE) = 0 [ 80.031510][ T5168] NILFS (loop5): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 80.049810][ T5001] NILFS (loop4): discard dirty block: blocknr=24, size=4096 [ 80.057683][ T5001] NILFS (loop4): discard dirty page: offset=8192, ino=6 [pid 5163] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5176], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5176 ./strace-static-x86_64: Process 5176 attached [pid 5163] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] set_robust_list(0x7f0b31a559e0, 24 [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] <... set_robust_list resumed>) = 0 [pid 5176] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE) = 5 [pid 5176] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... write resumed>) = 2097152 ./strace-static-x86_64: Process 5175 attached [pid 5175] set_robust_list(0x5555563d95e0, 24 [pid 5164] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5175] <... set_robust_list resumed>) = 0 [pid 5164] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = 1 [pid 5175] chdir("./7" [pid 5164] <... futex resumed>) = 0 [pid 5163] <... futex resumed>) = 0 [pid 5176] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] <... chdir resumed>) = 0 [pid 5164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5175] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5164] <... mmap resumed>) = 0x7f0b31a35000 [pid 5175] <... prctl resumed>) = 0 [pid 5164] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5175] setpgid(0, 0 [pid 5164] <... mprotect resumed>) = 0 [pid 5175] <... setpgid resumed>) = 0 [ 80.076318][ T5168] NILFS error (device loop5): nilfs_bmap_truncate: broken bmap (inode number=15) [ 80.077010][ T5166] NILFS (loop2): DAT doesn't have a block to manage vblocknr = 38040525340672 [pid 5164] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5164] <... clone resumed>, parent_tid=[5177], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5177 [pid 5175] write(3, "1000", 4 [pid 5164] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... write resumed>) = 4 [pid 5164] <... futex resumed>) = 0 [pid 5175] close(3 [pid 5164] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] <... close resumed>) = 0 [pid 5175] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5173] munmap(0x7f0b31856000, 2097152./strace-static-x86_64: Process 5177 attached [pid 5175] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] set_robust_list(0x7f0b31a559e0, 24 [pid 5175] <... futex resumed>) = 0 [pid 5177] <... set_robust_list resumed>) = 0 [pid 5175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5177] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5175] <... mmap resumed>) = 0x7f0b39c56000 [pid 5173] <... munmap resumed>) = 0 [pid 5177] <... open resumed>) = 5 [pid 5175] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5173] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5000] <... umount2 resumed>) = 0 [pid 5177] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... mprotect resumed>) = 0 [pid 5173] <... openat resumed>) = 4 [pid 5177] <... futex resumed>) = 1 [pid 5175] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5173] ioctl(4, LOOP_SET_FD, 3 [pid 5164] <... futex resumed>) = 0 [pid 5177] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] <... clone resumed>, parent_tid=[5178], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5178 [pid 5175] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 80.127383][ T5001] NILFS (loop4): discard dirty block: blocknr=25, size=4096 [ 80.144632][ T5168] Remounting filesystem read-only [ 80.162223][ T5168] NILFS (loop5): error -5 truncating bmap (ino=15) [ 80.169454][ T5173] loop1: detected capacity change from 0 to 4096 [pid 5175] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5178 attached [pid 5173] <... ioctl resumed>) = 0 [pid 5168] <... rename resumed>) = 0 [pid 5000] umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5178] set_robust_list(0x7f0b39c769e0, 24 [pid 5173] close(3 [pid 5168] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] exit_group(0 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5000] lstat("./6/file1", [pid 5178] <... set_robust_list resumed>) = 0 [pid 5176] <... futex resumed>) = ? [pid 5173] <... close resumed>) = 0 [pid 5163] <... exit_group resumed>) = ? [pid 5000] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5178] memfd_create("syzkaller", 0 [pid 5176] +++ exited with 0 +++ [pid 5173] mkdir("./file1", 0777 [pid 5168] <... futex resumed>) = ? [pid 5000] umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5173] <... mkdir resumed>) = 0 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5178] <... memfd_create resumed>) = 3 [pid 5173] mount("/dev/loop1", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5000] openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5178] <... mmap resumed>) = 0x7f0b31856000 [pid 5000] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5168] +++ exited with 0 +++ [pid 5163] +++ exited with 0 +++ [pid 5000] getdents64(4, [pid 5002] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5163, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5000] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5000] getdents64(4, 0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5002] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5000] close(4 [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5000] <... close resumed>) = 0 [pid 5002] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5000] rmdir("./6/file1" [pid 5002] <... openat resumed>) = 3 [pid 5000] <... rmdir resumed>) = 0 [pid 5002] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5000] getdents64(3, [pid 5002] getdents64(3, [pid 5000] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5002] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5000] close(3 [pid 5002] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5000] <... close resumed>) = 0 [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5000] rmdir("./6" [pid 5002] lstat("./6/binderfs", [pid 5000] <... rmdir resumed>) = 0 [pid 5002] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5000] mkdir("./7", 0777 [pid 5002] unlink("./6/binderfs" [pid 5000] <... mkdir resumed>) = 0 [pid 5002] <... unlink resumed>) = 0 [pid 5000] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5002] umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5000] <... openat resumed>) = 3 [ 80.170181][ T5166] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=15) [ 80.203507][ T5166] Remounting filesystem read-only [ 80.210239][ T5173] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 80.212214][ T5166] NILFS (loop2): error -5 truncating bmap (ino=15) [pid 5000] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5000] close(3 [pid 5001] <... umount2 resumed>) = 0 [pid 5000] <... close resumed>) = 0 [pid 5166] <... rename resumed>) = 0 [pid 5166] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] exit_group(0 [pid 5177] <... futex resumed>) = ? [pid 5164] <... exit_group resumed>) = ? [pid 5178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5177] +++ exited with 0 +++ [pid 5166] +++ exited with 0 +++ [pid 5164] +++ exited with 0 +++ [pid 5000] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4999] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5164, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5001] umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5000] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5179 [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5179 attached [ 80.244110][ T5002] NILFS (loop5): discard dirty page: offset=0, ino=6 [ 80.258674][ T5173] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 4096) [ 80.273121][ T5002] NILFS (loop5): discard dirty block: blocknr=23, size=4096 [pid 5001] lstat("./6/file1", [pid 5179] set_robust_list(0x5555563d95e0, 24) = 0 [pid 5179] chdir("./7" [pid 4999] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5179] <... chdir resumed>) = 0 [pid 4999] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5179] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 4999] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5179] <... prctl resumed>) = 0 [pid 4999] <... openat resumed>) = 3 [pid 5179] setpgid(0, 0 [pid 4999] fstat(3, [pid 5179] <... setpgid resumed>) = 0 [pid 4999] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 4999] getdents64(3, [pid 5179] <... openat resumed>) = 3 [pid 4999] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5179] write(3, "1000", 4 [pid 4999] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5179] <... write resumed>) = 4 [pid 4999] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5179] close(3 [pid 4999] lstat("./6/binderfs", [pid 5179] <... close resumed>) = 0 [pid 4999] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5179] symlink("/dev/binderfs", "./binderfs" [pid 4999] unlink("./6/binderfs" [pid 5179] <... symlink resumed>) = 0 [pid 5001] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4999] <... unlink resumed>) = 0 [pid 5179] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4999] umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5179] <... futex resumed>) = 0 [pid 5001] umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b39c56000 [pid 5179] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5179] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5180], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5180 [pid 5179] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5180 attached [pid 5180] set_robust_list(0x7f0b39c769e0, 24) = 0 [pid 5180] memfd_create("syzkaller", 0) = 3 [pid 5180] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b31856000 [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5001] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(4, 0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5001] getdents64(4, 0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5001] close(4) = 0 [pid 5001] rmdir("./6/file1") = 0 [pid 5001] getdents64(3, 0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [ 80.291023][ T5002] NILFS (loop5): discard dirty page: offset=4096, ino=6 [ 80.302333][ T4999] NILFS (loop2): discard dirty page: offset=0, ino=6 [ 80.309563][ T4999] NILFS (loop2): discard dirty block: blocknr=23, size=4096 [ 80.312605][ T5002] NILFS (loop5): discard dirty block: blocknr=24, size=4096 [ 80.337256][ T4999] NILFS (loop2): discard dirty page: offset=4096, ino=6 [pid 5001] rmdir("./6" [pid 5173] <... mount resumed>) = 0 [pid 5001] <... rmdir resumed>) = 0 [pid 5001] mkdir("./7", 0777 [pid 5173] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5001] <... mkdir resumed>) = 0 [pid 5173] <... openat resumed>) = 3 [pid 5001] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5173] chdir("./file1" [pid 5001] <... openat resumed>) = 3 [pid 5173] <... chdir resumed>) = 0 [pid 5173] ioctl(4, LOOP_CLR_FD [pid 5001] ioctl(3, LOOP_CLR_FD [pid 5173] <... ioctl resumed>) = 0 [pid 5001] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5173] close(4 [pid 5178] <... write resumed>) = 2097152 [pid 5173] <... close resumed>) = 0 [pid 5001] close(3 [pid 5178] munmap(0x7f0b31856000, 2097152 [pid 5173] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5001] <... close resumed>) = 0 [pid 5178] <... munmap resumed>) = 0 [pid 5173] <... futex resumed>) = 1 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] creat("./bus", 026 [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5001] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5182 [pid 5178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ./strace-static-x86_64: Process 5182 attached [ 80.338049][ T5181] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 80.359228][ T5002] NILFS (loop5): discard dirty page: offset=8192, ino=6 [ 80.366640][ T5002] NILFS (loop5): discard dirty block: blocknr=25, size=4096 [ 80.368880][ T4999] NILFS (loop2): discard dirty block: blocknr=24, size=4096 [pid 5178] ioctl(4, LOOP_SET_FD, 3 [pid 5180] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5178] <... ioctl resumed>) = 0 [pid 5178] close(3) = 0 [pid 5182] set_robust_list(0x5555563d95e0, 24 [pid 5178] mkdir("./file1", 0777 [pid 5182] <... set_robust_list resumed>) = 0 [pid 5178] <... mkdir resumed>) = 0 [pid 5182] chdir("./7" [pid 5178] mount("/dev/loop0", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5173] <... creat resumed>) = 4 [pid 5002] <... umount2 resumed>) = 0 [pid 5182] <... chdir resumed>) = 0 [pid 5173] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5182] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5173] <... futex resumed>) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 80.391562][ T5178] loop0: detected capacity change from 0 to 4096 [pid 5173] rename("./bus", "./file1" [pid 5171] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] lstat("./6/file1", [pid 5182] <... prctl resumed>) = 0 [pid 5171] <... futex resumed>) = 0 [pid 5171] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] setpgid(0, 0 [pid 5002] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5182] <... setpgid resumed>) = 0 [pid 5002] umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5182] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5002] openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5002] fstat(4, [pid 5182] <... openat resumed>) = 3 [pid 5002] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5182] write(3, "1000", 4 [pid 5002] getdents64(4, [pid 5182] <... write resumed>) = 4 [pid 5182] close(3 [pid 5002] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5182] <... close resumed>) = 0 [pid 5002] getdents64(4, [pid 5182] symlink("/dev/binderfs", "./binderfs" [pid 5002] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5182] <... symlink resumed>) = 0 [pid 5002] close(4 [pid 5171] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 80.428841][ T5173] NILFS (loop1): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 80.438293][ T5178] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 80.452454][ T4999] NILFS (loop2): discard dirty page: offset=8192, ino=6 [ 80.461187][ T4999] NILFS (loop2): discard dirty block: blocknr=25, size=4096 [pid 5182] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] <... close resumed>) = 0 [pid 4999] <... umount2 resumed>) = 0 [pid 5182] <... futex resumed>) = 0 [pid 5171] <... futex resumed>) = 0 [ 80.470539][ T5178] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 4096) [pid 5002] rmdir("./6/file1" [pid 4999] umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5182] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5002] <... rmdir resumed>) = 0 [pid 5182] <... mmap resumed>) = 0x7f0b39c56000 [pid 5171] <... mmap resumed>) = 0x7f0b31a35000 [pid 5002] getdents64(3, [pid 4999] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5178] <... mount resumed>) = 0 [pid 5002] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 4999] lstat("./6/file1", [pid 5182] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5178] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5171] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 4999] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] close(3 [pid 5171] <... mprotect resumed>) = 0 [pid 5002] <... close resumed>) = 0 [pid 5182] <... mprotect resumed>) = 0 [pid 4999] umount2("./6/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5182] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5180] <... write resumed>) = 2097152 [pid 5178] <... openat resumed>) = 3 [pid 5171] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5002] rmdir("./6" [pid 4999] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5185 attached [pid 5180] munmap(0x7f0b31856000, 2097152 [pid 5178] chdir("./file1" [pid 5002] <... rmdir resumed>) = 0 [pid 4999] openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5185] set_robust_list(0x7f0b39c769e0, 24 [pid 5182] <... clone resumed>, parent_tid=[5185], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5185 [pid 5180] <... munmap resumed>) = 0 [pid 5178] <... chdir resumed>) = 0 [pid 5171] <... clone