./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3959816368 <...> Warning: Permanently added '10.128.0.150' (ECDSA) to the list of known hosts. execve("./syz-executor3959816368", ["./syz-executor3959816368"], 0x7ffe8d791510 /* 10 vars */) = 0 brk(NULL) = 0x55555612d000 brk(0x55555612dc40) = 0x55555612dc40 arch_prctl(ARCH_SET_FS, 0x55555612d300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x55555612d5d0) = 5067 set_robust_list(0x55555612d5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f3928dff580, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f3928dffc50}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f3928dff620, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3928dffc50}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3959816368", 4096) = 28 brk(0x55555614ec40) = 0x55555614ec40 brk(0x55555614f000) = 0x55555614f000 mprotect(0x7f3928ec1000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5068 attached , child_tidptr=0x55555612d5d0) = 5068 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] set_robust_list(0x55555612d5e0, 24) = 0 [pid 5067] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5069 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] getpid(./strace-static-x86_64: Process 5069 attached [pid 5067] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5070 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] <... getpid resumed>) = 5068 [pid 5068] mkdir("./syzkaller.13SvPn", 0700 [pid 5069] set_robust_list(0x55555612d5e0, 24 [pid 5067] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5071 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555612d5d0) = 5072 [pid 5067] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555612d5d0) = 5073 [pid 5068] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5072 attached ./strace-static-x86_64: Process 5073 attached [pid 5072] set_robust_list(0x55555612d5e0, 24 [pid 5073] set_robust_list(0x55555612d5e0, 24 [pid 5072] <... set_robust_list resumed>) = 0 [pid 5072] getpid( [pid 5073] <... set_robust_list resumed>) = 0 [pid 5068] chmod("./syzkaller.13SvPn", 0777 [pid 5073] getpid( [pid 5072] <... getpid resumed>) = 5072 [pid 5072] mkdir("./syzkaller.OeA2WI", 0700 [pid 5073] <... getpid resumed>) = 5073 [pid 5073] mkdir("./syzkaller.336SfN", 0700 [pid 5068] <... chmod resumed>) = 0 [pid 5069] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 5070 attached ./strace-static-x86_64: Process 5071 attached [pid 5071] set_robust_list(0x55555612d5e0, 24) = 0 [pid 5071] getpid( [pid 5069] getpid( [pid 5068] chdir("./syzkaller.13SvPn" [pid 5070] set_robust_list(0x55555612d5e0, 24 [pid 5069] <... getpid resumed>) = 5069 [pid 5068] <... chdir resumed>) = 0 [pid 5073] <... mkdir resumed>) = 0 [pid 5068] mkdir("./0", 0777 [pid 5069] mkdir("./syzkaller.Umn7fv", 0700 [pid 5071] <... getpid resumed>) = 5071 [pid 5071] mkdir("./syzkaller.m4jObD", 0700 [pid 5068] <... mkdir resumed>) = 0 [pid 5073] chmod("./syzkaller.336SfN", 0777) = 0 [pid 5072] <... mkdir resumed>) = 0 [pid 5072] chmod("./syzkaller.OeA2WI", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5070] <... set_robust_list resumed>) = 0 [pid 5073] chdir("./syzkaller.336SfN") = 0 [pid 5068] <... openat resumed>) = 3 [pid 5073] mkdir("./0", 0777 [pid 5071] <... mkdir resumed>) = 0 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5069] <... mkdir resumed>) = 0 [pid 5068] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5069] chmod("./syzkaller.Umn7fv", 0777 [pid 5072] chdir("./syzkaller.OeA2WI") = 0 [pid 5072] mkdir("./0", 0777 [pid 5071] chmod("./syzkaller.m4jObD", 0777) = 0 [pid 5072] <... mkdir resumed>) = 0 [pid 5069] <... chmod resumed>) = 0 [pid 5068] close(3 [pid 5069] chdir("./syzkaller.Umn7fv" [pid 5071] chdir("./syzkaller.m4jObD") = 0 [pid 5070] getpid( [pid 5069] <... chdir resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5073] <... mkdir resumed>) = 0 [pid 5069] mkdir("./0", 0777 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5071] mkdir("./0", 0777 [pid 5069] <... mkdir resumed>) = 0 [pid 5071] <... mkdir resumed>) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5071] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5069] <... openat resumed>) = 3 [pid 5068] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5074 [pid 5073] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5070] <... getpid resumed>) = 5070 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5071] <... openat resumed>) = 3 [pid 5069] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5071] ioctl(3, LOOP_CLR_FD [pid 5069] close(3 [pid 5071] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5071] close(3) = 0 [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5073] <... openat resumed>) = 3 [pid 5070] mkdir("./syzkaller.Lw0I6A", 0700 [pid 5069] <... close resumed>) = 0 ./strace-static-x86_64: Process 5074 attached [pid 5073] ioctl(3, LOOP_CLR_FD [pid 5072] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5070] <... mkdir resumed>) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5071] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5075 [pid 5073] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5069] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5077 [pid 5072] <... openat resumed>) = 3 [pid 5073] close(3 [pid 5074] set_robust_list(0x55555612d5e0, 24 [pid 5073] <... close resumed>) = 0 [pid 5074] <... set_robust_list resumed>) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5072] ioctl(3, LOOP_CLR_FD [pid 5070] chmod("./syzkaller.Lw0I6A", 0777) = 0 [pid 5072] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5074] chdir("./0" [pid 5072] close(3 [pid 5070] chdir("./syzkaller.Lw0I6A") = 0 [pid 5074] <... chdir resumed>) = 0 [pid 5070] mkdir("./0", 0777./strace-static-x86_64: Process 5077 attached [pid 5072] <... close resumed>) = 0 [pid 5074] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5077] set_robust_list(0x55555612d5e0, 24 [pid 5074] <... prctl resumed>) = 0 [pid 5077] <... set_robust_list resumed>) = 0 [pid 5077] chdir("./0" [pid 5074] setpgid(0, 0) = 0 [pid 5077] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 5075 attached [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5070] <... mkdir resumed>) = 0 [pid 5077] <... prctl resumed>) = 0 [pid 5077] setpgid(0, 0) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5074] <... openat resumed>) = 3 [pid 5077] <... openat resumed>) = 3 [pid 5074] write(3, "1000", 4 [pid 5073] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5078 [pid 5070] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5077] write(3, "1000", 4./strace-static-x86_64: Process 5078 attached ) = 4 [pid 5075] set_robust_list(0x55555612d5e0, 24 [pid 5074] <... write resumed>) = 4 [pid 5072] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5079 [pid 5070] <... openat resumed>) = 3 [pid 5077] close(3 [pid 5075] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 5079 attached [pid 5077] <... close resumed>) = 0 [pid 5074] close(3 [pid 5079] set_robust_list(0x55555612d5e0, 24 [pid 5077] symlink("/dev/binderfs", "./binderfs" [pid 5079] <... set_robust_list resumed>) = 0 [pid 5077] <... symlink resumed>) = 0 [pid 5075] chdir("./0" [pid 5074] <... close resumed>) = 0 [pid 5070] ioctl(3, LOOP_CLR_FD [pid 5079] chdir("./0" [pid 5077] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] symlink("/dev/binderfs", "./binderfs" [pid 5079] <... chdir resumed>) = 0 [pid 5077] <... futex resumed>) = 0 [pid 5070] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5079] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5079] <... prctl resumed>) = 0 [pid 5077] <... mmap resumed>) = 0x7f3928dce000 [pid 5075] <... chdir resumed>) = 0 [pid 5074] <... symlink resumed>) = 0 [pid 5070] close(3 [pid 5079] setpgid(0, 0 [pid 5078] set_robust_list(0x55555612d5e0, 24 [pid 5077] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5074] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... setpgid resumed>) = 0 [pid 5078] <... set_robust_list resumed>) = 0 [pid 5077] <... mprotect resumed>) = 0 [pid 5075] <... prctl resumed>) = 0 [pid 5074] <... futex resumed>) = 0 [pid 5070] <... close resumed>) = 0 [pid 5079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5077] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5075] setpgid(0, 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5079] <... openat resumed>) = 3 [pid 5078] chdir("./0" [pid 5079] write(3, "1000", 4 [pid 5077] <... clone resumed>, parent_tid=[5080], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5080 [pid 5074] <... mmap resumed>) = 0x7f3928dce000 [pid 5079] <... write resumed>) = 4 [pid 5077] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] close(3 [pid 5077] <... futex resumed>) = 0 [pid 5079] <... close resumed>) = 0 [pid 5077] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5075] <... setpgid resumed>) = 0 [pid 5074] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5078] <... chdir resumed>) = 0 [pid 5079] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5079] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5079] <... futex resumed>) = 0 [pid 5074] <... mprotect resumed>) = 0 [pid 5079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5070] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5081 ./strace-static-x86_64: Process 5081 attached ./strace-static-x86_64: Process 5080 attached [pid 5079] <... mmap resumed>) = 0x7f3928dce000 [pid 5078] <... prctl resumed>) = 0 [pid 5075] <... openat resumed>) = 3 [pid 5074] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5081] set_robust_list(0x55555612d5e0, 24 [pid 5080] set_robust_list(0x7f3928dee9e0, 24 [pid 5079] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5078] setpgid(0, 0 [pid 5081] <... set_robust_list resumed>) = 0 [pid 5080] <... set_robust_list resumed>) = 0 [pid 5079] <... mprotect resumed>) = 0 [pid 5078] <... setpgid resumed>) = 0 [pid 5075] write(3, "1000", 4 [pid 5081] chdir("./0" [pid 5080] memfd_create("syzkaller", 0 [pid 5079] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5081] <... chdir resumed>) = 0 [pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5075] <... write resumed>) = 4 [pid 5074] <... clone resumed>, parent_tid=[5082], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5082 [pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5079] <... clone resumed>, parent_tid=[5083], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5083 [pid 5081] <... prctl resumed>) = 0 [pid 5079] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... openat resumed>) = 3 [pid 5075] close(3 [pid 5074] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] setpgid(0, 0 [pid 5079] <... futex resumed>) = 0 [pid 5075] <... close resumed>) = 0 [pid 5074] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5082 attached [pid 5081] <... setpgid resumed>) = 0 [pid 5079] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5078] write(3, "1000", 4 [pid 5075] symlink("/dev/binderfs", "./binderfs" [pid 5074] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5083 attached [pid 5082] set_robust_list(0x7f3928dee9e0, 24 [pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5078] <... write resumed>) = 4 [pid 5083] set_robust_list(0x7f3928dee9e0, 24 [pid 5082] <... set_robust_list resumed>) = 0 [pid 5081] <... openat resumed>) = 3 [pid 5083] <... set_robust_list resumed>) = 0 [pid 5082] memfd_create("syzkaller", 0 [pid 5081] write(3, "1000", 4 [pid 5078] close(3 [pid 5075] <... symlink resumed>) = 0 [pid 5083] memfd_create("syzkaller", 0 [pid 5082] <... memfd_create resumed>) = 3 [pid 5081] <... write resumed>) = 4 [pid 5078] <... close resumed>) = 0 [pid 5075] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... memfd_create resumed>) = 3 [pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5081] close(3 [pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5082] <... mmap resumed>) = 0x7f39209ce000 [pid 5081] <... close resumed>) = 0 [pid 5078] symlink("/dev/binderfs", "./binderfs" [pid 5083] <... mmap resumed>) = 0x7f39209ce000 [pid 5082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5081] symlink("/dev/binderfs", "./binderfs" [pid 5080] <... memfd_create resumed>) = 3 [pid 5075] <... futex resumed>) = 0 [pid 5083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5082] <... write resumed>) = 262144 [pid 5081] <... symlink resumed>) = 0 [pid 5078] <... symlink resumed>) = 0 [pid 5075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5083] <... write