resumed>, parent_tid=[5184], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5184 [pid 5002] mkdir("./7", 0777 [pid 4999] <... openat resumed>) = 4 ./strace-static-x86_64: Process 5184 attached [pid 5184] set_robust_list(0x7f0b31a559e0, 24 [pid 5182] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5178] ioctl(4, LOOP_CLR_FD [pid 5171] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... set_robust_list resumed>) = 0 [pid 5180] <... openat resumed>) = 4 [pid 5002] <... mkdir resumed>) = 0 [pid 4999] fstat(4, [pid 5171] <... futex resumed>) = 0 [pid 5184] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5182] <... futex resumed>) = 0 [pid 5180] ioctl(4, LOOP_SET_FD, 3 [pid 5178] <... ioctl resumed>) = 0 [ 80.480669][ T5173] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=15) [ 80.503215][ T5183] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5171] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 4999] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5185] <... set_robust_list resumed>) = 0 [pid 5184] <... open resumed>) = 5 [pid 5182] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5178] close(4 [pid 5002] <... openat resumed>) = 3 [pid 4999] getdents64(4, [pid 5184] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] <... futex resumed>) = 0 [pid 5184] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5180] <... ioctl resumed>) = 0 [pid 5185] memfd_create("syzkaller", 0 [pid 5178] <... close resumed>) = 0 [pid 5173] <... rename resumed>) = 0 [pid 5002] ioctl(3, LOOP_CLR_FD [pid 5185] <... memfd_create resumed>) = 3 [pid 4999] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5185] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5178] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 4999] getdents64(4, [pid 5185] <... mmap resumed>) = 0x7f0b31856000 [pid 5178] <... futex resumed>) = 1 [pid 5175] <... futex resumed>) = 0 [pid 5171] exit_group(0 [pid 5002] close(3 [pid 4999] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5184] <... futex resumed>) = ? [pid 5178] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = ? [pid 5171] <... exit_group resumed>) = ? [pid 5002] <... close resumed>) = 0 [pid 4999] close(4 [pid 5184] +++ exited with 0 +++ [pid 5185] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5180] close(3 [pid 5178] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5175] <... futex resumed>) = 0 [pid 5173] +++ exited with 0 +++ [pid 5171] +++ exited with 0 +++ [pid 5002] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4999] <... close resumed>) = 0 [pid 5180] <... close resumed>) = 0 [pid 5178] creat("./bus", 026 [pid 5175] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4998] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5171, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5180] mkdir("./file1", 0777 [pid 4999] rmdir("./6/file1" [pid 4998] restart_syscall(<... resuming interrupted clone ...> [pid 5180] <... mkdir resumed>) = 0 [pid 5178] <... creat resumed>) = 4 [pid 5002] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5186 [pid 4999] <... rmdir resumed>) = 0 [pid 4998] <... restart_syscall resumed>) = 0 [ 80.544874][ T5173] Remounting filesystem read-only [ 80.545042][ T5180] loop3: detected capacity change from 0 to 4096 [ 80.550419][ T5173] NILFS (loop1): error -5 truncating bmap (ino=15) [pid 5180] mount("/dev/loop3", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5178] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4999] getdents64(3, ./strace-static-x86_64: Process 5186 attached [pid 5178] <... futex resumed>) = 1 [pid 5175] <... futex resumed>) = 0 [pid 4999] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5186] set_robust_list(0x5555563d95e0, 24 [pid 5185] <... write resumed>) = 2097152 [pid 5178] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 4999] close(3 [pid 4998] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5186] <... set_robust_list resumed>) = 0 [pid 5185] munmap(0x7f0b31856000, 2097152 [pid 5178] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5175] <... futex resumed>) = 0 [pid 4999] <... close resumed>) = 0 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5186] chdir("./7" [pid 5178] rename("./bus", "./file1" [pid 5175] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4999] rmdir("./6" [pid 4998] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5186] <... chdir resumed>) = 0 [pid 4998] <... openat resumed>) = 3 [pid 4999] <... rmdir resumed>) = 0 [pid 5186] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5185] <... munmap resumed>) = 0 [pid 4999] mkdir("./7", 0777 [pid 4998] fstat(3, [pid 5186] <... prctl resumed>) = 0 [pid 4998] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5186] setpgid(0, 0 [pid 4998] getdents64(3, [pid 5186] <... setpgid resumed>) = 0 [pid 4998] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 4998] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5186] <... openat resumed>) = 3 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5186] write(3, "1000", 4 [pid 4998] lstat("./7/binderfs", [pid 5186] <... write resumed>) = 4 [pid 4998] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5186] close(3 [pid 4998] unlink("./7/binderfs" [pid 5186] <... close resumed>) = 0 [pid 5185] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 4999] <... mkdir resumed>) = 0 [pid 4998] <... unlink resumed>) = 0 [pid 5186] symlink("/dev/binderfs", "./binderfs" [pid 4998] umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5186] <... symlink resumed>) = 0 [pid 5186] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b39c56000 [pid 5186] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE) = 0 [ 80.611426][ T5180] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 80.629673][ T5178] NILFS (loop0): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 80.640509][ T5178] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=15) [ 80.652544][ T4998] NILFS (loop1): discard dirty page: offset=0, ino=6 [pid 5186] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5185] <... openat resumed>) = 4 [pid 4999] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5186] <... clone resumed>, parent_tid=[5187], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5187 [pid 5185] ioctl(4, LOOP_SET_FD, 3 [pid 5186] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 4999] <... openat resumed>) = 3 [pid 5186] <... futex resumed>) = 0 [pid 5185] <... ioctl resumed>) = 0 [pid 5175] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 4999] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5187 attached [pid 5186] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5185] close(3 [pid 5175] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4999] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5187] set_robust_list(0x7f0b39c769e0, 24 [pid 5185] <... close resumed>) = 0 [pid 5175] <... futex resumed>) = 0 [pid 4999] close(3 [pid 5185] mkdir("./file1", 0777 [pid 5175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5187] <... set_robust_list resumed>) = 0 [pid 4999] <... close resumed>) = 0 [pid 5187] memfd_create("syzkaller", 0) = 3 [ 80.659276][ T4998] NILFS (loop1): discard dirty block: blocknr=23, size=4096 [ 80.667034][ T5178] Remounting filesystem read-only [ 80.674442][ T5185] loop4: detected capacity change from 0 to 4096 [ 80.674944][ T5180] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 4096) [ 80.699939][ T5178] NILFS (loop0): error -5 truncating bmap (ino=15) [pid 5187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b31856000 [pid 5185] <... mkdir resumed>) = 0 [pid 5175] <... mmap resumed>) = 0x7f0b31a35000 [pid 4999] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5185] mount("/dev/loop4", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5175] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5175] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4999] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5188 [pid 5178] <... rename resumed>) = 0 [pid 5178] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... clone resumed>, parent_tid=[5189], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5189 ./strace-static-x86_64: Process 5188 attached [pid 5188] set_robust_list(0x5555563d95e0, 24) = 0 [pid 5188] chdir("./7") = 0 [pid 5188] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5188] setpgid(0, 0 [pid 5178] <... futex resumed>) = 0 [pid 5175] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... setpgid resumed>) = 0 [pid 5188] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5178] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5189 attached [pid 5188] <... openat resumed>) = 3 [pid 5189] set_robust_list(0x7f0b31a559e0, 24) = 0 [pid 5188] write(3, "1000", 4 [pid 5189] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5188] <... write resumed>) = 4 [pid 5189] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5188] close(3 [pid 5189] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... close resumed>) = 0 [pid 5189] <... futex resumed>) = 0 [pid 5188] symlink("/dev/binderfs", "./binderfs" [pid 5175] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5189] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5188] <... symlink resumed>) = 0 [pid 5175] exit_group(0) = ? [pid 5178] <... futex resumed>) = ? [pid 5189] <... futex resumed>) = ? [pid 5188] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] +++ exited with 0 +++ [pid 5189] +++ exited with 0 +++ [pid 5175] +++ exited with 0 +++ [pid 5188] <... futex resumed>) = 0 [pid 4997] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5175, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- [ 80.707997][ T4998] NILFS (loop1): discard dirty page: offset=4096, ino=6 [ 80.719208][ T5185] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 80.719501][ T4998] NILFS (loop1): discard dirty block: blocknr=24, size=4096 [ 80.739235][ T4998] NILFS (loop1): discard dirty page: offset=8192, ino=6 [ 80.749101][ T4998] NILFS (loop1): discard dirty block: blocknr=25, size=4096 [pid 5188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b39c56000 [pid 5187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5188] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5188] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5191], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5191 [pid 5188] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] <... mount resumed>) = 0 [pid 5188] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5180] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5180] chdir("./file1") = 0 [pid 4997] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5180] ioctl(4, LOOP_CLR_FD [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5180] <... ioctl resumed>) = 0 [pid 5180] close(4 [pid 4997] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5191 attached [pid 5180] <... close resumed>) = 0 [pid 4998] <... umount2 resumed>) = 0 [pid 4997] <... openat resumed>) = 3 [pid 5191] set_robust_list(0x7f0b39c769e0, 24) = 0 [pid 5191] memfd_create("syzkaller", 0) = 3 [pid 5180] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4997] fstat(3, [pid 5191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5180] <... futex resumed>) = 1 [pid 5179] <... futex resumed>) = 0 [pid 4997] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4998] umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5191] <... mmap resumed>) = 0x7f0b31856000 [pid 5180] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5179] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] getdents64(3, [pid 5180] creat("./bus", 026 [pid 4998] lstat("./7/file1", [pid 4997] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 4998] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5180] <... creat resumed>) = 4 [pid 4998] umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5180] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5180] <... futex resumed>) = 1 [pid 5179] <... futex resumed>) = 0 [ 80.766692][ T5190] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 80.790321][ T5185] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 4096) [pid 4998] openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4997] lstat("./7/binderfs", [pid 5185] <... mount resumed>) = 0 [pid 5180] rename("./bus", "./file1" [pid 5179] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4998] <... openat resumed>) = 4 [pid 4997] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5185] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 4998] fstat(4, [pid 4997] unlink("./7/binderfs" [pid 5185] chdir("./file1" [pid 4997] <... unlink resumed>) = 0 [pid 4998] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5185] <... chdir resumed>) = 0 [pid 4997] umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4998] getdents64(4, 0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5185] ioctl(4, LOOP_CLR_FD [pid 4998] getdents64(4, [pid 5185] <... ioctl resumed>) = 0 [pid 4998] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5185] close(4 [pid 4998] close(4 [pid 5185] <... close resumed>) = 0 [pid 4998] <... close resumed>) = 0 [pid 5185] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] rmdir("./7/file1" [pid 5185] <... futex resumed>) = 1 [pid 4998] <... rmdir resumed>) = 0 [pid 5182] <... futex resumed>) = 0 [pid 5185] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5182] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] getdents64(3, [pid 5185] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5182] <... futex resumed>) = 0 [pid 4998] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5185] creat("./bus", 026 [pid 5182] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... rename resumed>) = 0 [pid 4998] close(3) = 0 [pid 5180] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 4998] rmdir("./7" [pid 5185] <... creat resumed>) = 4 [pid 5180] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5179] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5185] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5179] <... futex resumed>) = 0 [pid 4998] <... rmdir resumed>) = 0 [pid 5185] <... futex resumed>) = 1 [pid 5182] <... futex resumed>) = 0 [pid 5180] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 80.834953][ T5192] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 80.849572][ T5180] NILFS (loop3): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 80.858788][ T5180] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=15) [ 80.870356][ T5180] Remounting filesystem read-only [ 80.875935][ T5180] NILFS (loop3): error -5 truncating bmap (ino=15) [pid 4998] mkdir("./8", 0777 [pid 5185] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5182] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5179] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5179] exit_group(0) = ? [pid 5191] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5185] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5182] <... futex resumed>) = 0 [pid 4998] <... mkdir resumed>) = 0 [pid 5187] <... write resumed>) = 2097152 [pid 5185] rename("./bus", "./file1" [pid 5182] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] +++ exited with 0 +++ [pid 5179] +++ exited with 0 +++ [pid 4998] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5000] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5179, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 4998] <... openat resumed>) = 3 [pid 4998] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4998] close(3 [pid 5187] munmap(0x7f0b31856000, 2097152) = 0 [ 80.898035][ T4997] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 80.905254][ T4997] NILFS (loop0): discard dirty block: blocknr=23, size=4096 [ 80.914694][ T4997] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 80.924968][ T4997] NILFS (loop0): discard dirty block: blocknr=24, size=4096 [ 80.934958][ T5185] NILFS (loop4): DAT doesn't have a block to manage vblocknr = 38040525340672 [pid 4998] <... close resumed>) = 0 [pid 5187] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5187] ioctl(4, LOOP_SET_FD, 3 [pid 5000] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4998] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5191] <... write resumed>) = 2097152 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5187] <... ioctl resumed>) = 0 [pid 5187] close(3 [pid 5000] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4998] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5193 [pid 5000] <... openat resumed>) = 3 [pid 5000] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5000] getdents64(3, 0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5000] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5000] lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5000] unlink("./7/binderfs" [pid 5187] <... close resumed>) = 0 [pid 5000] <... unlink resumed>) = 0 [pid 5000] umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5187] mkdir("./file1", 0777) = 0 [pid 5182] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5182] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b31a35000 [pid 5182] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5187] mount("/dev/loop5", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5182] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 5193 attached [pid 5193] set_robust_list(0x5555563d95e0, 24) = 0 [ 80.944585][ T5185] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=15) [ 80.956662][ T5187] loop5: detected capacity change from 0 to 4096 [ 80.963504][ T4997] NILFS (loop0): discard dirty page: offset=8192, ino=6 [ 80.978702][ T5000] NILFS (loop3): discard dirty page: offset=0, ino=6 [ 80.987378][ T5000] NILFS (loop3): discard dirty block: blocknr=23, size=4096 [pid 5182] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5194 attached , parent_tid=[5194], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5194 [pid 5193] chdir("./8") = 0 [pid 5193] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5193] setpgid(0, 0) = 0 [pid 5193] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5191] munmap(0x7f0b31856000, 2097152 [pid 5193] write(3, "1000", 4 [pid 5182] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] <... write resumed>) = 4 [pid 5182] <... futex resumed>) = 0 [pid 5193] close(3 [pid 5182] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] set_robust_list(0x7f0b31a559e0, 24 [pid 5193] <... close resumed>) = 0 [pid 5193] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5191] <... munmap resumed>) = 0 [pid 5193] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b39c56000 [pid 5193] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5194] <... set_robust_list resumed>) = 0 [pid 5193] <... mprotect resumed>) = 0 [pid 5191] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5193] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5191] <... openat resumed>) = 4 [pid 5191] ioctl(4, LOOP_SET_FD, 3 [pid 5194] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5185] <... rename resumed>) = 0 [ 80.991431][ T5187] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 80.996221][ T4997] NILFS (loop0): discard dirty block: blocknr=25, size=4096 [ 81.014201][ T5000] NILFS (loop3): discard dirty page: offset=4096, ino=6 [ 81.022709][ T5185] Remounting filesystem read-only [ 81.028288][ T5185] NILFS (loop4): error -5 truncating bmap (ino=15) [ 81.035676][ T5000] NILFS (loop3): discard dirty block: blocknr=24, size=4096 [pid 5193] <... clone resumed>, parent_tid=[5195], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5195 [pid 5193] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5195 attached [pid 5194] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5185] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] set_robust_list(0x7f0b39c769e0, 24) = 0 [pid 5195] memfd_create("syzkaller", 0) = 3 [pid 5195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b31856000 [pid 5185] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... ioctl resumed>) = 0 [pid 5191] close(3 [pid 5182] <... futex resumed>) = 0 [pid 5194] <... futex resumed>) = 1 [pid 5182] exit_group(0 [pid 5185] <... futex resumed>) = ? [pid 5182] <... exit_group resumed>) = ? [pid 5185] +++ exited with 0 +++ [pid 5191] <... close resumed>) = 0 [pid 5191] mkdir("./file1", 0777 [pid 5194] +++ exited with 0 +++ [pid 5182] +++ exited with 0 +++ [pid 5191] <... mkdir resumed>) = 0 [pid 5191] mount("/dev/loop2", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5182, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5001] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 81.039383][ T5191] loop2: detected capacity change from 0 to 4096 [ 81.049827][ T5000] NILFS (loop3): discard dirty page: offset=8192, ino=6 [ 81.057282][ T5000] NILFS (loop3): discard dirty block: blocknr=25, size=4096 [pid 5001] lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4997] <... umount2 resumed>) = 0 [pid 5001] unlink("./7/binderfs" [pid 4997] umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5001] <... unlink resumed>) = 0 [pid 5001] umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] lstat("./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4997] openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5195] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5000] <... umount2 resumed>) = 0 [pid 4997] <... openat resumed>) = 4 [pid 4997] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] getdents64(4, 0x5555563e2660 /* 2 entries */, 32768) = 48 [ 81.099815][ T5191] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 81.115991][ T5001] NILFS (loop4): discard dirty page: offset=0, ino=6 [ 81.127879][ T5187] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 4096) [ 81.139566][ T5191] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 4096) [pid 4997] getdents64(4, 0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 4997] close(4) = 0 [pid 4997] rmdir("./7/file1") = 0 [pid 4997] getdents64(3, 0x5555563da620 /* 0 entries */, 32768) = 0 [pid 4997] close(3 [pid 5000] umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4997] <... close resumed>) = 0 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] rmdir("./7" [pid 5000] lstat("./7/file1", [pid 4997] <... rmdir resumed>) = 0 [pid 5000] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] mkdir("./8", 0777 [pid 5000] umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4997] <... mkdir resumed>) = 0 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4997] ioctl(3, LOOP_CLR_FD [pid 5000] openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4997] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5000] fstat(4, [pid 4997] close(3 [pid 5000] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] <... close resumed>) = 0 [pid 5191] <... mount resumed>) = 0 [pid 5191] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5191] chdir("./file1") = 0 [pid 5191] ioctl(4, LOOP_CLR_FD) = 0 [pid 5191] close(4) = 0 [pid 5191] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] <... futex resumed>) = 0 [pid 5188] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5000] getdents64(4, [pid 4997] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5188] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5000] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5191] <... futex resumed>) = 1 [pid 5191] creat("./bus", 026 [pid 5000] getdents64(4, [pid 4997] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5198 ./strace-static-x86_64: Process 5198 attached [pid 5000] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [ 81.150880][ T5001] NILFS (loop4): discard dirty block: blocknr=23, size=4096 [ 81.162493][ T5001] NILFS (loop4): discard dirty page: offset=4096, ino=6 [ 81.171396][ T5001] NILFS (loop4): discard dirty block: blocknr=24, size=4096 [ 81.179962][ T5001] NILFS (loop4): discard dirty page: offset=8192, ino=6 [ 81.187949][ T5001] NILFS (loop4): discard dirty block: blocknr=25, size=4096 [pid 5000] close(4 [pid 5198] set_robust_list(0x5555563d95e0, 24 [pid 5195] <... write resumed>) = 2097152 [pid 5187] <... mount resumed>) = 0 [pid 5000] <... close resumed>) = 0 [pid 5198] <... set_robust_list resumed>) = 0 [pid 5000] rmdir("./7/file1" [pid 5198] chdir("./8" [pid 5195] munmap(0x7f0b31856000, 2097152 [pid 5191] <... creat resumed>) = 4 [pid 5187] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5001] <... umount2 resumed>) = 0 [pid 5000] <... rmdir resumed>) = 0 [pid 5198] <... chdir resumed>) = 0 [pid 5195] <... munmap resumed>) = 0 [pid 5191] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... openat resumed>) = 3 [pid 5001] umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5000] getdents64(3, [pid 5188] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5198] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5195] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5191] <... futex resumed>) = 0 [ 81.220816][ T5196] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 81.233007][ T5197] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5188] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] chdir("./file1" [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5000] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5198] <... prctl resumed>) = 0 [pid 5188] <... futex resumed>) = 0 [pid 5000] close(3 [pid 5198] setpgid(0, 0 [pid 5195] <... openat resumed>) = 4 [pid 5191] rename("./bus", "./file1" [pid 5188] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5187] <... chdir resumed>) = 0 [pid 5001] lstat("./7/file1", [pid 5000] <... close resumed>) = 0 [pid 5198] <... setpgid resumed>) = 0 [pid 5195] ioctl(4, LOOP_SET_FD, 3 [pid 5000] rmdir("./7" [pid 5198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5001] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5000] <... rmdir resumed>) = 0 [pid 5198] <... openat resumed>) = 3 [pid 5000] mkdir("./8", 0777 [pid 5198] write(3, "1000", 4 [pid 5000] <... mkdir resumed>) = 0 [pid 5198] <... write resumed>) = 4 [pid 5000] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5198] close(3 [pid 5000] <... openat resumed>) = 3 [pid 5198] <... close resumed>) = 0 [pid 5000] ioctl(3, LOOP_CLR_FD [pid 5198] symlink("/dev/binderfs", "./binderfs" [pid 5000] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5198] <... symlink resumed>) = 0 [pid 5000] close(3 [pid 5198] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5000] <... close resumed>) = 0 [pid 5198] <... futex resumed>) = 0 [pid 5187] ioctl(4, LOOP_CLR_FD [pid 5001] umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5000] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b39c56000 [pid 5000] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5199 [pid 5198] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5198] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5200], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5200 [pid 5198] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5200 attached [pid 5200] set_robust_list(0x7f0b39c769e0, 24) = 0 [pid 5200] memfd_create("syzkaller", 0./strace-static-x86_64: Process 5199 attached [pid 5199] set_robust_list(0x5555563d95e0, 24 [pid 5187] <... ioctl resumed>) = 0 [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5187] close(4 [pid 5001] openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5200] <... memfd_create resumed>) = 3 [pid 5199] <... set_robust_list resumed>) = 0 [pid 5187] <... close resumed>) = 0 [pid 5001] <... openat resumed>) = 4 [pid 5200] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5199] chdir("./8" [pid 5187] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5001] fstat(4, [pid 5200] <... mmap resumed>) = 0x7f0b31856000 [pid 5199] <... chdir resumed>) = 0 [pid 5187] <... futex resumed>) = 1 [pid 5186] <... futex resumed>) = 0 [pid 5001] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5199] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5195] <... ioctl resumed>) = 0 [pid 5187] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... prctl resumed>) = 0 [pid 5199] setpgid(0, 0) = 0 [pid 5199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5199] write(3, "1000", 4) = 4 [pid 5199] close(3) = 0 [pid 5199] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5199] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b39c56000 [pid 5001] getdents64(4, [pid 5199] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5187] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5186] <... futex resumed>) = 0 [pid 5001] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5195] close(3 [pid 5199] <... mprotect resumed>) = 0 [pid 5199] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5195] <... close resumed>) = 0 [pid 5187] creat("./bus", 026 [pid 5186] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5001] getdents64(4, [pid 5199] <... clone resumed>, parent_tid=[5201], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5201 [pid 5195] mkdir("./file1", 0777 [pid 5188] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5001] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5199] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... creat resumed>) = 4 [pid 5199] <... futex resumed>) = 0 [pid 5188] <... futex resumed>) = 0 [pid 5187] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5195] <... mkdir resumed>) = 0 [pid 5188] <... mmap resumed>) = 0x7f0b31a35000 [pid 5187] <... futex resumed>) = 1 [pid 5186] <... futex resumed>) = 0 [pid 5001] close(4./strace-static-x86_64: Process 5201 attached [pid 5188] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5187] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] set_robust_list(0x7f0b39c769e0, 24 [pid 5188] <... mprotect resumed>) = 0 [pid 5201] <... set_robust_list resumed>) = 0 [pid 5188] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [ 81.274937][ T5195] loop1: detected capacity change from 0 to 4096 [ 81.282047][ T5191] NILFS (loop2): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 81.311576][ T5191] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=15) [pid 5186] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] memfd_create("syzkaller", 0 [pid 5195] mount("/dev/loop1", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5187] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5186] <... futex resumed>) = 0 [pid 5001] <... close resumed>) = 0 [pid 5201] <... memfd_create resumed>) = 3 [pid 5188] <... clone resumed>, parent_tid=[5202], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5202 [pid 5201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5188] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] rename("./bus", "./file1" [pid 5186] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5001] rmdir("./7/file1" [pid 5201] <... mmap resumed>) = 0x7f0b31856000 [pid 5188] <... futex resumed>) = 0 [pid 5188] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5001] <... rmdir resumed>) = 0 [pid 5200] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5001] getdents64(3, 0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5001] close(3) = 0 [pid 5001] rmdir("./7") = 0 [pid 5001] mkdir("./8", 0777./strace-static-x86_64: Process 5202 attached ) = 0 [pid 5202] set_robust_list(0x7f0b31a559e0, 24 [pid 5001] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [ 81.336992][ T5195] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 81.349337][ T5187] NILFS (loop5): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 81.359454][ T5191] Remounting filesystem read-only [ 81.379879][ T5191] NILFS (loop2): error -5 truncating bmap (ino=15) [pid 5001] ioctl(3, LOOP_CLR_FD [pid 5202] <... set_robust_list resumed>) = 0 [pid 5001] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5186] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5001] close(3 [pid 5202] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5201] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5200] <... write resumed>) = 2097152 [pid 5188] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5186] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5001] <... close resumed>) = 0 [pid 5186] <... futex resumed>) = 0 [pid 5186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b31a35000 [pid 