resumed>) = 262144 [pid 5082] munmap(0x7f39209ce000, 262144 [pid 5081] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5078] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] munmap(0x7f39209ce000, 262144 [pid 5082] <... munmap resumed>) = 0 [pid 5081] <... futex resumed>) = 0 [pid 5078] <... futex resumed>) = 0 [pid 5075] <... mmap resumed>) = 0x7f3928dce000 [pid 5083] <... munmap resumed>) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5080] <... mmap resumed>) = 0x7f39209ce000 [pid 5078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5075] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5083] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5082] <... openat resumed>) = 4 [pid 5081] <... mmap resumed>) = 0x7f3928dce000 [pid 5083] <... openat resumed>) = 4 [pid 5082] ioctl(4, LOOP_SET_FD, 3 [pid 5081] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5078] <... mmap resumed>) = 0x7f3928dce000 [pid 5075] <... mprotect resumed>) = 0 syzkaller login: [ 51.746493][ T5080] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5080 'syz-executor395' [ 51.785910][ T5082] loop0: detected capacity change from 0 to 512 [pid 5083] ioctl(4, LOOP_SET_FD, 3 [pid 5081] <... mprotect resumed>) = 0 [pid 5080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5081] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5078] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5075] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5081] <... clone resumed>, parent_tid=[5084], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5084 [pid 5081] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5084 attached [pid 5084] set_robust_list(0x7f3928dee9e0, 24) = 0 [pid 5084] memfd_create("syzkaller", 0 [pid 5080] <... write resumed>) = 262144 [pid 5084] <... memfd_create resumed>) = 3 [pid 5078] <... mprotect resumed>) = 0 [pid 5084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f39209ce000 [pid 5078] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5083] <... ioctl resumed>) = 0 [pid 5075] <... clone resumed>, parent_tid=[5085], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5085 [pid 5083] close(3) = 0 [pid 5075] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] mkdir("./file0", 0777 [pid 5082] <... ioctl resumed>) = 0 [pid 5080] munmap(0x7f39209ce000, 262144 [pid 5078] <... clone resumed>, parent_tid=[5086], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5086 [pid 5075] <... futex resumed>) = 0 [pid 5083] <... mkdir resumed>) = 0 [pid 5082] close(3 [pid 5078] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5085 attached [pid 5083] mount("/dev/loop4", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5082] <... close resumed>) = 0 [pid 5078] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5086 attached [pid 5085] set_robust_list(0x7f3928dee9e0, 24 [pid 5084] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5082] mkdir("./file0", 0777 [pid 5080] <... munmap resumed>) = 0 [pid 5078] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5085] <... set_robust_list resumed>) = 0 [pid 5084] <... write resumed>) = 262144 [pid 5082] <... mkdir resumed>) = 0 [pid 5080] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5086] set_robust_list(0x7f3928dee9e0, 24 [pid 5085] memfd_create("syzkaller", 0 [pid 5082] mount("/dev/loop0", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5086] <... set_robust_list resumed>) = 0 [pid 5085] <... memfd_create resumed>) = 3 [pid 5080] <... openat resumed>) = 4 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5084] munmap(0x7f39209ce000, 262144 [pid 5086] memfd_create("syzkaller", 0 [pid 5085] <... mmap resumed>) = 0x7f39209ce000 [pid 5084] <... munmap resumed>) = 0 [ 51.794160][ T5083] loop4: detected capacity change from 0 to 512 [pid 5080] ioctl(4, LOOP_SET_FD, 3 [pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5084] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5085] <... write resumed>) = 262144 [pid 5084] <... openat resumed>) = 4 [pid 5084] ioctl(4, LOOP_SET_FD, 3 [pid 5086] <... memfd_create resumed>) = 3 [pid 5080] <... ioctl resumed>) = 0 [pid 5085] munmap(0x7f39209ce000, 262144 [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5085] <... munmap resumed>) = 0 [pid 5080] close(3 [pid 5085] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5086] <... mmap resumed>) = 0x7f39209ce000 [pid 5085] <... openat resumed>) = 4 [pid 5085] ioctl(4, LOOP_SET_FD, 3 [pid 5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5080] <... close resumed>) = 0 [pid 5084] <... ioctl resumed>) = 0 [pid 5084] close(3) = 0 [pid 5080] mkdir("./file0", 0777) = 0 [pid 5086] <... write resumed>) = 262144 [pid 5080] mount("/dev/loop1", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5086] munmap(0x7f39209ce000, 262144) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 51.830585][ T5080] loop1: detected capacity change from 0 to 512 [ 51.834694][ T5084] loop2: detected capacity change from 0 to 512 [ 51.848129][ T5085] loop3: detected capacity change from 0 to 512 [pid 5086] ioctl(4, LOOP_SET_FD, 3 [pid 5084] mkdir("./file0", 0777 [pid 5085] <... ioctl resumed>) = 0 [pid 5085] close(3) = 0 [pid 5084] <... mkdir resumed>) = 0 [pid 5085] mkdir("./file0", 0777) = 0 [pid 5084] mount("/dev/loop2", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5086] <... ioctl resumed>) = 0 [pid 5086] close(3 [pid 5085] mount("/dev/loop3", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5086] <... close resumed>) = 0 [pid 5086] mkdir("./file0", 0777) = 0 [ 51.870861][ T5086] loop5: detected capacity change from 0 to 512 [ 51.892444][ T5083] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 51.908157][ T5082] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 51.932739][ T5080] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 51.937526][ T5082] Quota error (device loop0): write_blk: dquota write failed [ 51.956459][ T5083] Quota error (device loop4): write_blk: dquota write failed [ 51.964614][ T5083] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 51.974151][ T5086] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 51.975377][ T5082] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 51.991287][ T5080] Quota error (device loop1): write_blk: dquota write failed [ 52.005963][ T5085] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 52.009687][ T5084] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 52.022289][ T5083] EXT4-fs (loop4): 1 truncate cleaned up [ 52.034789][ T5080] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 52.041935][ T5082] EXT4-fs (loop0): 1 truncate cleaned up [ 52.051476][ T5086] Quota error (device loop5): write_blk: dquota write failed [ 52.055805][ T5082] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 52.055917][ T5082] ext4 filesystem being mounted at /root/syzkaller.13SvPn/0/file0 supports timestamps until 2038 (0x7fffffff) [ 52.065763][ T5086] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 52.087280][ T5083] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 52.099971][ T5084] Quota error (device loop2): write_blk: dquota write failed [ 52.118539][ T5086] EXT4-fs (loop5): 1 truncate cleaned up [ 52.119230][ T5085] Quota error (device loop3): write_blk: dquota write failed [ 52.124520][ T5086] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 52.134776][ T5083] ext4 filesystem being mounted at /root/syzkaller.OeA2WI/0/file0 supports timestamps until 2038 (0x7fffffff) [ 52.144299][ T5086] ext4 filesystem being mounted at /root/syzkaller.336SfN/0/file0 supports timestamps until 2038 (0x7fffffff) [pid 5086] mount("/dev/loop5", "./file0", "ext4", MS_NODEV, ",errors=continue") = 0 [pid 5083] <... mount resumed>) = 0 [pid 5082] <... mount resumed>) = 0 [pid 5086] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5082] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5086] <... openat resumed>) = 3 [pid 5082] <... openat resumed>) = 3 [pid 5086] chdir("./file0" [pid 5082] chdir("./file0" [pid 5086] <... chdir resumed>) = 0 [pid 5082] <... chdir resumed>) = 0 [pid 5086] ioctl(4, LOOP_CLR_FD [pid 5082] ioctl(4, LOOP_CLR_FD [pid 5086] <... ioctl resumed>) = 0 [pid 5082] <... ioctl resumed>) = 0 [pid 5086] close(4 [pid 5082] close(4 [pid 5086] <... close resumed>) = 0 [pid 5082] <... close resumed>) = 0 [pid 5086] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = 1 [pid 5082] <... futex resumed>) = 1 [pid 5086] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5083] chdir("./file0") = 0 [pid 5083] ioctl(4, LOOP_CLR_FD) = 0 [pid 5083] close(4) = 0 [pid 5083] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... futex resumed>) = 1 [pid 5083] fspick(AT_FDCWD, ".", 0) = 4 [pid 5083] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... futex resumed>) = 1 [pid 5083] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5083] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = 0 [pid 5079] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] <... futex resumed>) = 1 [pid 5083] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5078] <... futex resumed>) = 0 [pid 5074] <... futex resumed>) = 0 [pid 5084] <... mount resumed>) = 0 [pid 5078] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = 0 [pid 5084] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5082] <... futex resumed>) = 0 [pid 5078] <... futex resumed>) = 1 [pid 5074] <... futex resumed>) = 1 [pid 5086] fspick(AT_FDCWD, ".", 0 [pid 5084] <... openat resumed>) = 3 [pid 5082] fspick(AT_FDCWD, ".", 0 [pid 5078] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... fspick resumed>) = 4 [pid 5084] chdir("./file0" [pid 5082] <... fspick resumed>) = 4 [pid 5079] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5086] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [ 52.156699][ T5080] EXT4-fs (loop1): 1 truncate cleaned up [ 52.181440][ T5084] EXT4-fs (loop2): 1 truncate cleaned up [ 52.187140][ T5084] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 52.199987][ T5084] ext4 filesystem being mounted at /root/syzkaller.Lw0I6A/0/file0 supports timestamps until 2038 (0x7fffffff) [ 52.200624][ T5085] EXT4-fs (loop3): 1 truncate cleaned up [pid 5084] <... chdir resumed>) = 0 [pid 5082] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = 1 [pid 5084] ioctl(4, LOOP_CLR_FD [pid 5082] <... futex resumed>) = 1 [pid 5079] <... futex resumed>) = 0 [pid 5078] <... futex resumed>) = 0 [pid 5074] <... futex resumed>) = 0 [pid 5078] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5084] <... ioctl resumed>) = 0 [pid 5082] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5086] <... fsconfig resumed>) = 0 [pid 5084] close(4 [pid 5079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5074] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... close resumed>) = 0 [pid 5082] <... futex resumed>) = 0 [pid 5079] <... mmap resumed>) = 0x7f39209ed000 [pid 5074] <... futex resumed>) = 1 [pid 5086] <... futex resumed>) = 1 [pid 5084] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5079] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5078] <... futex resumed>) = 0 [pid 5074] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... futex resumed>) = 1 [pid 5083] <... fsconfig resumed>) = 0 [pid 5082] <... fsconfig resumed>) = 0 [pid 5081] <... futex resumed>) = 0 [pid 5079] <... mprotect resumed>) = 0 [pid 5078] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5082] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] fspick(AT_FDCWD, ".", 0 [ 52.260483][ T5080] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 52.281259][ T5083] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 52.294380][ T5085] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5081] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5086] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5084] <... fspick resumed>) = 4 [pid 5082] <... futex resumed>) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5078] <... futex resumed>) = 0 [pid 5074] <... futex resumed>) = 0 [pid 5084] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... clone resumed>, parent_tid=[5102], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5102 [pid 5074] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5081] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5079] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5082] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5081] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = 0 [pid 5074] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5102 attached [pid 5081] <... futex resumed>) = 0 [pid 5079] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] set_robust_list(0x7f3920a0d9e0, 24 [pid 5081] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... set_robust_list resumed>) = 0 [pid 5102] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5086] <... fsconfig resumed>) = 0 [pid 5084] <... futex resumed>) = 1 [pid 5083] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5078] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5081] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=34000000} [pid 5084] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5086] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5084] <... futex resumed>) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5083] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... futex resumed>) = 0 [ 52.313260][ T5086] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 52.318207][ T5102] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 52.335487][ T5082] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 52.349714][ T5080] ext4 filesystem being mounted at /root/syzkaller.Umn7fv/0/file0 supports timestamps until 2038 (0x7fffffff) [pid 5081] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... futex resumed>) = 1 [pid 5082] <... fsconfig resumed>) = 0 [pid 5078] <... futex resumed>) = 0 [pid 5080] <... mount resumed>) = 0 [pid 5080] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5086] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5085] <... mount resumed>) = 0 [pid 5082] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5078] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5080] <... openat resumed>) = 3 [pid 5080] chdir("./file0") = 0 [pid 5080] ioctl(4, LOOP_CLR_FD) = 0 [pid 5080] close(4 [pid 5082] <... futex resumed>) = 0 [pid 5078] <... futex resumed>) = 0 [pid 5082] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5079] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... futex resumed>) = 0 [pid 5079] <... futex resumed>) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5081] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5080] <... close resumed>) = 0 [pid 5081] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [ 52.359564][ T5085] ext4 filesystem being mounted at /root/syzkaller.m4jObD/0/file0 supports timestamps until 2038 (0x7fffffff) [ 52.367215][ T5084] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 52.385164][ T5086] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 52.396497][ T5082] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 5080] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... fsconfig resumed>) = 0 [pid 5085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5084] <... fsconfig resumed>) = 0 [pid 5083] openat(AT_FDCWD, ".", O_RDONLY [pid 5081] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... openat resumed>) = 3 [pid 5084] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5083] <... openat resumed>) = 5 [pid 5081] <... futex resumed>) = 0 [pid 5080] <... futex resumed>) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5085] chdir("./file0" [pid 5084] <... futex resumed>) = 0 [pid 5083] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5080] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... chdir resumed>) = 0 [pid 5084] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] <... futex resumed>) = 1 [pid 5081] <... mmap resumed>) = 0x7f39209ed000 [pid 5080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5079] <... futex resumed>) = 0 [pid 5077] <... futex resumed>) = 0 [pid 5102] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] ioctl(4, LOOP_CLR_FD [pid 5083] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5080] fspick(AT_FDCWD, ".", 0 [pid 5079] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5102] <... futex resumed>) = 0 [pid 5085] <... ioctl resumed>) = 0 [pid 5083] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5079] <... futex resumed>) = 0 [pid 5102] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] close(4 [pid 5083] mkdirat(5, "./bus", 000 [pid 5079] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... close resumed>) = 0 [pid 5081] <... mprotect resumed>) = 0 [pid 5080] <... fspick resumed>) = 4 [pid 5078] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5085] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5080] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5075] <... futex resumed>) = 0 [pid 5085] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] <... futex resumed>) = 1 [pid 5078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5077] <... futex resumed>) = 0 [pid 5075] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5078] <... mmap resumed>) = 0x7f39209ed000 [pid 5075] <... futex resumed>) = 0 [pid 5085] fspick(AT_FDCWD, ".", 0 [pid 5078] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5075] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... fspick resumed>) = 4 [pid 5078] <... mprotect resumed>) = 0 [ 52.404185][ T5102] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 52.431628][ T5086] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 52.443206][ T5082] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5085] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5085] <... futex resumed>) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5085] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] <... clone resumed>, parent_tid=[5107], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5107 [pid 5075] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5078] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 0 [pid 5085] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5078] <... futex resumed>) = 0 [pid 5075] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... fsconfig resumed>) = 0 [pid 5078] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5107 attached [pid 5085] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] set_robust_list(0x7f3920a0d9e0, 24 [pid 5085] <... futex resumed>) = 1 [pid 5081] <... clone resumed>, parent_tid=[5106], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5106 [pid 5080] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5077] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 0 [pid 5107] <... set_robust_list resumed>) = 0 [pid 5085] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... fsconfig resumed>) = 0 [pid 5077] <... futex resumed>) = 0 [pid 5075] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5107] openat(AT_FDCWD, ".", O_RDONLY [pid 5085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5081] <... futex resumed>) = 0 [pid 5080] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... futex resumed>) = 0 [pid 5074] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5106 attached [pid 5107] <... openat resumed>) = 5 [pid 5085] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5081] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] <... futex resumed>) = 0 [pid 5077] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5075] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] <... futex resumed>) = 0 [pid 5107] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] set_robust_list(0x7f3920a0d9e0, 24 [pid 5086] <... fsconfig resumed>) = 0 [pid 5082] <... fsconfig resumed>) = 0 [pid 5080] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... set_robust_list resumed>) = 0 [pid 5086] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5077] <... futex resumed>) = 0 [pid 5106] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5086] <... futex resumed>) = 0 [pid 5082] <... futex resumed>) = 0 [pid 5080] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5077] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] <... futex resumed>) = 1 [pid 5086] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] <... mkdirat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5082] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5078] <... futex resumed>) = 0 [pid 5074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5107] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] exit_group(0 [pid 5078] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... mmap resumed>) = 0x7f39209ed000 [pid 5086] <... futex resumed>) = 0 [pid 5083] <... futex resumed>) = 0 [pid 5078] <... futex resumed>) = 1 [pid 5079] <... exit_group resumed>) = ? [pid 5102] <... futex resumed>) = ? [pid 5086] mkdirat(5, "./bus", 000 [pid 5083] +++ exited with 0 +++ [pid 5078] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5102] +++ exited with 0 +++ [pid 5085] <... fsconfig resumed>) = 0 [pid 5085] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5079] +++ exited with 0 +++ [pid 5075] <... futex resumed>) = 0 [pid 5074] <... mprotect resumed>) = 0 [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5079, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 5075] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5085] <... futex resumed>) = 0 [ 52.457437][ T5083] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 52.484782][ T5085] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 52.490536][ T5106] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [pid 5075] <... futex resumed>) = 1 [pid 5072] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5075] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5081] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5072] <... openat resumed>) = 3 [pid 5081] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] fstat(3, [pid 5081] <... futex resumed>) = 1 [pid 5072] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5081] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] getdents64(3, 0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5072] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./0/binderfs") = 0 [pid 5072] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5084] <... futex resumed>) = 0 [pid 5074] <... clone resumed>, parent_tid=[5108], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5108 [ 52.516129][ T5080] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 52.518019][ T5085] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 52.526732][ T5086] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 52.555485][ T5072] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5084] openat(AT_FDCWD, ".", O_RDONLY./strace-static-x86_64: Process 5108 attached [pid 5106] <... fsconfig resumed>) = 0 [pid 5086] <... mkdirat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5084] <... openat resumed>) = 5 [pid 5080] <... fsconfig resumed>) = 0 [pid 5078] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5077] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5074] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] set_robust_list(0x7f3920a0d9e0, 24 [pid 5086] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] exit_group(0 [pid 5077] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] <... futex resumed>) = 0 [pid 5108] <... set_robust_list resumed>) = 0 [pid 5107] <... futex resumed>) = ? [pid 5086] <... futex resumed>) = ? [pid 5084] <... futex resumed>) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5080] <... futex resumed>) = 0 [pid 5078] <... exit_group resumed>) = ? [pid 5077] <... futex resumed>) = 0 [pid 5074] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5108] openat(AT_FDCWD, ".", O_RDONLY [pid 5086] +++ exited with 0 +++ [pid 5084] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5080] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5108] <... openat resumed>) = 5 [pid 5107] +++ exited with 0 +++ [pid 5081] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5108] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5074] <... futex resumed>) = 0 [pid 5108] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5074] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] +++ exited with 0 +++ [pid 5077] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] <... futex resumed>) = 1 [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 5084] <... futex resumed>) = 0 [pid 5082] <... futex resumed>) = 0 [pid 5081] <... futex resumed>) = 1 [pid 5074] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] mkdirat(5, "./bus", 000 [pid 5082] mkdirat(5, "./bus", 000 [ 52.555691][ T5106] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 52.580445][ T5080] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 52.593939][ T5085] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5081] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5075] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f39209ed000 [pid 5075] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5075] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5111], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5111 [pid 5075] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... futex resumed>) = 0 [pid 5106] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5085] <... fsconfig resumed>) = 0 [pid 5085] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5111 attached [pid 5084] <... mkdirat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5111] set_robust_list(0x7f3920a0d9e0, 24 [pid 5084] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... set_robust_list resumed>) = 0 [pid 5084] <... futex resumed>) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5073] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5111] openat(AT_FDCWD, ".", O_RDONLY [pid 5084] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5082] <... mkdirat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5081] exit_group(0 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5111] <... openat resumed>) = 5 [pid 5106] <... futex resumed>) = ? [pid 5084] <... futex resumed>) = ? [pid 5081] <... exit_group resumed>) = ? [pid 5073] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5111] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] +++ exited with 0 +++ [pid 5073] <... openat resumed>) = 3 [pid 5111] <... futex resumed>) = 1 [pid 5106] +++ exited with 0 +++ [pid 5081] +++ exited with 0 +++ [pid 5077] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5075] <... futex resumed>) = 0 [pid 5073] fstat(3, [pid 5111] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5082] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5075] <... futex resumed>) = 1 [pid 5074] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5073] getdents64(3, [pid 5072] <... umount2 resumed>) = 0 [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 5085] <... futex resumed>) = 0 [pid 5082] <... futex resumed>) = 0 [pid 5080] <... fsconfig resumed>) = 0 [pid 5077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5075] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] exit_group(0 [pid 5073] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5072] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5108] <... futex resumed>) = ? [pid 5085] mkdirat(5, "./bus", 000 [pid 5080] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... mmap resumed>) = 0x7f39209ed000 [pid 5074] <... exit_group resumed>) = ? [pid 5073] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [ 52.597779][ T5084] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 52.606791][ T5082] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 52.647599][ T5080] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5108] +++ exited with 0 +++ [pid 5082] +++ exited with 0 +++ [pid 5080] <... futex resumed>) = 0 [pid 5077] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5074] +++ exited with 0 +++ [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./0/file0", [pid 5070] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5080] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5072] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5077] <... mprotect resumed>) = 0 [pid 5073] lstat("./0/binderfs", [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] <... openat resumed>) = 3 [pid 5085] <... mkdirat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5077] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5073] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5070] fstat(3, [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5074, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5085] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] unlink("./0/binderfs" [pid 5072] <... openat resumed>) = 4 [pid 5070] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5068] restart_syscall(<... resuming interrupted clone ...> [pid 5085] <... futex resumed>) = 1 [pid 5077] <... clone resumed>, parent_tid=[5113], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5113 [pid 5075] <... futex resumed>) = 0 [pid 5073] <... unlink resumed>) = 0 [pid 5072] fstat(4, [pid 5070] getdents64(3, [pid 5068] <... restart_syscall resumed>) = 0 [pid 5085] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5077] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] exit_group(0 [pid 5073] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 5113 attached [pid 5111] <... futex resumed>) = ? [pid 5085] <... futex resumed>) = ? [pid 5077] <... futex resumed>) = 0 [pid 5075] <... exit_group resumed>) = ? [pid 5072] getdents64(4, [pid 5070] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5113] set_robust_list(0x7f3920a0d9e0, 24 [pid 5111] +++ exited with 0 +++ [pid 5085] +++ exited with 0 +++ [pid 5077] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5075] +++ exited with 0 +++ [pid 5072] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5072] getdents64(4, [pid 5068] <... openat resumed>) = 3 [pid 5068] fstat(3, [pid 5072] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5070] lstat("./0/binderfs", [pid 5068] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5113] <... set_robust_list resumed>) = 0 [pid 5072] close(4 [pid 5071] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5075, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5070] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5068] getdents64(3, [pid 5072] <... close resumed>) = 0 [pid 5113] openat(AT_FDCWD, ".", O_RDONLY [pid 5071] restart_syscall(<... resuming interrupted clone ...> [pid 5070] unlink("./0/binderfs" [pid 5068] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5072] rmdir("./0/file0" [pid 5071] <... restart_syscall resumed>) = 0 [pid 5068] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] <... unlink resumed>) = 0 [pid 5068] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5068] unlink("./0/binderfs") = 0 [pid 5068] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] <... rmdir resumed>) = 0 [pid 5113] <... openat resumed>) = 5 [pid 5072] getdents64(3, [ 52.663217][ T5085] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 52.686423][ T5073] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5070] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5113] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5071] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5113] <... futex resumed>) = 1 [pid 5077] <... futex resumed>) = 0 [pid 5072] close(3 [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5113] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] <... close resumed>) = 0 [pid 5071] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5072] rmdir("./0" [pid 5071] <... openat resumed>) = 3 [pid 5072] <... rmdir resumed>) = 0 [pid 5071] fstat(3, [pid 5072] mkdir("./1", 0777 [pid 5071] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] <... mkdir resumed>) = 0 [pid 5071] getdents64(3, [pid 5072] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5071] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5077] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... openat resumed>) = 3 [pid 5071] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5080] <... futex resumed>) = 0 [pid 5077] <... futex resumed>) = 1 [pid 5072] ioctl(3, LOOP_CLR_FD [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5080] mkdirat(5, "./bus", 000 [pid 5072] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5071] lstat("./0/binderfs", [pid 5072] close(3 [pid 5071] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] <... close resumed>) = 0 [pid 5071] unlink("./0/binderfs" [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5071] <... unlink resumed>) = 0 [pid 5071] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5114 [pid 5077] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5114 attached [pid 5114] set_robust_list(0x55555612d5e0, 24) = 0 [pid 5114] chdir("./1") = 0 [pid 5114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5114] setpgid(0, 0) = 0 [pid 5114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5114] write(3, "1000", 4) = 4 [pid 5114] close(3) = 0 [ 52.710494][ T5068] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.731366][ T5070] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.743201][ T5080] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [pid 5114] symlink("/dev/binderfs", "./binderfs" [pid 5080] <... mkdirat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5080] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... symlink resumed>) = 0 [pid 5114] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] <... umount2 resumed>) = 0 [pid 5114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5073] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5077] <... futex resumed>) = 0 [pid 5077] exit_group(0 [pid 5113] <... futex resumed>) = ? [pid 5077] <... exit_group resumed>) = ? [pid 5113] +++ exited with 0 +++ [pid 5080] <... futex resumed>) = ? [pid 5080] +++ exited with 0 +++ [pid 5077] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 5069] restart_syscall(<... resuming interrupted clone ...> [pid 5114] <... mmap resumed>) = 0x7f3928dce000 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... restart_syscall resumed>) = 0 [pid 5068] <... umount2 resumed>) = 0 [pid 5114] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5073] lstat("./0/file0", [pid 5071] <... umount2 resumed>) = 0 [pid 5068] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5114] <... mprotect resumed>) = 0 [pid 5073] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5071] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] <... umount2 resumed>) = 0 [ 52.760027][ T5071] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5114] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5073] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] lstat("./0/file0", [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5071] lstat("./0/file0", [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5114] <... clone resumed>, parent_tid=[5117], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5117 [pid 5073] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5071] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] lstat("./0/file0", [pid 5069] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] fstat(3, [pid 5068] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5068] <... openat resumed>) = 4 [pid 5114] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] getdents64(3, [pid 5068] fstat(4, [pid 5073] <... openat resumed>) = 4 [pid 5114] <... futex resumed>) = 0 [pid 5073] fstat(4, [pid 5071] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] <... openat resumed>) = 4 [pid 5069] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5068] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5114] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5073] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] fstat(4, [pid 5069] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] getdents64(4, [pid 5073] getdents64(4, [pid 5071] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5070] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 ./strace-static-x86_64: Process 5117 attached [pid 5073] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5071] <... openat resumed>) = 4 [pid 5070] getdents64(4, [pid 5069] lstat("./0/binderfs", [pid 5068] getdents64(4, [pid 5117] set_robust_list(0x7f3928dee9e0, 24 [pid 5073] getdents64(4, [pid 5071] fstat(4, [pid 5070] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5069] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5068] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5117] <... set_robust_list resumed>) = 0 [pid 5073] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5071] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, [pid 5069] unlink("./0/binderfs" [pid 5068] close(4 [pid 5117] memfd_create("syzkaller", 0 [pid 5073] close(4 [pid 5071] getdents64(4, [pid 5070] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5069] <... unlink resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5117] <... memfd_create resumed>) = 3 [pid 5073] <... close resumed>) = 0 [pid 