5202] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5186] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5202] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... mprotect resumed>) = 0 [pid 5186] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5202] <... futex resumed>) = 0 [pid 5202] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] <... clone resumed>, parent_tid=[5203], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5203 [pid 5001] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5204 [pid 5186] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] <... rename resumed>) = 0 ./strace-static-x86_64: Process 5204 attached [ 81.388387][ T5187] NILFS error (device loop5): nilfs_bmap_truncate: broken bmap (inode number=15) [ 81.408969][ T5195] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 4096) [pid 5191] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] set_robust_list(0x5555563d95e0, 24 [pid 5191] <... futex resumed>) = 0 [pid 5188] exit_group(0) = ? [pid 5191] +++ exited with 0 +++ ./strace-static-x86_64: Process 5203 attached [pid 5203] set_robust_list(0x7f0b31a559e0, 24) = 0 [pid 5202] <... futex resumed>) = ? [pid 5203] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE) = 5 [pid 5203] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] +++ exited with 0 +++ [pid 5188] +++ exited with 0 +++ [pid 5186] <... futex resumed>) = 0 [pid 5203] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4999] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5188, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5200] munmap(0x7f0b31856000, 2097152 [pid 5204] <... set_robust_list resumed>) = 0 [pid 4999] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4999] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4999] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4999] getdents64(3, [pid 5204] chdir("./8" [pid 4999] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5204] <... chdir resumed>) = 0 [pid 4999] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5200] <... munmap resumed>) = 0 [pid 4999] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4999] lstat("./7/binderfs", [pid 5200] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 4999] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5204] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5200] <... openat resumed>) = 4 [pid 4999] unlink("./7/binderfs" [pid 5204] <... prctl resumed>) = 0 [pid 5187] <... rename resumed>) = 0 [pid 5204] setpgid(0, 0 [pid 5187] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] <... setpgid resumed>) = 0 [pid 5187] <... futex resumed>) = 0 [pid 5204] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5187] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4999] <... unlink resumed>) = 0 [pid 5204] <... openat resumed>) = 3 [pid 5200] ioctl(4, LOOP_SET_FD, 3 [pid 5204] write(3, "1000", 4) = 4 [pid 5204] close(3 [pid 5186] exit_group(0 [pid 4999] umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5204] <... close resumed>) = 0 [pid 5204] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5204] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b39c56000 [pid 5204] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5204] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5206], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5206 [pid 5204] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5201] <... write resumed>) = 2097152 [pid 5201] munmap(0x7f0b31856000, 2097152 [pid 5203] <... futex resumed>) = ? [pid 5187] <... futex resumed>) = ? [pid 5186] <... exit_group resumed>) = ? [ 81.437040][ T5187] Remounting filesystem read-only [ 81.454437][ T5187] NILFS (loop5): error -5 truncating bmap (ino=15) [ 81.473656][ T5200] loop0: detected capacity change from 0 to 4096 [pid 5203] +++ exited with 0 +++ [pid 5187] +++ exited with 0 +++ [pid 5201] <... munmap resumed>) = 0 [pid 5201] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5186] +++ exited with 0 +++ [pid 5002] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5186, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- [pid 5201] <... openat resumed>) = 4 [pid 5201] ioctl(4, LOOP_SET_FD, 3 [pid 5195] <... mount resumed>) = 0 [pid 5195] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5195] chdir("./file1") = 0 [pid 5195] ioctl(4, LOOP_CLR_FD) = 0 [pid 5195] close(4 [pid 5200] <... ioctl resumed>) = 0 [pid 5195] <... close resumed>) = 0 [pid 5195] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] <... futex resumed>) = 0 [pid 5195] creat("./bus", 026 [pid 5193] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] <... ioctl resumed>) = 0 [pid 5201] close(3) = 0 [pid 5201] mkdir("./file1", 0777) = 0 ./strace-static-x86_64: Process 5206 attached [pid 5201] mount("/dev/loop3", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5200] close(3 [pid 5206] set_robust_list(0x7f0b39c769e0, 24 [pid 5200] <... close resumed>) = 0 [pid 5206] <... set_robust_list resumed>) = 0 [pid 5200] mkdir("./file1", 0777 [pid 5206] memfd_create("syzkaller", 0 [pid 5200] <... mkdir resumed>) = 0 [pid 5002] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5206] <... memfd_create resumed>) = 3 [pid 5200] mount("/dev/loop0", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5206] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5002] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5206] <... mmap resumed>) = 0x7f0b31856000 [pid 5002] <... openat resumed>) = 3 [ 81.484276][ T4999] NILFS (loop2): discard dirty page: offset=0, ino=6 [ 81.485372][ T5201] loop3: detected capacity change from 0 to 4096 [ 81.492010][ T5205] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 81.509071][ T4999] NILFS (loop2): discard dirty block: blocknr=23, size=4096 [ 81.518304][ T4999] NILFS (loop2): discard dirty page: offset=4096, ino=6 [pid 5002] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] getdents64(3, 0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5002] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5002] lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5002] unlink("./7/binderfs") = 0 [pid 5002] umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5193] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5195] <... creat resumed>) = 4 [pid 5193] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] <... futex resumed>) = 0 [pid 5195] <... futex resumed>) = 0 [pid 5193] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5195] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] <... mmap resumed>) = 0x7f0b31a35000 [pid 5193] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5193] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5207], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5207 [pid 5193] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 81.532274][ T5201] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 81.540807][ T4999] NILFS (loop2): discard dirty block: blocknr=24, size=4096 [ 81.549699][ T5200] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 81.563552][ T4999] NILFS (loop2): discard dirty page: offset=8192, ino=6 [ 81.571424][ T5201] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 4096) [pid 5193] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5207 attached [pid 5207] set_robust_list(0x7f0b31a559e0, 24) = 0 [pid 5207] rename("./bus", "./file1" [pid 5206] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5193] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5193] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = 0 [pid 5193] <... futex resumed>) = 1 [pid 5195] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5193] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... open resumed>) = 5 [pid 5195] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] <... futex resumed>) = 0 [ 81.572063][ T4999] NILFS (loop2): discard dirty block: blocknr=25, size=4096 [ 81.593226][ T5002] NILFS (loop5): discard dirty page: offset=0, ino=6 [ 81.602342][ T5200] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 4096) [ 81.612837][ T5002] NILFS (loop5): discard dirty block: blocknr=23, size=4096 [ 81.613096][ T5207] NILFS (loop1): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 81.621796][ T5002] NILFS (loop5): discard dirty page: offset=4096, ino=6 [pid 5195] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5200] <... mount resumed>) = 0 [pid 5200] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5200] chdir("./file1") = 0 [pid 5200] ioctl(4, LOOP_CLR_FD) = 0 [pid 5200] close(4) = 0 [pid 4999] <... umount2 resumed>) = 0 [ 81.641845][ T5207] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=15) [ 81.651314][ T5208] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 81.678007][ T5002] NILFS (loop5): discard dirty block: blocknr=24, size=4096 [pid 5200] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [pid 4999] umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5200] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 4999] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5200] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5198] <... futex resumed>) = 0 [pid 4999] lstat("./7/file1", [pid 5200] creat("./bus", 026 [pid 5198] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] <... mount resumed>) = 0 [pid 5002] <... umount2 resumed>) = 0 [pid 4999] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5206] <... write resumed>) = 2097152 [pid 5201] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5200] <... creat resumed>) = 4 [pid 5002] umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4999] umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5201] <... openat resumed>) = 3 [pid 5200] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5201] chdir("./file1" [pid 5200] <... futex resumed>) = 1 [pid 5198] <... futex resumed>) = 0 [pid 4999] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5201] <... chdir resumed>) = 0 [pid 5200] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] lstat("./7/file1", [pid 4999] openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5201] ioctl(4, LOOP_CLR_FD [pid 5200] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5198] <... futex resumed>) = 0 [pid 5201] <... ioctl resumed>) = 0 [pid 5200] rename("./bus", "./file1" [pid 5198] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4999] <... openat resumed>) = 4 [pid 5002] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 81.686763][ T5002] NILFS (loop5): discard dirty page: offset=8192, ino=6 [ 81.694663][ T5002] NILFS (loop5): discard dirty block: blocknr=25, size=4096 [ 81.718794][ T5209] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5201] close(4) = 0 [pid 5002] umount2("./7/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4999] fstat(4, [pid 5201] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] munmap(0x7f0b31856000, 2097152 [pid 5201] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5206] <... munmap resumed>) = 0 [pid 5206] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5206] ioctl(4, LOOP_SET_FD, 3 [pid 5199] <... futex resumed>) = 0 [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4999] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5199] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4999] getdents64(4, [pid 5002] <... openat resumed>) = 4 [pid 5201] <... futex resumed>) = 0 [pid 5199] <... futex resumed>) = 1 [pid 5201] creat("./bus", 026 [pid 5002] fstat(4, [pid 4999] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5199] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4999] getdents64(4, [pid 5002] getdents64(4, 0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 4999] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5002] getdents64(4, [pid 4999] close(4 [pid 5201] <... creat resumed>) = 4 [pid 5002] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 4999] <... close resumed>) = 0 [pid 5201] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5199] <... futex resumed>) = 0 [pid 5002] close(4 [pid 4999] rmdir("./7/file1" [pid 5199] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 4999] <... rmdir resumed>) = 0 [pid 5201] <... futex resumed>) = 0 [pid 5199] <... futex resumed>) = 1 [pid 5002] <... close resumed>) = 0 [pid 4999] getdents64(3, [pid 5201] rename("./bus", "./file1" [pid 5199] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 81.747787][ T5200] NILFS (loop0): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 81.757278][ T5200] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=15) [ 81.763936][ T5206] loop4: detected capacity change from 0 to 4096 [ 81.773508][ T5207] Remounting filesystem read-only [ 81.778617][ T5207] NILFS (loop1): error -5 truncating bmap (ino=15) [pid 5002] rmdir("./7/file1" [pid 4999] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5207] <... rename resumed>) = 0 [pid 5198] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] <... rmdir resumed>) = 0 [pid 5198] <... futex resumed>) = 0 [pid 5002] getdents64(3, [pid 4999] close(3 [pid 5207] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5002] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5207] <... futex resumed>) = 0 [pid 5198] <... mmap resumed>) = 0x7f0b31a35000 [pid 5193] exit_group(0 [pid 4999] <... close resumed>) = 0 [pid 5198] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5195] <... futex resumed>) = ? [pid 5193] <... exit_group resumed>) = ? [pid 5002] close(3 [pid 5206] <... ioctl resumed>) = 0 [pid 5198] <... mprotect resumed>) = 0 [pid 5195] +++ exited with 0 +++ [pid 4999] rmdir("./7" [pid 5206] close(3 [pid 5198] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5002] <... close resumed>) = 0 [pid 5206] <... close resumed>) = 0 [pid 5206] mkdir("./file1", 0777) = 0 [pid 5002] rmdir("./7" [pid 4999] <... rmdir resumed>) = 0 [pid 5206] mount("/dev/loop4", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, ""./strace-static-x86_64: Process 5210 attached [pid 5207] +++ exited with 0 +++ [pid 5198] <... clone resumed>, parent_tid=[5210], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5210 [pid 5193] +++ exited with 0 +++ [pid 5002] <... rmdir resumed>) = 0 [ 81.799555][ T5201] NILFS (loop3): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 81.808993][ T5200] Remounting filesystem read-only [ 81.830866][ T5206] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 81.840174][ T5201] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=15) [pid 4999] mkdir("./8", 0777 [pid 5198] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] mkdir("./8", 0777 [pid 5210] set_robust_list(0x7f0b31a559e0, 24 [pid 5199] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5198] <... futex resumed>) = 0 [pid 5002] <... mkdir resumed>) = 0 [pid 4999] <... mkdir resumed>) = 0 [pid 4998] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5193, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5210] <... set_robust_list resumed>) = 0 [pid 5200] <... rename resumed>) = 0 [pid 5199] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 4999] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5210] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5200] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 0 [pid 5002] <... openat resumed>) = 3 [pid 4999] <... openat resumed>) = 3 [pid 5210] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5210] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] ioctl(3, LOOP_CLR_FD [pid 4999] ioctl(3, LOOP_CLR_FD [pid 4998] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5199] <... mmap resumed>) = 0x7f0b31a35000 [pid 5210] <... futex resumed>) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5210] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5002] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5198] exit_group(0 [pid 4999] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5198] <... exit_group resumed>) = ? [pid 5210] <... futex resumed>) = ? [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5210] +++ exited with 0 +++ [pid 5002] close(3 [pid 4999] close(3 [pid 5199] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 4998] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5002] <... close resumed>) = 0 [pid 5200] <... futex resumed>) = ? [pid 5199] <... mprotect resumed>) = 0 [pid 5002] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4999] <... close resumed>) = 0 [pid 4998] <... openat resumed>) = 3 [pid 5199] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 4999] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4998] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5199] <... clone resumed>, parent_tid=[5213], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5213 [pid 5002] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5211 [pid 4999] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5212 [pid 5199] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] getdents64(3, 0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5199] <... futex resumed>) = 0 [pid 4998] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5199] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4998] lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4998] unlink("./8/binderfs") = 0 [pid 4998] umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5211 attached [pid 5211] set_robust_list(0x5555563d95e0, 24) = 0 [pid 5211] chdir("./8"./strace-static-x86_64: Process 5213 attached [pid 5213] set_robust_list(0x7f0b31a559e0, 24) = 0 [pid 5213] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE) = -1 EROFS (Read-only file system) [pid 5211] <... chdir resumed>) = 0 [pid 5211] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5213] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... prctl resumed>) = 0 [pid 5213] <... futex resumed>) = 1 [pid 5211] setpgid(0, 0 [pid 5213] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5211] <... setpgid resumed>) = 0 [pid 5211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5199] <... futex resumed>) = 0 [pid 5211] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5212 attached [pid 5212] set_robust_list(0x5555563d95e0, 24 [pid 5200] +++ exited with 0 +++ [pid 5198] +++ exited with 0 +++ [pid 4997] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5198, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 5212] <... set_robust_list resumed>) = 0 [pid 5211] write(3, "1000", 4 [pid 4997] restart_syscall(<... resuming interrupted clone ...> [pid 5212] chdir("./8" [pid 5211] <... write resumed>) = 4 [ 81.851170][ T5206] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 4096) [ 81.853116][ T5200] NILFS (loop0): error -5 truncating bmap (ino=15) [ 81.863066][ T5201] Remounting filesystem read-only [ 81.879048][ T5201] NILFS (loop3): error -5 truncating bmap (ino=15) [ 81.894405][ T4998] NILFS (loop1): discard dirty page: offset=0, ino=6 [pid 4997] <... restart_syscall resumed>) = 0 [pid 5212] <... chdir resumed>) = 0 [pid 5211] close(3) = 0 [pid 5211] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5211] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b39c56000 [pid 5211] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5211] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5215], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5215 [pid 5211] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 4997] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5211] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5201] <... rename resumed>) = 0 [pid 5212] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5206] <... mount resumed>) = 0 [pid 5201] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5212] <... prctl resumed>) = 0 [pid 5206] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5201] <... futex resumed>) = 0 [pid 4997] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5212] setpgid(0, 0 [pid 5206] <... openat resumed>) = 3 [pid 5201] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5215 attached [pid 5212] <... setpgid resumed>) = 0 [pid 5206] chdir("./file1" [pid 5199] exit_group(0 [pid 4997] <... openat resumed>) = 3 [pid 5215] set_robust_list(0x7f0b39c769e0, 24 [pid 5213] <... futex resumed>) = ? [pid 5212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5206] <... chdir resumed>) = 0 [pid 5201] <... futex resumed>) = ? [pid 5199] <... exit_group resumed>) = ? [pid 4997] fstat(3, [pid 5215] <... set_robust_list resumed>) = 0 [pid 5213] +++ exited with 0 +++ [pid 5212] <... openat resumed>) = 3 [pid 5206] ioctl(4, LOOP_CLR_FD [pid 5201] +++ exited with 0 +++ [pid 5199] +++ exited with 0 +++ [pid 4997] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5212] write(3, "1000", 4 [pid 5000] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5199, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5212] <... write resumed>) = 4 [pid 4997] getdents64(3, [pid 5212] close(3 [pid 5215] memfd_create("syzkaller", 0 [pid 5212] <... close resumed>) = 0 [pid 5206] <... ioctl resumed>) = 0 [pid 4997] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5215] <... memfd_create resumed>) = 3 [pid 5212] symlink("/dev/binderfs", "./binderfs" [pid 5206] close(4 [pid 5000] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4997] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5206] <... close resumed>) = 0 [pid 5212] <... symlink resumed>) = 0 [pid 5215] <... mmap resumed>) = 0x7f0b31856000 [pid 5212] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5212] <... futex resumed>) = 0 [pid 5206] <... futex resumed>) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5000] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4997] lstat("./8/binderfs", [pid 5212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5206] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5000] <... openat resumed>) = 3 [pid 5212] <... mmap resumed>) = 0x7f0b39c56000 [pid 5206] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5204] <... futex resumed>) = 0 [pid 5000] fstat(3, [pid 4997] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5206] creat("./bus", 026 [pid 5204] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5000] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] unlink("./8/binderfs" [pid 5212] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5000] getdents64(3, [pid 4997] <... unlink resumed>) = 0 [pid 5000] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5212] <... mprotect resumed>) = 0 [pid 5000] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4997] umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5212] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5000] lstat("./8/binderfs", [pid 5212] <... clone resumed>, parent_tid=[5216], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5216 [pid 5212] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5000] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5212] <... futex resumed>) = 0 [pid 5206] <... creat resumed>) = 4 [ 81.909087][ T4998] NILFS (loop1): discard dirty block: blocknr=23, size=4096 [ 81.922895][ T5214] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5000] unlink("./8/binderfs" [pid 5212] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5206] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5206] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5000] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 5216 attached [pid 5206] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5204] <... futex resumed>) = 0 [pid 5216] set_robust_list(0x7f0b39c769e0, 24 [pid 5206] rename("./bus", "./file1" [pid 5204] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5000] umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5216] <... set_robust_list resumed>) = 0 [pid 5216] memfd_create("syzkaller", 0) = 3 [pid 5216] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5215] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5216] <... mmap resumed>) = 0x7f0b31856000 [pid 5204] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5204] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 81.973231][ T5206] NILFS (loop4): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 81.979844][ T4998] NILFS (loop1): discard dirty page: offset=4096, ino=6 [ 81.999808][ T4998] NILFS (loop1): discard dirty block: blocknr=24, size=4096 [ 82.000118][ T5206] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=15) [ 82.007257][ T4998] NILFS (loop1): discard dirty page: offset=8192, ino=6 [pid 5204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b31a35000 [pid 5204] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5204] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5217], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5217 [pid 5204] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152./strace-static-x86_64: Process 5217 attached [pid 5217] set_robust_list(0x7f0b31a559e0, 24) = 0 [pid 5217] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE) = 5 [pid 5217] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] <... futex resumed>) = 0 [pid 5217] <... futex resumed>) = 1 [ 82.034299][ T4997] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 82.046356][ T4997] NILFS (loop0): discard dirty block: blocknr=23, size=4096 [ 82.065566][ T5000] NILFS (loop3): discard dirty page: offset=0, ino=6 [ 82.072857][ T4997] NILFS (loop0): discard dirty page: offset=4096, ino=6 [pid 5217] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5215] <... write resumed>) = 2097152 [pid 5215] munmap(0x7f0b31856000, 2097152) = 0 [pid 5215] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 82.080490][ T4998] NILFS (loop1): discard dirty block: blocknr=25, size=4096 [ 82.087731][ T5206] Remounting filesystem read-only [ 82.093825][ T5000] NILFS (loop3): discard dirty block: blocknr=23, size=4096 [ 82.116499][ T4997] NILFS (loop0): discard dirty block: blocknr=24, size=4096 [ 82.126064][ T5206] NILFS (loop4): error -5 truncating bmap (ino=15) [pid 5215] ioctl(4, LOOP_SET_FD, 3 [pid 5206] <... rename resumed>) = 0 [pid 5206] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] exit_group(0 [pid 5217] <... futex resumed>) = ? [pid 5204] <... exit_group resumed>) = ? [pid 5217] +++ exited with 0 +++ [pid 4998] <... umount2 resumed>) = 0 [pid 5206] <... futex resumed>) = ? [pid 4998] umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5216] <... write resumed>) = 2097152 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5216] munmap(0x7f0b31856000, 2097152 [pid 5206] +++ exited with 0 +++ [pid 5204] +++ exited with 0 +++ [pid 5001] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5204, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5001] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5001] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5001] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5001] getdents64(3, 0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5001] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5001] lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5001] unlink("./8/binderfs" [pid 5215] <... ioctl resumed>) = 0 [pid 5001] <... unlink resumed>) = 0 [pid 5215] close(3 [pid 5001] umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5215] <... close resumed>) = 0 [pid 4998] lstat("./8/file1", [pid 5216] <... munmap resumed>) = 0 [pid 5215] mkdir("./file1", 0777 [pid 4998] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5216] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5215] <... mkdir resumed>) = 0 [pid 5216] <... openat resumed>) = 4 [pid 5215] mount("/dev/loop5", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [ 82.142009][ T5215] loop5: detected capacity change from 0 to 4096 [ 82.150338][ T5000] NILFS (loop3): discard dirty page: offset=4096, ino=6 [ 82.163501][ T4997] NILFS (loop0): discard dirty page: offset=8192, ino=6 [ 82.173233][ T5001] NILFS (loop4): discard dirty page: offset=0, ino=6 [ 82.180102][ T5000] NILFS (loop3): discard dirty block: blocknr=24, size=4096 [pid 5216] ioctl(4, LOOP_SET_FD, 3 [pid 4998] umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4998] openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4998] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5216] <... ioctl resumed>) = 0 [pid 5216] close(3 [pid 4998] getdents64(4, [pid 5216] <... close resumed>) = 0 [pid 5216] mkdir("./file1", 0777 [pid 4998] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [ 82.183838][ T5216] loop2: detected capacity change from 0 to 4096 [ 82.188191][ T4997] NILFS (loop0): discard dirty block: blocknr=25, size=4096 [ 82.195271][ T5001] NILFS (loop4): discard dirty block: blocknr=23, size=4096 [ 82.209654][ T5215] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 82.220238][ T5000] NILFS (loop3): discard dirty page: offset=8192, ino=6 [ 82.227461][ T5000] NILFS (loop3): discard dirty block: blocknr=25, size=4096 [pid 4998] getdents64(4, 0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 4998] close(4) = 0 [pid 5216] <... mkdir resumed>) = 0 [pid 5216] mount("/dev/loop2", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 4998] rmdir("./8/file1") = 0 [pid 4998] getdents64(3, 0x5555563da620 /* 0 entries */, 32768) = 0 [pid 4998] close(3) = 0 [pid 4998] rmdir("./8") = 0 [pid 4998] mkdir("./9", 0777) = 0 [pid 4998] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 4998] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 82.239249][ T5215] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 4096) [ 82.253587][ T5216] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 82.280869][ T5001] NILFS (loop4): discard dirty page: offset=4096, ino=6 [pid 4998] close(3 [pid 4997] <... umount2 resumed>) = 0 [pid 4998] <... close resumed>) = 0 [pid 4998] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4997] umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4998] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5218 [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] lstat("./8/file1", ./strace-static-x86_64: Process 5218 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4997] openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5218] set_robust_list(0x5555563d95e0, 24 [pid 4997] fstat(4, [pid 5218] <... set_robust_list resumed>) = 0 [pid 4997] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] getdents64(4, 0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 4997] getdents64(4, 0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 4997] close(4) = 0 [pid 5218] chdir("./9" [pid 4997] rmdir("./8/file1" [pid 5218] <... chdir resumed>) = 0 [pid 4997] <... rmdir resumed>) = 0 [pid 4997] getdents64(3, [ 82.284314][ T5216] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 4096) [ 82.311696][ T5001] NILFS (loop4): discard dirty block: blocknr=24, size=4096 [ 82.328556][ T5219] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4997] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5215] <... mount resumed>) = 0 [pid 5215] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5215] chdir("./file1") = 0 [pid 5215] ioctl(4, LOOP_CLR_FD) = 0 [pid 5215] close(4) = 0 [pid 5215] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] <... futex resumed>) = 1 [pid 5215] creat("./bus", 026 [pid 4997] close(3 [pid 5218] setpgid(0, 0 [pid 4997] <... close resumed>) = 0 [pid 4997] rmdir("./8" [pid 5218] <... setpgid resumed>) = 0 [pid 4997] <... rmdir resumed>) = 0 [pid 5218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 4997] mkdir("./9", 0777 [pid 5218] <... openat resumed>) = 3 [pid 4997] <... mkdir resumed>) = 0 [pid 5218] write(3, "1000", 4) = 4 [pid 5000] <... umount2 resumed>) = 0 [pid 4997] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5000] umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5218] close(3 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] <... openat resumed>) = 3 [pid 5218] <... close resumed>) = 0 [pid 5218] symlink("/dev/binderfs", "./binderfs" [pid 4997] ioctl(3, LOOP_CLR_FD [pid 5000] lstat("./8/file1", [pid 5218] <... symlink resumed>) = 0 [pid 5000] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5218] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4997] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5000] umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5218] <... futex resumed>) = 0 [pid 4997] close(3 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 