5071] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5070] close(4 [pid 5069] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] rmdir("./0/file0" [pid 5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5073] rmdir("./0/file0" [pid 5071] getdents64(4, [pid 5070] <... close resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5117] <... mmap resumed>) = 0x7f39209ce000 [pid 5073] <... rmdir resumed>) = 0 [pid 5071] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5070] rmdir("./0/file0" [pid 5068] getdents64(3, [pid 5073] getdents64(3, [pid 5071] close(4 [pid 5070] <... rmdir resumed>) = 0 [pid 5068] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5117] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5073] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5071] <... close resumed>) = 0 [pid 5070] getdents64(3, [pid 5068] close(3 [pid 5073] close(3 [pid 5071] rmdir("./0/file0" [pid 5070] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5068] <... close resumed>) = 0 [pid 5073] <... close resumed>) = 0 [pid 5071] <... rmdir resumed>) = 0 [pid 5070] close(3 [pid 5068] rmdir("./0" [pid 5117] <... write resumed>) = 262144 [pid 5073] rmdir("./0" [pid 5071] getdents64(3, [pid 5070] <... close resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5117] munmap(0x7f39209ce000, 262144 [pid 5073] <... rmdir resumed>) = 0 [pid 5071] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5070] rmdir("./0" [pid 5068] mkdir("./1", 0777 [pid 5117] <... munmap resumed>) = 0 [pid 5073] mkdir("./1", 0777 [pid 5071] close(3 [pid 5070] <... rmdir resumed>) = 0 [pid 5068] <... mkdir resumed>) = 0 [pid 5117] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5073] <... mkdir resumed>) = 0 [pid 5071] <... close resumed>) = 0 [pid 5070] mkdir("./1", 0777 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5117] <... openat resumed>) = 4 [pid 5073] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5071] rmdir("./0" [pid 5070] <... mkdir resumed>) = 0 [pid 5068] <... openat resumed>) = 3 [pid 5117] ioctl(4, LOOP_SET_FD, 3 [pid 5073] <... openat resumed>) = 3 [pid 5070] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5071] <... rmdir resumed>) = 0 [pid 5070] <... openat resumed>) = 3 [pid 5068] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5070] ioctl(3, LOOP_CLR_FD [pid 5068] close(3 [pid 5070] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5068] <... close resumed>) = 0 [pid 5073] ioctl(3, LOOP_CLR_FD [pid 5071] mkdir("./1", 0777 [pid 5070] close(3 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5117] <... ioctl resumed>) = 0 [pid 5073] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5070] <... close resumed>) = 0 [pid 5117] close(3 [pid 5073] close(3 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5119 [pid 5117] <... close resumed>) = 0 [pid 5073] <... close resumed>) = 0 [pid 5071] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5120 attached [pid 5117] mkdir("./file0", 0777 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5071] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5070] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5120 [pid 5117] <... mkdir resumed>) = 0 [pid 5117] mount("/dev/loop4", "./file0", "ext4", MS_NODEV, ",errors=continue"./strace-static-x86_64: Process 5119 attached [pid 5120] set_robust_list(0x55555612d5e0, 24 [pid 5073] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5121 [pid 5071] <... openat resumed>) = 3 [pid 5120] <... set_robust_list resumed>) = 0 [pid 5119] set_robust_list(0x55555612d5e0, 24 [pid 5071] ioctl(3, LOOP_CLR_FD [pid 5120] chdir("./1" [pid 5119] <... set_robust_list resumed>) = 0 [pid 5071] <... ioctl resumed>) = -1 ENXIO (No such device or address) ./strace-static-x86_64: Process 5121 attached [pid 5120] <... chdir resumed>) = 0 [pid 5119] chdir("./1" [pid 5071] close(3 [pid 5120] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5119] <... chdir resumed>) = 0 [pid 5071] <... close resumed>) = 0 [pid 5120] <... prctl resumed>) = 0 [pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5121] set_robust_list(0x55555612d5e0, 24 [pid 5120] setpgid(0, 0 [pid 5119] <... prctl resumed>) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5121] <... set_robust_list resumed>) = 0 [pid 5120] <... setpgid resumed>) = 0 [ 52.847135][ T5069] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 52.871832][ T5117] loop4: detected capacity change from 0 to 512 [pid 5119] setpgid(0, 0 [pid 5069] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5121] chdir("./1" [pid 5120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5119] <... setpgid resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] lstat("./0/file0", [pid 5119] <... openat resumed>) = 3 [pid 5069] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 ./strace-static-x86_64: Process 5124 attached [pid 5119] write(3, "1000", 4 [pid 5069] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5124] set_robust_list(0x55555612d5e0, 24 [pid 5119] <... write resumed>) = 4 [pid 5071] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5124 [pid 5121] <... chdir resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5124] <... set_robust_list resumed>) = 0 [pid 5121] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5120] <... openat resumed>) = 3 [pid 5119] close(3 [pid 5069] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5124] chdir("./1" [pid 5121] <... prctl resumed>) = 0 [pid 5120] write(3, "1000", 4 [pid 5119] <... close resumed>) = 0 [pid 5069] <... openat resumed>) = 4 [pid 5124] <... chdir resumed>) = 0 [pid 5119] symlink("/dev/binderfs", "./binderfs" [pid 5069] fstat(4, [pid 5124] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5119] <... symlink resumed>) = 0 [pid 5069] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5124] <... prctl resumed>) = 0 [pid 5119] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] getdents64(4, [pid 5124] setpgid(0, 0 [pid 5121] setpgid(0, 0 [pid 5120] <... write resumed>) = 4 [pid 5119] <... futex resumed>) = 0 [pid 5069] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5124] <... setpgid resumed>) = 0 [pid 5121] <... setpgid resumed>) = 0 [pid 5120] close(3 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5069] getdents64(4, [pid 5124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5121] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5120] <... close resumed>) = 0 [pid 5119] <... mmap resumed>) = 0x7f3928dce000 [pid 5069] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5124] <... openat resumed>) = 3 [pid 5121] <... openat resumed>) = 3 [pid 5120] symlink("/dev/binderfs", "./binderfs" [pid 5119] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5069] close(4 [pid 5124] write(3, "1000", 4 [pid 5121] write(3, "1000", 4 [pid 5120] <... symlink resumed>) = 0 [pid 5119] <... mprotect resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5124] <... write resumed>) = 4 [pid 5121] <... write resumed>) = 4 [pid 5120] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [ 52.914705][ T5117] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [pid 5119] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5069] rmdir("./0/file0" [pid 5124] close(3 [pid 5069] <... rmdir resumed>) = 0 [pid 5124] <... close resumed>) = 0 [pid 5121] close(3 [pid 5120] <... futex resumed>) = 0 [pid 5119] <... clone resumed>, parent_tid=[5125], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5125 [pid 5069] getdents64(3, [pid 5124] symlink("/dev/binderfs", "./binderfs" [pid 5119] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5124] <... symlink resumed>) = 0 [pid 5119] <... futex resumed>) = 0 [pid 5069] close(3./strace-static-x86_64: Process 5125 attached [pid 5124] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5069] <... close resumed>) = 0 [pid 5125] set_robust_list(0x7f3928dee9e0, 24 [pid 5124] <... futex resumed>) = 0 [pid 5069] rmdir("./0" [pid 5125] <... set_robust_list resumed>) = 0 [pid 5124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5069] <... rmdir resumed>) = 0 [pid 5125] memfd_create("syzkaller", 0 [pid 5124] <... mmap resumed>) = 0x7f3928dce000 [pid 5069] mkdir("./1", 0777 [pid 5125] <... memfd_create resumed>) = 3 [pid 5124] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5069] <... mkdir resumed>) = 0 [pid 5125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5124] <... mprotect resumed>) = 0 [pid 5121] <... close resumed>) = 0 [pid 5120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5069] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5125] <... mmap resumed>) = 0x7f39209ce000 [pid 5124] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5069] <... openat resumed>) = 3 [pid 5125] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5125] <... write resumed>) = 262144 [pid 5124] <... clone resumed>, parent_tid=[5126], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5126 [pid 5121] symlink("/dev/binderfs", "./binderfs" [pid 5120] <... mmap resumed>) = 0x7f3928dce000 [pid 5069] <... ioctl resumed>) = -1 ENXIO (No such device or address) ./strace-static-x86_64: Process 5126 attached [pid 5125] munmap(0x7f39209ce000, 262144 [pid 5124] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... symlink resumed>) = 0 [pid 5120] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5117] <... mount resumed>) = 0 [pid 5069] close(3 [pid 5126] set_robust_list(0x7f3928dee9e0, 24 [pid 5125] <... munmap resumed>) = 0 [pid 5124] <... futex resumed>) = 0 [pid 5121] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... mprotect resumed>) = 0 [pid 5117] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5069] <... close resumed>) = 0 [pid 5126] <... set_robust_list resumed>) = 0 [pid 5125] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5117] <... openat resumed>) = 3 [pid 5126] memfd_create("syzkaller", 0 [pid 5125] <... openat resumed>) = 4 [pid 5117] chdir("./file0" [pid 5126] <... memfd_create resumed>) = 3 [pid 5125] ioctl(4, LOOP_SET_FD, 3 [pid 5117] <... chdir resumed>) = 0 [pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5124] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5121] <... futex resumed>) = 0 [pid 5120] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5117] ioctl(4, LOOP_CLR_FD [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5126] <... mmap resumed>) = 0x7f39209ce000 [pid 5117] <... ioctl resumed>) = 0 [pid 5126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5117] close(4 [pid 5126] <... write resumed>) = 262144 [pid 5121] <... mmap resumed>) = 0x7f3928dce000 [pid 5120] <... clone resumed>, parent_tid=[5127], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5127 [pid 5117] <... close resumed>) = 0 [pid 5069] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5128 [pid 5126] munmap(0x7f39209ce000, 262144 [pid 5121] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5120] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5127 attached ./strace-static-x86_64: Process 5128 attached [pid 5126] <... munmap resumed>) = 0 [pid 5121] <... mprotect resumed>) = 0 [pid 5120] <... futex resumed>) = 0 [pid 5117] <... futex resumed>) = 1 [pid 5114] <... futex resumed>) = 0 [pid 5126] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5121] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5120] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5117] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5114] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] set_robust_list(0x7f3928dee9e0, 24./strace-static-x86_64: Process 5129 attached [pid 5128] set_robust_list(0x55555612d5e0, 24 [pid 5127] <... set_robust_list resumed>) = 0 [pid 5126] <... openat resumed>) = 4 [pid 5117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5114] <... futex resumed>) = 0 [pid 5129] set_robust_list(0x7f3928dee9e0, 24 [pid 5128] <... set_robust_list resumed>) = 0 [pid 5127] memfd_create("syzkaller", 0 [pid 5126] ioctl(4, LOOP_SET_FD, 3 [pid 5125] <... ioctl resumed>) = 0 [pid 5121] <... clone resumed>, parent_tid=[5129], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5129 [pid 5117] fspick(AT_FDCWD, ".", 0 [pid 5114] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... set_robust_list resumed>) = 0 [pid 5128] chdir("./1" [pid 5127] <... memfd_create resumed>) = 3 [pid 5125] close(3 [ 52.961088][ T5117] EXT4-fs (loop4): 1 truncate cleaned up [ 52.967299][ T5117] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 52.979927][ T5117] ext4 filesystem being mounted