4997] <... close resumed>) = 0 [pid 4997] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5000] openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5218] <... mmap resumed>) = 0x7f0b39c56000 [pid 5000] <... openat resumed>) = 4 [pid 5000] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5000] getdents64(4, 0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5000] getdents64(4, 0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5218] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5000] close(4) = 0 [pid 5218] <... mprotect resumed>) = 0 [pid 5000] rmdir("./8/file1" [pid 5218] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5000] <... rmdir resumed>) = 0 [pid 4997] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5220 ./strace-static-x86_64: Process 5221 attached ./strace-static-x86_64: Process 5220 attached [pid 5218] <... clone resumed>, parent_tid=[5221], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5221 [pid 5000] getdents64(3, 0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5221] set_robust_list(0x7f0b39c769e0, 24 [pid 5220] set_robust_list(0x5555563d95e0, 24 [pid 5218] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5000] close(3 [pid 5221] <... set_robust_list resumed>) = 0 [pid 5220] <... set_robust_list resumed>) = 0 [pid 5218] <... futex resumed>) = 0 [pid 5221] memfd_create("syzkaller", 0 [pid 5220] chdir("./9" [pid 5218] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5000] <... close resumed>) = 0 [pid 5221] <... memfd_create resumed>) = 3 [pid 5220] <... chdir resumed>) = 0 [pid 5221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5220] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5221] <... mmap resumed>) = 0x7f0b31856000 [pid 5220] <... prctl resumed>) = 0 [pid 5000] rmdir("./8") = 0 [pid 5000] mkdir("./9", 0777 [pid 5211] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5000] <... mkdir resumed>) = 0 [pid 5211] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5000] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5211] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5000] <... openat resumed>) = 3 [pid 5211] <... futex resumed>) = 0 [pid 5000] ioctl(3, LOOP_CLR_FD [pid 5211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5000] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5220] setpgid(0, 0 [pid 5211] <... mmap resumed>) = 0x7f0b31a35000 [pid 5000] close(3 [pid 5220] <... setpgid resumed>) = 0 [pid 5211] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5000] <... close resumed>) = 0 [pid 5220] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5211] <... mprotect resumed>) = 0 [pid 5000] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5220] <... openat resumed>) = 3 [pid 5211] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5220] write(3, "1000", 4 [pid 5000] <... clone resumed>, child_tidptr=0x5555563d95d0) = 5222 [pid 5220] <... write resumed>) = 4 [pid 5211] <... clone resumed>, parent_tid=[5223], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5223 ./strace-static-x86_64: Process 5222 attached [pid 5220] close(3 [pid 5211] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] <... close resumed>) = 0 [pid 5211] <... futex resumed>) = 0 [pid 5220] symlink("/dev/binderfs", "./binderfs" [ 82.341327][ T5001] NILFS (loop4): discard dirty page: offset=8192, ino=6 [ 82.369902][ T5001] NILFS (loop4): discard dirty block: blocknr=25, size=4096 [pid 5211] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5223 attached [pid 5220] <... symlink resumed>) = 0 [pid 5220] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] set_robust_list(0x5555563d95e0, 24 [pid 5220] <... futex resumed>) = 0 [pid 5223] set_robust_list(0x7f0b31a559e0, 24 [pid 5222] <... set_robust_list resumed>) = 0 [pid 5221] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5215] <... creat resumed>) = 4 [pid 5223] <... set_robust_list resumed>) = 0 [pid 5222] chdir("./9" [pid 5215] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5001] <... umount2 resumed>) = 0 [pid 5223] rename("./bus", "./file1" [pid 5222] <... chdir resumed>) = 0 [pid 5220] <... mmap resumed>) = 0x7f0b39c56000 [pid 5215] <... futex resumed>) = 0 [pid 5222] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5220] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5215] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5001] umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5222] <... prctl resumed>) = 0 [pid 5220] <... mprotect resumed>) = 0 [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5222] setpgid(0, 0 [pid 5220] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5001] lstat("./8/file1", [pid 5222] <... setpgid resumed>) = 0 [pid 5001] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5222] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5220] <... clone resumed>, parent_tid=[5224], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5224 [pid 5001] umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5222] <... openat resumed>) = 3 [pid 5220] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] write(3, "1000", 4 [pid 5220] <... futex resumed>) = 0 [pid 5001] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5222] <... write resumed>) = 4 [pid 5220] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5001] openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5224 attached [pid 5222] close(3 [pid 5001] <... openat resumed>) = 4 [pid 5224] set_robust_list(0x7f0b39c769e0, 24 [pid 5222] <... close resumed>) = 0 [pid 5001] fstat(4, [pid 5224] <... set_robust_list resumed>) = 0 [pid 5222] symlink("/dev/binderfs", "./binderfs" [pid 5001] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5222] <... symlink resumed>) = 0 [pid 5222] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5001] getdents64(4, [pid 5224] memfd_create("syzkaller", 0 [pid 5222] <... futex resumed>) = 0 [pid 5001] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5224] <... memfd_create resumed>) = 3 [pid 5222] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5001] getdents64(4, [pid 5224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5222] <... mmap resumed>) = 0x7f0b39c56000 [pid 5001] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5224] <... mmap resumed>) = 0x7f0b31856000 [pid 5222] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5221] <... write resumed>) = 2097152 [pid 5001] close(4 [pid 5211] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5211] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5211] <... futex resumed>) = 1 [pid 5215] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5211] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] <... mprotect resumed>) = 0 [pid 5215] <... open resumed>) = 5 [pid 5001] <... close resumed>) = 0 [pid 5215] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5211] <... futex resumed>) = 0 [ 82.438591][ T5223] NILFS (loop5): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 82.474355][ T27] kauditd_printk_skb: 7 callbacks suppressed [pid 5224] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5222] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5221] munmap(0x7f0b31856000, 2097152 [pid 5216] <... mount resumed>) = 0 [pid 5215] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5001] rmdir("./8/file1" [pid 5216] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5216] chdir("./file1" [pid 5221] <... munmap resumed>) = 0 [pid 5216] <... chdir resumed>) = 0 [pid 5216] ioctl(4, LOOP_CLR_FD [pid 5001] <... rmdir resumed>) = 0 [pid 5222] <... clone resumed>, parent_tid=[5226], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5226 [pid 5221] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5216] <... ioctl resumed>) = 0 [pid 5001] getdents64(3, [pid 5222] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... openat resumed>) = 4 [pid 5216] close(4 [pid 5001] <... getdents64 resumed>0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5222] <... futex resumed>) = 0 [pid 5221] ioctl(4, LOOP_SET_FD, 3 [pid 5216] <... close resumed>) = 0 [pid 5001] close(3 [pid 5222] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5216] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 82.474372][ T27] audit: type=1804 audit(1683463071.733:34): pid=5215 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor323" name="/root/syzkaller.Vob5rp/8/file1/file1" dev="loop5" ino=18 res=1 errno=0 [ 82.480492][ T5223] NILFS error (device loop5): nilfs_bmap_truncate: broken bmap (inode number=15) [ 82.490954][ T5225] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5212] <... futex resumed>) = 0 [pid 5221] <... ioctl resumed>) = 0 [pid 5216] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5001] <... close resumed>) = 0 [pid 5221] close(3 [pid 5216] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5212] <... futex resumed>) = 0 [pid 5001] rmdir("./8"./strace-static-x86_64: Process 5226 attached [pid 5221] <... close resumed>) = 0 [pid 5216] creat("./bus", 026 [pid 5212] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5001] <... rmdir resumed>) = 0 [pid 5226] set_robust_list(0x7f0b39c769e0, 24 [pid 5221] mkdir("./file1", 0777 [pid 5001] mkdir("./9", 0777 [pid 5226] <... set_robust_list resumed>) = 0 [pid 5221] <... mkdir resumed>) = 0 [pid 5001] <... mkdir resumed>) = 0 [pid 5226] memfd_create("syzkaller", 0 [pid 5221] mount("/dev/loop1", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5001] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5226] <... memfd_create resumed>) = 3 [pid 5001] <... openat resumed>) = 3 [ 82.533060][ T5221] loop1: detected capacity change from 0 to 4096 [pid 5226] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f0b31856000 [pid 5224] <... write resumed>) = 2097152 [pid 5001] ioctl(3, LOOP_CLR_FD [pid 5224] munmap(0x7f0b31856000, 2097152 [pid 5001] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5001] close(3) = 0 [pid 5001] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563d95d0) = 5227 [pid 5224] <... munmap resumed>) = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5212] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5224] <... openat resumed>) = 4 [pid 5212] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] ioctl(4, LOOP_SET_FD, 3 [pid 5212] <... futex resumed>) = 0 [ 82.567148][ T5221] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 82.569166][ T5223] Remounting filesystem read-only [ 82.597464][ T5221] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 4096) [pid 5212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 5227 attached ) = 0x7f0b31a35000 [pid 5227] set_robust_list(0x5555563d95e0, 24 [pid 5212] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5227] <... set_robust_list resumed>) = 0 [pid 5212] <... mprotect resumed>) = 0 [pid 5227] chdir("./9" [pid 5212] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5227] <... chdir resumed>) = 0 [pid 5226] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5224] <... ioctl resumed>) = 0 [pid 5227] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5224] close(3 [pid 5212] <... clone resumed>, parent_tid=[5228], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5228 [pid 5227] <... prctl resumed>) = 0 [pid 5224] <... close resumed>) = 0 [pid 5212] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5228 attached [pid 5227] setpgid(0, 0 [pid 5224] mkdir("./file1", 0777 [pid 5212] <... futex resumed>) = 0 [pid 5228] set_robust_list(0x7f0b31a559e0, 24 [pid 5227] <... setpgid resumed>) = 0 [pid 5224] <... mkdir resumed>) = 0 [pid 5212] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] <... set_robust_list resumed>) = 0 [pid 5227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5224] mount("/dev/loop0", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5228] rename("./bus", "./file1" [pid 5227] <... openat resumed>) = 3 [ 82.618356][ T5224] loop0: detected capacity change from 0 to 4096 [ 82.658122][ T5224] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [pid 5227] write(3, "1000", 4) = 4 [pid 5227] close(3) = 0 [pid 5227] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5227] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f0b39c56000 [pid 5227] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5216] <... creat resumed>) = 4 [pid 5227] <... mprotect resumed>) = 0 [pid 5216] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5216] <... futex resumed>) = 0 [pid 5221] <... mount resumed>) = 0 [pid 5216] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5212] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5221] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5212] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... openat resumed>) = 3 [pid 5216] <... futex resumed>) = 0 [pid 5212] <... futex resumed>) = 1 [pid 5221] chdir("./file1" [pid 5216] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5212] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5221] <... chdir resumed>) = 0 [pid 5221] ioctl(4, LOOP_CLR_FD) = 0 [pid 5221] close(4) = 0 ./strace-static-x86_64: Process 5230 attached [pid 5227] <... clone resumed>, parent_tid=[5230], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5230 [pid 5221] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] set_robust_list(0x7f0b39c769e0, 24 [pid 5227] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... write resumed>) = 2097152 [pid 5223] <... rename resumed>) = 0 [pid 5221] <... futex resumed>) = 1 [ 82.664871][ T5223] NILFS (loop5): error -5 truncating bmap (ino=15) [ 82.677163][ T5016] udevd[5016]: incorrect nilfs2 checksum on /dev/loop0 [ 82.690036][ T5224] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 4096) [ 82.702793][ T5229] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5218] <... futex resumed>) = 0 [pid 5230] <... set_robust_list resumed>) = 0 [pid 5228] <... rename resumed>) = 0 [pid 5227] <... futex resumed>) = 0 [pid 5226] munmap(0x7f0b31856000, 2097152 [pid 5223] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] exit_group(0 [pid 5230] memfd_create("syzkaller", 0 [pid 5228] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5226] <... munmap resumed>) = 0 [pid 5223] <... futex resumed>) = ? [pid 5221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5218] <... futex resumed>) = 0 [pid 5215] <... futex resumed>) = ? [pid 5211] <... exit_group resumed>) = ? [pid 5230] <... memfd_create resumed>) = 3 [pid 5228] <... futex resumed>) = 0 [pid 5226] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5223] +++ exited with 0 +++ [pid 5221] creat("./bus", 026 [pid 5215] +++ exited with 0 +++ [pid 5212] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5211] +++ exited with 0 +++ [pid 5228] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5218] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5211, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5226] <... openat resumed>) = 4 [pid 5230] <... mmap resumed>) = 0x7f0b31856000 [pid 5224] <... mount resumed>) = 0 [ 82.736336][ T5216] NILFS (loop2): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 82.757614][ T5231] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 82.775188][ T5216] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=15) [pid 5226] ioctl(4, LOOP_SET_FD, 3 [pid 5224] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5221] <... creat resumed>) = 4 [pid 5224] <... openat resumed>) = 3 [pid 5221] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] chdir("./file1" [pid 5221] <... futex resumed>) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5002] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5226] <... ioctl resumed>) = 0 [pid 5224] <... chdir resumed>) = 0 [pid 5221] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5230] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 2097152 [pid 5226] close(3 [pid 5224] ioctl(4, LOOP_CLR_FD [pid 5221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5218] <... futex resumed>) = 0 [pid 5002] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5226] <... close resumed>) = 0 [pid 5224] <... ioctl resumed>) = 0 [pid 5221] rename("./bus", "./file1" [pid 5218] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] <... openat resumed>) = 3 [ 82.780283][ T5226] loop3: detected capacity change from 0 to 4096 [pid 5226] mkdir("./file1", 0777 [pid 5224] close(4 [pid 5002] fstat(3, [pid 5226] <... mkdir resumed>) = 0 [pid 5224] <... close resumed>) = 0 [pid 5002] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5226] mount("/dev/loop3", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 5224] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] getdents64(3, [pid 5224] <... futex resumed>) = 1 [pid 5220] <... futex resumed>) = 0 [pid 5002] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5224] creat("./bus", 026 [pid 5220] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5002] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [ 82.813892][ T5221] NILFS (loop1): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 82.826684][ T5221] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=15) [ 82.838830][ T5226] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 82.853510][ T5216] Remounting filesystem read-only [pid 5220] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5002] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5218] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5002] lstat("./8/binderfs", [pid 5218] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5218] <... futex resumed>) = 0 [pid 5002] unlink("./8/binderfs" [pid 5218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5002] <... unlink resumed>) = 0 [pid 5218] <... mmap resumed>) = 0x7f0b31a35000 [pid 5002] umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5224] <... creat resumed>) = 4 [pid 5218] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5224] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... mprotect resumed>) = 0 [pid 5224] <... futex resumed>) = 1 [pid 5220] <... futex resumed>) = 0 [pid 5218] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5224] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... clone resumed>, parent_tid=[5232], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5232 [pid 5218] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5220] <... futex resumed>) = 0 [pid 5224] rename("./bus", "./file1" [ 82.859005][ T5216] NILFS (loop2): error -5 truncating bmap (ino=15) [pid 5220] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5232 attached [pid 5230] <... write resumed>) = 2097152 [pid 5232] set_robust_list(0x7f0b31a559e0, 24 [pid 5230] munmap(0x7f0b31856000, 2097152 [pid 5232] <... set_robust_list resumed>) = 0 [pid 5230] <... munmap resumed>) = 0 [pid 5232] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5218] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 82.890991][ T5226] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 4096) [ 82.900584][ T5221] Remounting filesystem read-only [ 82.908365][ T5002] NILFS (loop5): discard dirty page: offset=0, ino=6 [ 82.911250][ T5221] NILFS (loop1): error -5 truncating bmap (ino=15) [ 82.915844][ T5224] NILFS (loop0): DAT doesn't have a block to manage vblocknr = 38040525340672 [pid 5232] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5230] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5232] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... openat resumed>) = 4 [pid 5220] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5232] <... futex resumed>) = 0 [pid 5230] ioctl(4, LOOP_SET_FD, 3 [pid 5220] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5216] <... open resumed>) = -1 EROFS (Read-only file system) [pid 5232] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] <... futex resumed>) = 0 [pid 5216] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... ioctl resumed>) = 0 [pid 5220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5216] <... futex resumed>) = 0 [pid 5212] exit_group(0 [pid 5230] close(3 [pid 5228] <... futex resumed>) = ? [pid 5220] <... mmap resumed>) = 0x7f0b31a35000 [pid 5212] <... exit_group resumed>) = ? [pid 5230] <... close resumed>) = 0 [pid 5228] +++ exited with 0 +++ [pid 5220] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5216] +++ exited with 0 +++ [pid 5212] +++ exited with 0 +++ [pid 5220] <... mprotect resumed>) = 0 [pid 4999] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5212, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 5230] mkdir("./file1", 0777 [pid 5220] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5233], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5233 [pid 4999] umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5220] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 4999] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5220] <... futex resumed>) = 0 [pid 4999] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5220] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4999] <... openat resumed>) = 3 [pid 4999] fstat(3, ./strace-static-x86_64: Process 5233 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5233] set_robust_list(0x7f0b31a559e0, 24 [pid 4999] getdents64(3, [pid 5233] <... set_robust_list resumed>) = 0 [pid 5230] <... mkdir resumed>) = 0 [ 82.934361][ T5002] NILFS (loop5): discard dirty block: blocknr=23, size=4096 [ 82.951199][ T5230] loop4: detected capacity change from 0 to 4096 [ 82.964693][ T5216] syz-executor323 (5216) used greatest stack depth: 19136 bytes left [ 82.969930][ T5002] NILFS (loop5): discard dirty page: offset=4096, ino=6 [ 82.981010][ T5224] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=15) [pid 4999] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5233] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 4999] umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5233] <... open resumed>) = 5 [pid 5230] mount("/dev/loop4", "./file1", "nilfs2", MS_NODEV|MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_LAZYTIME, "" [pid 4999] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5233] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4999] lstat("./8/binderfs", [pid 5233] <... futex resumed>) = 1 [pid 5220] <... futex resumed>) = 0 [pid 4999] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5233] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 4999] unlink("./8/binderfs") = 0 [pid 4999] umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5221] <... rename resumed>) = 0 [ 82.993782][ T27] audit: type=1804 audit(1683463072.253:35): pid=5233 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor323" name="/root/syzkaller.SxEkc1/9/file1/file1" dev="loop0" ino=18 res=1 errno=0 [ 83.000100][ T5002] NILFS (loop5): discard dirty block: blocknr=24, size=4096 [ 83.026043][ T5230] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 83.026573][ T5002] NILFS (loop5): discard dirty page: offset=8192, ino=6 [pid 5221] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... mount resumed>) = 0 [pid 5221] <... futex resumed>) = 0 [pid 5226] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 5221] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] exit_group(0 [pid 5226] <... openat resumed>) = 3 [pid 5218] <... exit_group resumed>) = ? [pid 5232] <... futex resumed>) = ? [pid 5226] chdir("./file1" [pid 5221] <... futex resumed>) = ? [pid 5232] +++ exited with 0 +++ [pid 5226] <... chdir resumed>) = 0 [ 83.044947][ T5234] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 83.045448][ T4999] NILFS (loop2): discard dirty page: offset=8192, ino=6 [ 83.056447][ T5230] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 4096) [ 83.065418][ T5002] NILFS (loop5): discard dirty block: blocknr=25, size=4096 [ 83.082135][ T5224] Remounting filesystem read-only [ 83.087485][ T5224] NILFS (loop0): error -5 truncating bmap (ino=15) [pid 5226] ioctl(4, LOOP_CLR_FD [pid 5221] +++ exited with 0 +++ [pid 5218] +++ exited with 0 +++ [pid 5226] <... ioctl resumed>) = 0 [pid 5226] close(4) = 0 [pid 4998] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5218, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 4998] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4998] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4998] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5226] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] getdents64(3, [pid 5226] <... futex resumed>) = 1 [pid 5222] <... futex resumed>) = 0 [pid 4998] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 5226] creat("./bus", 026 [pid 5222] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5222] <... futex resumed>) = 0 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5222] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4998] lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4998] unlink("./9/binderfs" [pid 5226] <... creat resumed>) = 4 [pid 4998] <... unlink resumed>) = 0 [pid 5226] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 4998] umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5226] <... futex resumed>) = 1 [pid 5222] <... futex resumed>) = 0 [pid 5226] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] <... rename resumed>) = 0 [pid 5222] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5224] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] <... futex resumed>) = 0 [pid 5226] rename("./bus", "./file1" [pid 5224] <... futex resumed>) = 0 [pid 5222] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] exit_group(0 [pid 5233] <... futex resumed>) = ? [pid 5220] <... exit_group resumed>) = ? [pid 5233] +++ exited with 0 +++ [pid 5224] <... futex resumed>) = ? [ 83.096259][ T4999] NILFS (loop2): discard dirty block: blocknr=25, size=4096 [ 83.121571][ T4998] NILFS (loop1): discard dirty page: offset=0, ino=6 [ 83.130393][ T4998] NILFS (loop1): discard dirty block: blocknr=23, size=4096 [ 83.138037][ T4998] NILFS (loop1): discard dirty page: offset=4096, ino=6 [pid 5224] +++ exited with 0 +++ [pid 5220] +++ exited with 0 +++ [pid 5230] <... mount resumed>) = 0 [pid 5230] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY [pid 4997] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5220, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5230] <... openat resumed>) = 3 [pid 5222] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5222] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] chdir("./file1" [pid 5222] <... futex resumed>) = 0 [pid 5230] <... chdir resumed>) = 0 [pid 5222] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5230] ioctl(4, LOOP_CLR_FD [pid 5222] <... mmap resumed>) = 0x7f0b31a35000 [pid 5230] <... ioctl resumed>) = 0 [pid 5222] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [ 83.151349][ T5226] NILFS (loop3): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 83.162379][ T4998] NILFS (loop1): discard dirty block: blocknr=24, size=4096 [ 83.171135][ T5235] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 83.172341][ T4999] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer [ 83.181876][ T5226] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=15) [pid 5230] close(4 [pid 5222] <... mprotect resumed>) = 0 [pid 5230] <... close resumed>) = 0 [pid 5230] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5230] <... futex resumed>) = 1 [pid 5227] <... futex resumed>) = 0 [pid 5230] creat("./bus", 026 [pid 5227] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 4997] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5227] <... futex resumed>) = 0 [pid 5222] <... clone resumed>, parent_tid=[5236], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5236 [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5227] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5222] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000 [pid 4997] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5222] <... futex resumed>) = 0 [pid 5222] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 4997] <... openat resumed>) = 3 [pid 4997] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] getdents64(3, 0x5555563da620 /* 4 entries */, 32768) = 112 [pid 4997] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4997] lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4997] unlink("./9/binderfs") = 0 [pid 4997] umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5236 attached [pid 5236] set_robust_list(0x7f0b31a559e0, 24) = 0 [ 83.203355][ T4998] NILFS (loop1): discard dirty page: offset=8192, ino=6 [ 83.226657][ T27] audit: type=1804 audit(1683463072.483:36): pid=5236 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor323" name="/root/syzkaller.wEQC0i/9/file1/file1" dev="loop3" ino=18 res=1 errno=0 [pid 5236] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE) = 5 [pid 5227] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5222] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5227] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5236] futex(0x7f0b39d5079c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... mmap resumed>) = 0x7f0b31a35000 [pid 5227] mprotect(0x7f0b31a36000, 131072, PROT_READ|PROT_WRITE [pid 5236] <... futex resumed>) = 0 [pid 5227] <... mprotect resumed>) = 0 [pid 5227] clone(child_stack=0x7f0b31a553f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5236] futex(0x7f0b39d50798, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5227] <... clone resumed>, parent_tid=[5237], tls=0x7f0b31a55700, child_tidptr=0x7f0b31a559d0) = 5237 [pid 5227] futex(0x7f0b39d50798, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7f0b39d5079c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... creat resumed>) = 4 [pid 5230] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5237 attached [pid 5237] set_robust_list(0x7f0b31a559e0, 24) = 0 [pid 5237] rename("./bus", "./file1" [pid 5002] <... umount2 resumed>) = 0 [pid 5002] umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5002] lstat("./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] umount2("./8/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5002] openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5002] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5002] getdents64(4, 0x5555563e2660 /* 2 entries */, 32768) = 48 [ 83.259902][ T4998] NILFS (loop1): discard dirty block: blocknr=25, size=4096 [ 83.273408][ T4999] NILFS (loop2): DAT doesn't have a block to manage vblocknr = 38040525340672 [ 83.289265][ T4997] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 83.297924][ T5237] NILFS (loop4): DAT doesn't have a block to manage vblocknr = 38040525340672 [pid 5002] getdents64(4, 0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5002] close(4) = 0 [pid 5002] rmdir("./8/file1") = 0 [pid 5002] getdents64(3, 0x5555563da620 /* 0 entries */, 32768) = 0 [pid 5002] close(3) = 0 [pid 5002] rmdir("./8") = 0 [pid 5002] mkdir("./9", 0777) = 0 [pid 5002] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5227] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5002] ioctl(3, LOOP_CLR_FD [pid 5227] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000 [pid 5002] <... ioctl resumed>) = -1 ENXIO (No such device or address) [ 83.304448][ T4997] NILFS (loop0): discard dirty block: blocknr=23, size=4096 [pid 5002] close(3) = 0 [pid 5002] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563d95d0) = 5238 [pid 5227] <... futex resumed>) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5230] open("./file1", O_RDONLY|O_TRUNC|O_NONBLOCK|O_SYNC|O_LARGEFILE [pid 5227] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... open resumed>) = 5 [pid 5230] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5238 attached [ 83.331305][ T5226] Remounting filesystem read-only [ 83.341373][ T27] audit: type=1804 audit(1683463072.603:37): pid=5230 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor323" name="/root/syzkaller.YPcgfn/9/file1/file1" dev="loop4" ino=18 res=1 errno=0 [ 83.366067][ T5226] NILFS (loop3): error -5 truncating bmap (ino=15) [pid 5238] set_robust_list(0x5555563d95e0, 24 [pid 5230] <... futex resumed>) = 1 [pid 5227] <... futex resumed>) = 0 [pid 5238] <... set_robust_list resumed>) = 0 [pid 5238] chdir("./9") = 0 [pid 5238] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5230] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] setpgid(0, 0 [pid 