at /root/syzkaller.OeA2WI/1/file0 supports timestamps until 2038 (0x7fffffff) [ 52.999905][ T5125] loop0: detected capacity change from 0 to 512 [pid 5121] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... chdir resumed>) = 0 [pid 5127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5125] <... close resumed>) = 0 [pid 5121] <... futex resumed>) = 0 [pid 5128] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5127] <... mmap resumed>) = 0x7f39209ce000 [pid 5125] mkdir("./file0", 0777 [pid 5121] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5129] memfd_create("syzkaller", 0 [pid 5128] <... prctl resumed>) = 0 [pid 5127] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5126] <... ioctl resumed>) = 0 [pid 5125] <... mkdir resumed>) = 0 [pid 5117] <... fspick resumed>) = 4 [pid 5129] <... memfd_create resumed>) = 3 [pid 5126] close(3 [pid 5117] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5126] <... close resumed>) = 0 [pid 5117] <... futex resumed>) = 1 [pid 5114] <... futex resumed>) = 0 [pid 5129] <... mmap resumed>) = 0x7f39209ce000 [pid 5126] mkdir("./file0", 0777 [pid 5117] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5114] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] setpgid(0, 0 [pid 5129] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5128] <... setpgid resumed>) = 0 [pid 5126] <... mkdir resumed>) = 0 [pid 5117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5114] <... futex resumed>) = 0 [pid 5129] <... write resumed>) = 262144 [pid 5128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5126] mount("/dev/loop3", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5125] mount("/dev/loop0", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5117] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5114] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] munmap(0x7f39209ce000, 262144 [pid 5128] <... openat resumed>) = 3 [pid 5127] <... write resumed>) = 262144 [pid 5117] <... fsconfig resumed>) = 0 [pid 5129] <... munmap resumed>) = 0 [pid 5128] write(3, "1000", 4 [pid 5117] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5117] <... futex resumed>) = 1 [pid 5114] <... futex resumed>) = 0 [pid 5129] <... openat resumed>) = 4 [pid 5128] <... write resumed>) = 4 [pid 5117] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5114] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] ioctl(4, LOOP_SET_FD, 3 [pid 5128] close(3 [ 53.025426][ T5126] loop3: detected capacity change from 0 to 512 [ 53.051520][ T5129] loop5: detected capacity change from 0 to 512 [ 53.063151][ T5117] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5114] <... futex resumed>) = 0 [pid 5129] <... ioctl resumed>) = 0 [pid 5128] <... close resumed>) = 0 [pid 5127] munmap(0x7f39209ce000, 262144 [pid 5117] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5114] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] close(3 [pid 5128] symlink("/dev/binderfs", "./binderfs" [pid 5129] <... close resumed>) = 0 [pid 5129] mkdir("./file0", 0777) = 0 [pid 5128] <... symlink resumed>) = 0 [pid 5129] mount("/dev/loop5", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5128] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5127] <... munmap resumed>) = 0 [pid 5117] <... fsconfig resumed>) = 0 [pid 5128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5127] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5117] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... mmap resumed>) = 0x7f3928dce000 [pid 5127] <... openat resumed>) = 4 [pid 5117] <... futex resumed>) = 1 [pid 5114] <... futex resumed>) = 0 [pid 5128] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5127] ioctl(4, LOOP_SET_FD, 3 [pid 5117] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5114] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... mprotect resumed>) = 0 [pid 5117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5128] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5117] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5127] <... ioctl resumed>) = 0 [pid 5114] <... futex resumed>) = 0 [pid 5128] <... clone resumed>, parent_tid=[5134], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5134 [pid 5128] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5134 attached [pid 5134] set_robust_list(0x7f3928dee9e0, 24) = 0 [pid 5114] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] close(3 [ 53.064336][ T5126] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 53.095862][ T5127] loop2: detected capacity change from 0 to 512 [ 53.097560][ T5117] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 53.104681][ T5126] EXT4-fs (loop3): 1 truncate cleaned up [pid 5134] memfd_create("syzkaller", 0 [pid 5127] <... close resumed>) = 0 [pid 5134] <... memfd_create resumed>) = 3 [pid 5134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f39209ce000 [pid 5127] mkdir("./file0", 0777) = 0 [pid 5127] mount("/dev/loop2", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5114] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5114] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f39209ed000 [ 53.122377][ T5126] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 53.135813][ T5125] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 53.152910][ T5125] EXT4-fs (loop0): 1 truncate cleaned up [ 53.156575][ T5129] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [pid 5114] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5114] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5138], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5138 [pid 5114] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5138 attached [pid 5134] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5114] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] set_robust_list(0x7f3920a0d9e0, 24 [pid 5134] <... write resumed>) = 262144 [pid 5138] <... set_robust_list resumed>) = 0 [pid 5134] munmap(0x7f39209ce000, 262144 [pid 5138] openat(AT_FDCWD, ".", O_RDONLY [pid 5134] <... munmap resumed>) = 0 [pid 5138] <... openat resumed>) = 5 [pid 5134] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5138] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... openat resumed>) = 4 [pid 5138] <... futex resumed>) = 1 [pid 5134] ioctl(4, LOOP_SET_FD, 3 [pid 5114] <... futex resumed>) = 0 [pid 5138] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] <... mount resumed>) = 0 [pid 5125] <... mount resumed>) = 0 [pid 5126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5125] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5126] <... openat resumed>) = 3 [pid 5125] <... openat resumed>) = 3 [pid 5126] chdir("./file0" [pid 5125] chdir("./file0" [pid 5126] <... chdir resumed>) = 0 [pid 5125] <... chdir resumed>) = 0 [pid 5126] ioctl(4, LOOP_CLR_FD [pid 5125] ioctl(4, LOOP_CLR_FD [pid 5126] <... ioctl resumed>) = 0 [pid 5125] <... ioctl resumed>) = 0 [pid 5126] close(4 [pid 5125] close(4 [pid 5138] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5134] <... ioctl resumed>) = 0 [pid 5125] <... close resumed>) = 0 [pid 5117] <... fsconfig resumed>) = 0 [pid 5114] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] mkdirat(5, "./bus", 000 [pid 5134] close(3 [pid 5125] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = 0 [ 53.158627][ T5125] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 53.181729][ T5117] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 53.185873][ T5125] ext4 filesystem being mounted at /root/syzkaller.13SvPn/1/file0 supports timestamps until 2038 (0x7fffffff) [ 53.207664][ T5126] ext4 filesystem being mounted at /root/syzkaller.m4jObD/1/file0 supports timestamps until 2038 (0x7fffffff) [ 53.208443][ T5134] loop1: detected capacity change from 0 to 512 [pid 5134] <... close resumed>) = 0 [pid 5125] <... futex resumed>) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5117] <... futex resumed>) = 0 [pid 5114] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] mkdir("./file0", 0777 [pid 5117] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] <... mkdir resumed>) = 0 [pid 5134] mount("/dev/loop1", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5126] <... close resumed>) = 0 [pid 5126] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] fspick(AT_FDCWD, ".", 0 [pid 5124] <... futex resumed>) = 0 [pid 5119] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... fspick resumed>) = 4 [pid 5124] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = 0 [pid 5138] <... mkdirat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5126] <... futex resumed>) = 0 [pid 5124] <... futex resumed>) = 1 [pid 5119] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] fspick(AT_FDCWD, ".", 0 [pid 5124] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... fspick resumed>) = 4 [pid 5138] <... futex resumed>) = 1 [pid 5126] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5114] <... futex resumed>) = 0 [pid 5126] <... futex resumed>) = 1 [pid 5138] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5124] <... futex resumed>) = 0 [pid 5119] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] exit_group(0 [pid 5138] <... futex resumed>) = ? [pid 5126] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] <... fsconfig resumed>) = 0 [pid 5124] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = 0 [pid 5117] <... futex resumed>) = ? [pid 5114] <... exit_group resumed>) = ? [pid 5138] +++ exited with 0 +++ [pid 5119] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] +++ exited with 0 +++ [pid 5126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5125] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = 0 [pid 5119] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5114] +++ exited with 0 +++ [pid 5126] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5125] <... futex resumed>) = 0 [pid 5124] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5119] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... fsconfig resumed>) = 0 [pid 5125] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5119] <... futex resumed>) = 0 [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5114, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5126] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] restart_syscall(<... resuming interrupted clone ...> [pid 5126] <... futex resumed>) = 1 [pid 5124] <... futex resumed>) = 0 [pid 5072] <... restart_syscall resumed>) = 0 [pid 5126] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 53.231774][ T5138] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 53.255802][ T5129] EXT4-fs (loop5): 1 truncate cleaned up [ 53.264363][ T5129] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5124] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5072] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./1/binderfs") = 0 [pid 5072] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5124] <... futex resumed>) = 0 [pid 5126] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [ 53.294409][ T5125] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 53.307987][ T5072] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.320807][ T5127] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [pid 5124] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... mount resumed>) = 0 [pid 5119] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5119] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f39209ed000 [pid 5126] <... fsconfig resumed>) = 0 [pid 5125] <... fsconfig resumed>) = 0 [pid 5119] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5126] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... mprotect resumed>) = 0 [pid 5126] <... futex resumed>) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5124] <... futex resumed>) = 0 [pid 5119] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5126] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 53.337640][ T5129] ext4 filesystem being mounted at /root/syzkaller.336SfN/1/file0 supports timestamps until 2038 (0x7fffffff) [ 53.338796][ T5126] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 53.343185][ T5134] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [pid 5124] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5143 attached [pid 5129] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5124] <... futex resumed>) = 0 [pid 5119] <... clone resumed>, parent_tid=[5143], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5143 [pid 5143] set_robust_list(0x7f3920a0d9e0, 