5226] <... rename resumed>) = 0 [pid 5238] <... setpgid resumed>) = 0 [pid 5238] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5238] write(3, "1000", 4) = 4 [pid 5238] close(3) = 0 [pid 5238] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5226] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7f0b39d5078c, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] futex(0x7f0b39d50788, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] <... futex resumed>) = 0 [pid 4998] <... umount2 resumed>) = 0 [pid 5238] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5222] exit_group(0 [pid 5238] <... mmap resumed>) = 0x7f0b39c56000 [pid 5222] <... exit_group resumed>) = ? [pid 5238] mprotect(0x7f0b39c57000, 131072, PROT_READ|PROT_WRITE [pid 5236] <... futex resumed>) = ? [pid 5226] <... futex resumed>) = ? [pid 5238] <... mprotect resumed>) = 0 [pid 5238] clone(child_stack=0x7f0b39c763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5239], tls=0x7f0b39c76700, child_tidptr=0x7f0b39c769d0) = 5239 [pid 5238] futex(0x7f0b39d50788, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] futex(0x7f0b39d5078c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 4998] umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4998] lstat("./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4998] umount2("./9/file1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5236] +++ exited with 0 +++ [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4998] openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5226] +++ exited with 0 +++ [pid 5222] +++ exited with 0 +++ [pid 4998] <... openat resumed>) = 4 [pid 5000] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5222, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 4998] fstat(4, [pid 5000] umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4998] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4998] getdents64(4, [pid 5000] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5239 attached [pid 4998] <... getdents64 resumed>0x5555563e2660 /* 2 entries */, 32768) = 48 [pid 5000] <... openat resumed>) = 3 [pid 4998] getdents64(4, [pid 5000] fstat(3, [pid 4998] <... getdents64 resumed>0x5555563e2660 /* 0 entries */, 32768) = 0 [pid 5000] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5000] getdents64(3, [pid 4998] close(4 [pid 5000] <... getdents64 resumed>0x5555563da620 /* 4 entries */, 32768) = 112 [pid 4998] <... close resumed>) = 0 [ 83.367954][ T4999] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=15) [ 83.380182][ T4997] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 83.390634][ T5237] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=15) [ 83.392293][ T4997] NILFS (loop0): discard dirty block: blocknr=24, size=4096 [ 83.417586][ T4997] NILFS (loop0): discard dirty page: offset=8192, ino=6 [pid 5239] set_robust_list(0x7f0b39c769e0, 24 [pid 5000] umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4998] rmdir("./9/file1" [pid 5239] <... set_robust_list resumed>) = 0 [pid 4998] <... rmdir resumed>) = 0 [pid 4998] getdents64(3, 0x5555563da620 /* 0 entries */, 32768) = 0 [pid 4998] close(3) = 0 [pid 4998] rmdir("./9") = 0 [pid 4998] mkdir("./10", 0777) = 0 [pid 4998] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 4998] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4998] close(3) = 0 [pid 4998] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555563d95d0) = 5240 [ 83.433637][ T5237] Remounting filesystem read-only [ 83.438814][ T5237] NILFS (loop4): error -5 truncating bmap (ino=15) [ 83.445610][ T4997] NILFS (loop0): discard dirty block: blocknr=25, size=4096 [ 83.453023][ T4999] NILFS (loop2): error -5 truncating bmap (ino=15) [ 83.453129][ T4999] ================================================================== [ 83.467949][ T4999] BUG: KASAN: slab-use-after-free in nilfs_load_inode_block+0x11e/0x280 [ 83.476346][ T4999] Read of size 8 at addr ffff88801f47f430 by task syz-executor323/4999 [ 83.484620][ T4999] [ 83.487048][ T4999] CPU: 0 PID: 4999 Comm: syz-executor323 Not tainted 6.3.0-syzkaller-13466-gfc4354c6e5c2 #0 [ 83.497217][ T4999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 83.507444][ T4999] Call Trace: [ 83.510739][ T4999] [ 83.513677][ T4999] dump_stack_lvl+0x1e7/0x2d0 [ 83.518379][ T4999] ? nf_tcp_handle_invalid+0x650/0x650 [ 83.523942][ T4999] ? panic+0x770/0x770 [ 83.528200][ T4999] ? _printk+0xd5/0x120 [ 83.532369][ T4999] print_report+0x163/0x540 [ 83.536972][ T4999] ? preempt_schedule_common+0x83/0xc0 [ 83.542446][ T4999] ? preempt_schedule+0xdd/0xf0 [ 83.547331][ T4999] ? __virt_addr_valid+0x22f/0x2e0 [ 83.552567][ T4999] ? __phys_addr+0xba/0x170 [ 83.557183][ T4999] ? nilfs_load_inode_block+0x11e/0x280 [ 83.562767][ T4999] kasan_report+0x176/0x1b0 [ 83.567385][ T4999] ? nilfs_load_inode_block+0x11e/0x280 [ 83.572957][ T4999] nilfs_load_inode_block+0x11e/0x280 [ 83.578611][ T4999] __nilfs_mark_inode_dirty+0xa5/0x280 [ 83.584091][ T4999] ? nilfs_inode_dirty+0x130/0x130 [ 83.589394][ T4999] ? nilfs_transaction_begin+0x4fc/0x6e0 [ 83.595143][ T4999] nilfs_evict_inode+0x189/0x420 [ 83.600123][ T4999] ? nilfs_set_file_dirty+0x3f0/0x3f0 [ 83.605860][ T4999] ? do_raw_spin_unlock+0x13b/0x8b0 [ 83.611349][ T4999] ? _raw_spin_unlock+0x28/0x40 [ 83.616209][ T4999] ? nilfs_set_file_dirty+0x3f0/0x3f0 [ 83.621619][ T4999] evict+0x2a4/0x620 [ 83.625692][ T4999] nilfs_dispose_list+0x51d/0x5c0 [ 83.630918][ T4999] ? preempt_schedule_common+0x83/0xc0 [ 83.636490][ T4999] ? nilfs_detach_log_writer+0xbb0/0xbb0 [ 83.642148][ T4999] ? preempt_schedule_thunk+0x1a/0x20 [ 83.647536][ T4999] nilfs_detach_log_writer+0xaf1/0xbb0 [ 83.653025][ T4999] ? nilfs_attach_log_writer+0x8b0/0x8b0 [ 83.658671][ T4999] ? hook_sb_delete+0xa07/0xb30 [ 83.663532][ T4999] ? wake_bit_function+0x220/0x220 [ 83.668655][ T4999] ? __fsnotify_vfsmount_delete+0x20/0x20 [ 83.674761][ T4999] ? clear_inode+0x150/0x150 [ 83.679388][ T4999] ? nilfs_free_inode+0x70/0x70 [ 83.684369][ T4999] nilfs_put_super+0x4d/0x160 [ 83.689066][ T4999] ? nilfs_free_inode+0x70/0x70 [ 83.694022][ T4999] generic_shutdown_super+0x134/0x340 [ 83.699515][ T4999] kill_block_super+0x84/0xf0 [ 83.704299][ T4999] deactivate_locked_super+0xa4/0x110 [ 83.709681][ T4999] cleanup_mnt+0x426/0x4c0 [ 83.714129][ T4999] ? _raw_spin_unlock_irq+0x23/0x50 [ 83.719523][ T4999] task_work_run+0x24a/0x300 [ 83.724211][ T4999] ? dput+0x3a1/0x420 [ 83.728211][ T4999] ? task_work_cancel+0x2b0/0x2b0 [ 83.733247][ T4999] ? __x64_sys_umount+0x126/0x170 [ 83.738669][ T4999] ptrace_notify+0x2cd/0x380 [ 83.743453][ T4999] ? do_notify_parent+0xf50/0xf50 [ 83.748679][ T4999] ? user_path_at_empty+0x12f/0x180 [ 83.753895][ T4999] ? __x64_sys_umount+0x126/0x170 [ 83.759106][ T4999] ? path_umount+0xea0/0xea0 [ 83.763723][ T4999] ? syscall_enter_from_user_mode+0x32/0x230 [ 83.769805][ T4999] syscall_exit_to_user_mode+0x157/0x280 [ 83.775536][ T4999] do_syscall_64+0x4d/0xc0 [ 83.779968][ T4999] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 83.785867][ T4999] RIP: 0033:0x7f0b39ccba87 [ 83.790554][ T4999] Code: ff d0 48 89 c7 b8 3c 00 00 00 0f 05 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 83.810599][ T4999] RSP: 002b:00007ffcfc3da598 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 83.819734][ T4999] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0b39ccba87 [ 83.827715][ T4999] RDX: 00007ffcfc3da659 RSI: 000000000000000a RDI: 00007ffcfc3da650 [ 83.835786][ T4999] RBP: 00007ffcfc3da650 R08: 00000000ffffffff R09: 00007ffcfc3da430 [ 83.843791][ T4999] R10: 00005555563da683 R11: 0000000000000202 R12: 00007ffcfc3db710 [ 83.851854][ T4999] R13: 00005555563da5f0 R14: 00007ffcfc3da5c0 R15: 00007ffcfc3db730 [ 83.859851][ T4999] [ 83.862872][ T4999] [ 83.865195][ T4999] Allocated by task 5216: [ 83.869538][ T4999] kasan_set_track+0x4f/0x70 [ 83.878744][ T4999] __kasan_kmalloc+0x98/0xb0 [ 83.883612][ T4999] nilfs_find_or_create_root+0x137/0x4e0 [ 83.889257][ T4999] nilfs_attach_checkpoint+0x123/0x4d0 [ 83.894734][ T4999] nilfs_fill_super+0x321/0x600 [ 83.899701][ T4999] nilfs_mount+0x67d/0x9a0 [ 83.904148][ T4999] legacy_get_tree+0xef/0x190 [ 83.908947][ T4999] vfs_get_tree+0x8c/0x270 [ 83.913651][ T4999] do_new_mount+0x28f/0xae0 [ 83.918164][ T4999] __se_sys_mount+0x2d9/0x3c0 [ 83.922938][ T4999] do_syscall_64+0x41/0xc0 [ 83.927367][ T4999] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 83.933280][ T4999] [ 83.935613][ T4999] Freed by task 4999: [ 83.940198][ T4999] kasan_set_track+0x4f/0x70 [ 83.944798][ T4999] kasan_save_free_info+0x2b/0x40 [ 83.949843][ T4999] ____kasan_slab_free+0xd6/0x120 [ 83.954878][ T4999] __kmem_cache_free+0x264/0x3c0 [ 83.959916][ T4999] nilfs_detach_log_writer+0x8c1/0xbb0 [ 83.965476][ T4999] nilfs_put_super+0x4d/0x160 [ 83.970344][ T4999] generic_shutdown_super+0x134/0x340 [ 83.975811][ T4999] kill_block_super+0x84/0xf0 [ 83.980497][ T4999] deactivate_locked_super+0xa4/0x110 [ 83.985897][ T4999] cleanup_mnt+0x426/0x4c0 [ 83.990528][ T4999] task_work_run+0x24a/0x300 [ 83.995152][ T4999] ptrace_notify+0x2cd/0x380 [ 83.999897][ T4999] syscall_exit_to_user_mode+0x157/0x280 [ 84.005554][ T4999] do_syscall_64+0x4d/0xc0 [ 84.009997][ T4999] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 84.015900][ T4999] [ 84.018228][ T4999] The buggy address belongs to the object at ffff88801f47f400 [ 84.018228][ T4999] which belongs to the cache kmalloc-256 of size 256 [ 84.032284][ T4999] The buggy address is located 48 bytes inside of [ 84.032284][ T4999] freed 256-byte region [ffff88801f47f400, ffff88801f47f500) [ 84.046002][ T4999] [ 84.048331][ T4999] The buggy address belongs to the physical page: [ 84.054834][ T4999] page:ffffea00007d1f80 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88801f47f600 pfn:0x1f47e [ 84.066294][ T4999] head:ffffea00007d1f80 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 84.075517][ T4999] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 84.083767][ T4999] page_type: 0xffffffff() [ 84.088184][ T4999] raw: 00fff00000010200 ffff888012441b40 ffffea00008ccc90 ffffea00007a7510 [ 84.097033][ T4999] raw: ffff88801f47f600 000000000010000e 00000001ffffffff 0000000000000000 [ 84.105712][ T4999] page dumped because: kasan: bad access detected [ 84.112298][ T4999] page_owner tracks the page as allocated [ 84.118042][ T4999] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 9284804112, free_ts 0 [ 84.138133][ T4999] post_alloc_hook+0x1e6/0x210 [ 84.143028][ T4999] get_page_from_freelist+0x321c/0x33a0 [ 84.149143][ T4999] __alloc_pages+0x255/0x670 [ 84.154216][ T4999] alloc_page_interleave+0x22/0x1d0 [ 84.159630][ T4999] alloc_slab_page+0x6a/0x160 [ 84.164324][ T4999] new_slab+0x84/0x2f0 [ 84.168426][ T4999] ___slab_alloc+0xa85/0x10a0 [ 84.173462][ T4999] __kmem_cache_alloc_node+0x1b8/0x290 [ 84.178943][ T4999] kmalloc_trace+0x2a/0xe0 [ 84.183569][ T4999] bus_add_driver+0x163/0x620 [ 84.188258][ T4999] driver_register+0x23a/0x320 [ 84.193048][ T4999] do_one_initcall+0x23d/0x7d0 [ 84.197824][ T4999] do_initcall_level+0x157/0x210 [ 84.202780][ T4999] do_initcalls+0x3f/0x80 [ 84.207120][ T4999] kernel_init_freeable+0x43b/0x5d0 [ 84.212351][ T4999] kernel_init+0x1d/0x2a0 [ 84.216706][ T4999] page_owner free stack trace missing [ 84.222161][ T4999] [ 84.224638][ T4999] Memory state around the buggy address: ./strace-static-x86_64: Process 5240 attached [pid 5239] memfd_create("syzkaller", 0 [pid 5000] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 84.230464][ T4999] ffff88801f47f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 84.238621][ T4999] ffff88801f47f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 84.248024][ T4999] >ffff88801f47f400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 84.256189][ T4999] ^ [ 84.262081][ T4999] ffff88801f47f480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 84.270154][ T4999] ffff88801f47f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 84.278375][ T4999] ================================================================== [ 84.290466][ T4999] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 84.297743][ T4999] CPU: 0 PID: 4999 Comm: syz-executor323 Not tainted 6.3.0-syzkaller-13466-gfc4354c6e5c2 #0 [ 84.307922][ T4999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 [ 84.318179][ T4999] Call Trace: [ 84.321469][ T4999] [ 84.324406][ T4999] dump_stack_lvl+0x1e7/0x2d0 [ 84.329128][ T4999] ? nf_tcp_handle_invalid+0x650/0x650 [ 84.335044][ T4999] ? panic+0x770/0x770 [ 84.339384][ T4999] ? preempt_schedule_common+0x83/0xc0 [ 84.344945][ T4999] ? vscnprintf+0x5d/0x80 [ 84.349371][ T4999] panic+0x30f/0x770 [ 84.353323][ T4999] ? check_panic_on_warn+0x21/0xa0 [ 84.358448][ T4999] ? __memcpy_flushcache+0x2b0/0x2b0 [ 84.363843][ T4999] ? _raw_spin_unlock_irqrestore+0x12c/0x140 [ 84.369839][ T4999] ? _raw_spin_unlock+0x40/0x40 [ 84.374874][ T4999] ? print_report+0x4fb/0x540 [ 84.379654][ T4999] check_panic_on_warn+0x82/0xa0 [ 84.384620][ T4999] ? nilfs_load_inode_block+0x11e/0x280 [ 84.390310][ T4999] end_report+0x63/0x110 [ 84.394825][ T4999] kasan_report+0x183/0x1b0 [ 84.399464][ T4999] ? nilfs_load_inode_block+0x11e/0x280 [ 84.405217][ T4999] nilfs_load_inode_block+0x11e/0x280 [ 84.410892][ T4999] __nilfs_mark_inode_dirty+0xa5/0x280 [ 84.416565][ T4999] ? nilfs_inode_dirty+0x130/0x130 [ 84.422247][ T4999] ? nilfs_transaction_begin+0x4fc/0x6e0 [ 84.428076][ T4999] nilfs_evict_inode+0x189/0x420 [ 84.433031][ T4999] ? nilfs_set_file_dirty+0x3f0/0x3f0 [ 84.438678][ T4999] ? do_raw_spin_unlock+0x13b/0x8b0 [ 84.444154][ T4999] ? _raw_spin_unlock+0x28/0x40 [ 84.449014][ T4999] ? nilfs_set_file_dirty+0x3f0/0x3f0 [ 84.454724][ T4999] evict+0x2a4/0x620 [ 84.458697][ T4999] nilfs_dispose_list+0x51d/0x5c0 [ 84.463764][ T4999] ? preempt_schedule_common+0x83/0xc0 [ 84.469379][ T4999] ? nilfs_detach_log_writer+0xbb0/0xbb0 [ 84.475072][ T4999] ? preempt_schedule_thunk+0x1a/0x20 [ 84.481517][ T4999] nilfs_detach_log_writer+0xaf1/0xbb0 [ 84.487090][ T4999] ? nilfs_attach_log_writer+0x8b0/0x8b0 [ 84.492927][ T4999] ? hook_sb_delete+0xa07/0xb30 [ 84.497797][ T4999] ? wake_bit_function+0x220/0x220 [ 84.502940][ T4999] ? __fsnotify_vfsmount_delete+0x20/0x20 [ 84.509384][ T4999] ? clear_inode+0x150/0x150 [ 84.513992][ T4999] ? nilfs_free_inode+0x70/0x70 [ 84.518861][ T4999] nilfs_put_super+0x4d/0x160 [ 84.523650][ T4999] ? nilfs_free_inode+0x70/0x70 [ 84.528519][ T4999] generic_shutdown_super+0x134/0x340 [ 84.533900][ T4999] kill_block_super+0x84/0xf0 [ 84.538612][ T4999] deactivate_locked_super+0xa4/0x110 [ 84.543993][ T4999] cleanup_mnt+0x426/0x4c0 [ 84.548421][ T4999] ? _raw_spin_unlock_irq+0x23/0x50 [ 84.553627][ T4999] task_work_run+0x24a/0x300 [ 84.558233][ T4999] ? dput+0x3a1/0x420 [ 84.562228][ T4999] ? task_work_cancel+0x2b0/0x2b0 [ 84.567469][ T4999] ? __x64_sys_umount+0x126/0x170 [ 84.572591][ T4999] ptrace_notify+0x2cd/0x380 [ 84.577206][ T4999] ? do_notify_parent+0xf50/0xf50 [ 84.582398][ T4999] ? user_path_at_empty+0x12f/0x180 [ 84.587610][ T4999] ? __x64_sys_umount+0x126/0x170 [ 84.592821][ T4999] ? path_umount+0xea0/0xea0 [ 84.597421][ T4999] ? syscall_enter_from_user_mode+0x32/0x230 [ 84.603422][ T4999] syscall_exit_to_user_mode+0x157/0x280 [ 84.609067][ T4999] do_syscall_64+0x4d/0xc0 [ 84.613507][ T4999] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 84.619422][ T4999] RIP: 0033:0x7f0b39ccba87 [ 84.623950][ T4999] Code: ff d0 48 89 c7 b8 3c 00 00 00 0f 05 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 84.644454][ T4999] RSP: 002b:00007ffcfc3da598 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6 [ 84.653184][ T4999] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f0b39ccba87 [ 84.661218][ T4999] RDX: 00007ffcfc3da659 RSI: 000000000000000a RDI: 00007ffcfc3da650 [ 84.669226][ T4999] RBP: 00007ffcfc3da650 R08: 00000000ffffffff R09: 00007ffcfc3da430 [ 84.677235][ T4999] R10: 00005555563da683 R11: 0000000000000202 R12: 00007ffcfc3db710 [ 84.685237][ T4999] R13: 00005555563da5f0 R14: 00007ffcfc3da5c0 R15: 00007ffcfc3db730 [ 84.693418][ T4999] [ 84.696909][ T4999] Kernel Offset: disabled [ 84.701275][ T4999] Rebooting in 86400 seconds..