24 [pid 5124] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5143] <... set_robust_list resumed>) = 0 [pid 5143] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5129] <... openat resumed>) = 3 [pid 5129] chdir("./file0") = 0 [pid 5129] ioctl(4, LOOP_CLR_FD) = 0 [pid 5129] close(4) = 0 [pid 5129] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5129] fspick(AT_FDCWD, ".", 0 [pid 5121] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... fspick resumed>) = 4 [pid 5121] <... futex resumed>) = 0 [pid 5129] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... futex resumed>) = 0 [pid 5121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5129] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5121] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... fsconfig resumed>) = 0 [pid 5121] <... futex resumed>) = 0 [pid 5129] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... futex resumed>) = 0 [pid 5121] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5129] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5121] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5119] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] <... futex resumed>) = 0 [pid 5119] <... futex resumed>) = 1 [ 53.389522][ T5134] EXT4-fs (loop1): 1 truncate cleaned up [ 53.400469][ T5126] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 53.401846][ T5127] EXT4-fs (loop2): 1 truncate cleaned up [ 53.415701][ T5129] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 53.426694][ T5127] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5143] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5119] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5124] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5121] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f39209ed000 [pid 5121] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5121] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5144], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5144 [pid 5121] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5121] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5144 attached [pid 5144] set_robust_list(0x7f3920a0d9e0, 24) = 0 [pid 5144] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5127] <... mount resumed>) = 0 [pid 5127] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5127] chdir("./file0") = 0 [pid 5127] ioctl(4, LOOP_CLR_FD) = 0 [pid 5127] close(4) = 0 [pid 5127] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] <... futex resumed>) = 1 [pid 5127] fspick(AT_FDCWD, ".", 0) = 4 [pid 5127] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] <... futex resumed>) = 1 [pid 5127] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5127] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = 0 [pid 5120] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] <... futex resumed>) = 1 [pid 5127] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5124] <... futex resumed>) = 0 [ 53.438099][ T5134] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 53.451596][ T5143] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 53.453507][ T5127] ext4 filesystem being mounted at /root/syzkaller.Lw0I6A/1/file0 supports timestamps until 2038 (0x7fffffff) [ 53.463517][ T5134] ext4 filesystem being mounted at /root/syzkaller.Umn7fv/1/file0 supports timestamps until 2038 (0x7fffffff) [ 53.486253][ T5144] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [pid 5129] <... fsconfig resumed>) = 0 [pid 5124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5129] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] <... mmap resumed>) = 0x7f39209ed000 [pid 5124] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5072] <... umount2 resumed>) = 0 [pid 5124] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5121] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5072] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5121] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5121] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = 0 [pid 5121] <... futex resumed>) = 1 [pid 5129] openat(AT_FDCWD, ".", O_RDONLY [pid 5121] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... openat resumed>) = 5 [pid 5129] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5129] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5121] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5121] <... futex resumed>) = 0 [pid 5129] mkdirat(5, "./bus", 000 [pid 5121] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... mkdirat resumed>) = -1 EROFS (Read-only file system) [pid 5129] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] <... futex resumed>) = 0 [pid 5129] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5147 attached [pid 5147] set_robust_list(0x7f3920a0d9e0, 24) = 0 [pid 5147] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5119] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 0 [pid 5119] <... futex resumed>) = 1 [pid 5120] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5120] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f39209ed000 [pid 5120] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5120] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5148], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5148 [pid 5120] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5125] openat(AT_FDCWD, ".", O_RDONLY [pid 5124] <... clone resumed>, parent_tid=[5147], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5147 [pid 5119] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5125] <... openat resumed>) = 5 [pid 5124] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5125] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... futex resumed>) = 1 [pid 5072] lstat("./1/file0", [pid 5147] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5125] <... futex resumed>) = 1 [pid 5124] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5119] <... futex resumed>) = 0 [pid 5072] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5147] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5119] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5147] <... futex resumed>) = 0 [ 53.510586][ T5126] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 53.521625][ T5143] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 53.545155][ T5127] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5147] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5148 attached [pid 5143] <... fsconfig resumed>) = 0 [pid 5134] <... mount resumed>) = 0 [pid 5127] <... fsconfig resumed>) = 0 [pid 5126] <... fsconfig resumed>) = 0 [pid 5125] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5124] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... futex resumed>) = 0 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5147] <... futex resumed>) = 0 [pid 5143] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] mkdirat(5, "./bus", 000 [pid 5124] <... futex resumed>) = 1 [pid 5119] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5148] set_robust_list(0x7f3920a0d9e0, 24 [pid 5072] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5148] <... set_robust_list resumed>) = 0 [pid 5147] mkdirat(5, "./bus", 000 [pid 5144] <... fsconfig resumed>) = 0 [pid 5143] <... futex resumed>) = 0 [pid 5134] <... openat resumed>) = 3 [pid 5127] <... futex resumed>) = 0 [pid 5126] <... futex resumed>) = 0 [pid 5124] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... openat resumed>) = 4 [pid 5148] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5144] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] chdir("./file0" [pid 5126] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] fstat(4, [pid 5147] <... mkdirat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5127] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] <... mkdirat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5121] exit_group(0 [pid 5120] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5147] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = ? [pid 5125] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... exit_group resumed>) = ? [pid 5120] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 1 [pid 5129] +++ exited with 0 +++ [pid 5127] <... futex resumed>) = 0 [pid 5125] <... futex resumed>) = 1 [pid 5124] <... futex resumed>) = 0 [pid 5120] <... futex resumed>) = 1 [pid 5147] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5127] openat(AT_FDCWD, ".", O_RDONLY [pid 5125] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] exit_group(0 [pid 5120] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... futex resumed>) = ? [pid 5127] <... openat resumed>) = 5 [pid 5124] <... exit_group resumed>) = ? [pid 5147] +++ exited with 0 +++ [pid 5127] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5134] <... chdir resumed>) = 0 [pid 5127] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5126] <... futex resumed>) = ? [pid 5120] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] ioctl(4, LOOP_CLR_FD [pid 5127] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5120] <... futex resumed>) = 0 [pid 5119] <... futex resumed>) = 0 [pid 5072] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5127] mkdirat(5, "./bus", 000 [pid 5120] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] <... mkdirat resumed>) = -1 EROFS (Read-only file system) [pid 5127] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] +++ exited with 0 +++ [pid 5124] +++ exited with 0 +++ [pid 5127] <... futex resumed>) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5119] exit_group(0 [pid 5072] getdents64(4, [pid 5143] <... futex resumed>) = ? [pid 5134] <... ioctl resumed>) = 0 [pid 5127] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] <... futex resumed>) = ? [pid 5119] <... exit_group resumed>) = ? [pid 5144] <... futex resumed>) = ? [pid 5125] +++ exited with 0 +++ [pid 5144] +++ exited with 0 +++ [pid 5143] +++ exited with 0 +++ [pid 5121] +++ exited with 0 +++ [pid 5072] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5134] close(4 [pid 5119] +++ exited with 0 +++ [pid 5072] getdents64(4, [pid 5071] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5124, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5134] <... close resumed>) = 0 [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5121, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5072] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5071] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5134] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] close(4 [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5119, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5134] <... futex resumed>) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5072] <... close resumed>) = 0 [pid 5071] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] restart_syscall(<... resuming interrupted clone ...> [pid 5134] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] rmdir("./1/file0" [pid 5071] <... openat resumed>) = 3 [pid 5068] <... restart_syscall resumed>) = 0 [pid 5134] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5128] <... futex resumed>) = 0 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5072] <... rmdir resumed>) = 0 [pid 5071] fstat(3, [pid 5134] fspick(AT_FDCWD, ".", 0 [pid 5128] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5072] getdents64(3, [pid 5071] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5134] <... fspick resumed>) = 4 [pid 5073] <... openat resumed>) = 3 [pid 5072] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5071] getdents64(3, [pid 5068] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5134] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] fstat(3, [pid 5072] close(3 [pid 5071] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5134] <... futex resumed>) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5073] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] <... close resumed>) = 0 [pid 5071] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5134] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] getdents64(3, [pid 5072] rmdir("./1" [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... openat resumed>) = 3 [pid 5134] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5128] <... futex resumed>) = 0 [pid 5073] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5072] <... rmdir resumed>) = 0 [pid 5071] lstat("./1/binderfs", [pid 5068] fstat(3, [pid 5134] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5128] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] mkdir("./2", 0777 [pid 5071] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5068] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5134] <... fsconfig resumed>) = 0 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5072] <... mkdir resumed>) = 0 [ 53.551365][ T5144] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 53.571865][ T5125] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 53.580424][ T5148] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [pid 5071] unlink("./1/binderfs" [pid 5068] getdents64(3, [pid 5134] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] lstat("./1/binderfs", [pid 5072] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5071] <... unlink resumed>) = 0 [pid 5068] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5134] <... futex resumed>) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5073] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] <... openat resumed>) = 3 [pid 5071] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5134] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] unlink("./1/binderfs" [pid 5072] ioctl(3, LOOP_CLR_FD [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5134] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5128] <... futex resumed>) = 0 [pid 5073] <... unlink resumed>) = 0 [pid 5072] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5068] lstat("./1/binderfs", [pid 5134] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5128] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] close(3 [pid 5068] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] <... close resumed>) = 0 [pid 5068] unlink("./1/binderfs" [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] <... unlink resumed>) = 0 [pid 5068] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5151 ./strace-static-x86_64: Process 5151 attached [pid 5151] set_robust_list(0x55555612d5e0, 24) = 0 [pid 5151] chdir("./2") = 0 [pid 5151] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5151] setpgid(0, 0 [pid 5148] <... fsconfig resumed>) = 0 [pid 5148] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5148] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5120] exit_group(0 [pid 5148] <... futex resumed>) = ? [pid 5127] <... futex resumed>) = ? [pid 5120] <... exit_group resumed>) = ? [pid 5148] +++ exited with 0 +++ [pid 5127] +++ exited with 0 +++ [pid 5120] +++ exited with 0 +++ [pid 5151] <... setpgid resumed>) = 0 [pid 5151] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5151] write(3, "1000", 4) = 4 [pid 5151] close(3) = 0 [pid 5151] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5151] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5151] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3928dce000 [pid 5151] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5151] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5120, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5151] <... clone resumed>, parent_tid=[5152], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5152 [pid 5151] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 53.636471][ T5148] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 53.659505][ T5134] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 53.673609][ T5073] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5151] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5134] <... fsconfig resumed>) = 0 [pid 5134] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5134] <... futex resumed>) = 1 [pid 5134] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0./strace-static-x86_64: Process 5152 attached [pid 5070] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5152] set_robust_list(0x7f3928dee9e0, 24) = 0 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5152] memfd_create("syzkaller", 0 [pid 5070] <... openat resumed>) = 3 [pid 5152] <... memfd_create resumed>) = 3 [pid 5070] fstat(3, [pid 5152] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5070] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5152] <... mmap resumed>) = 0x7f39209ce000 [pid 5070] getdents64(3, [pid 5152] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5070] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5070] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 53.683672][ T5071] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.694677][ T5068] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.697279][ T5134] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [pid 5070] lstat("./1/binderfs", [pid 5152] <... write resumed>) = 262144 [pid 5070] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5068] <... umount2 resumed>) = 0 [pid 5070] unlink("./1/binderfs") = 0 [pid 5068] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] lstat("./1/file0", [pid 5152] munmap(0x7f39209ce000, 262144 [pid 5068] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5068] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5152] <... munmap resumed>) = 0 [pid 5152] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5152] <... openat resumed>) = 4 [pid 5152] ioctl(4, LOOP_SET_FD, 3 [pid 5068] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5071] <... umount2 resumed>) = 0 [pid 5068] <... openat resumed>) = 4 [pid 5068] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5068] getdents64(4, 0x555556136660 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556136660 /* 0 entries */, 32768) = 0 [pid 5068] close(4 [pid 5128] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5071] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./1/file0" [pid 5128] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... rmdir resumed>) = 0 [pid 5068] getdents64(3, [pid 5128] <... futex resumed>) = 0 [pid 5071] lstat("./1/file0", [pid 5068] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5071] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5068] close(3 [pid 5128] <... mmap resumed>) = 0x7f39209ed000 [pid 5071] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./1" [pid 5128] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... rmdir resumed>) = 0 [pid 5068] mkdir("./2", 0777 [pid 5128] <... mprotect resumed>) = 0 [pid 5071] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... mkdir resumed>) = 0 [pid 5128] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5071] <... openat resumed>) = 4 [pid 5068] close(3 [pid 5071] fstat(4, [pid 5068] <... close resumed>) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5128] <... clone resumed>, parent_tid=[5154], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5154 [pid 5071] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5128] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] getdents64(4, [pid 5068] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5155 [pid 5128] <... futex resumed>) = 0 [pid 5071] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5152] <... ioctl resumed>) = 0 [pid 5128] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] getdents64(4, [pid 5152] close(3 [pid 5071] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5152] <... close resumed>) = 0 [pid 5071] close(4 [pid 5152] mkdir("./file0", 0777 [pid 5071] <... close resumed>) = 0 [pid 5152] <... mkdir resumed>) = 0 [pid 5071] rmdir("./1/file0"./strace-static-x86_64: Process 5155 attached [pid 5152] mount("/dev/loop4", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5155] set_robust_list(0x55555612d5e0, 24 [pid 5071] <... rmdir resumed>) = 0 [pid 5155] <... set_robust_list resumed>) = 0 [pid 5071] getdents64(3, [pid 5155] chdir("./2" [pid 5071] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5155] <... chdir resumed>) = 0 [pid 5155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5155] setpgid(0, 0) = 0 [pid 5155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5071] close(3 [pid 5155] <... openat resumed>) = 3 [pid 5155] write(3, "1000", 4 [pid 5073] <... umount2 resumed>) = 0 [pid 5071] <... close resumed>) = 0 [pid 5155] <... write resumed>) = 4 [pid 5071] rmdir("./1" [pid 5155] close(3) = 0 [pid 5134] <... fsconfig resumed>) = 0 [pid 5155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5134] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... rmdir resumed>) = 0 [pid 5155] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5134] <... futex resumed>) = 0 [pid 5155] <... futex resumed>) = 0 [pid 5134] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] mkdir("./2", 0777 [pid 5155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3928dce000 [pid 5155] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5071] <... mkdir resumed>) = 0 [pid 5155] <... mprotect resumed>) = 0 [pid 5155] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5071] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5155] <... clone resumed>, parent_tid=[5156], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5156 [pid 5073] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5071] <... openat resumed>) = 3 [pid 5155] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] ioctl(3, LOOP_CLR_FD [pid 5155] <... futex resumed>) = 0 [pid 5071] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5155] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5071] close(3./strace-static-x86_64: Process 5156 attached [pid 5156] set_robust_list(0x7f3928dee9e0, 24 [pid 5071] <... close resumed>) = 0 [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5154 attached [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5156] <... set_robust_list resumed>) = 0 [pid 5073] lstat("./1/file0", [pid 5154] set_robust_list(0x7f3920a0d9e0, 24 [pid 5071] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5158 [pid 5073] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5154] <... set_robust_list resumed>) = 0 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5156] memfd_create("syzkaller", 0) = 3 [pid 5156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5154] openat(AT_FDCWD, ".", O_RDONLY [pid 5073] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5156] <... mmap resumed>) = 0x7f39209ce000 [pid 5154] <... openat resumed>) = 5 [pid 5073] <... openat resumed>) = 4 [ 53.736004][ T5152] loop4: detected capacity change from 0 to 512 [ 53.744944][ T5070] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.762962][ T5134] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. ./strace-static-x86_64: Process 5158 attached [pid 5156] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5154] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] fstat(4, [pid 5154] <... futex resumed>) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5073] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5154] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] getdents64(4, [pid 5158] set_robust_list(0x55555612d5e0, 24 [pid 5134] <... futex resumed>) = 0 [pid 5128] <... futex resumed>) = 1 [pid 5073] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5158] <... set_robust_list resumed>) = 0 [pid 5156] <... write resumed>) = 262144 [pid 5134] mkdirat(5, "./bus", 000 [pid 5128] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] getdents64(4, [pid 5158] chdir("./2" [pid 5073] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5073] close(4 [pid 5158] <... chdir resumed>) = 0 [pid 5073] <... close resumed>) = 0 [pid 5158] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5073] rmdir("./1/file0" [pid 5156] munmap(0x7f39209ce000, 262144) = 0 [pid 5158] <... prctl resumed>) = 0 [pid 5073] <... rmdir resumed>) = 0 [pid 5156] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5156] ioctl(4, LOOP_SET_FD, 3 [pid 5158] setpgid(0, 0 [pid 5134] <... mkdirat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5073] getdents64(3, [pid 5156] <... ioctl resumed>) = 0 [pid 5156] close(3) = 0 [pid 5156] mkdir("./file0", 0777) = 0 [pid 5156] mount("/dev/loop0", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5158] <... setpgid resumed>) = 0 [pid 5134] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5134] <... futex resumed>) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5073] close(3 [pid 5158] <... openat resumed>) = 3 [pid 5134] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] exit_group(0 [pid 5073] <... close resumed>) = 0 [pid 5158] write(3, "1000", 4 [pid 5154] <... futex resumed>) = ? [pid 5134] <... futex resumed>) = ? [pid 5128] <... exit_group resumed>) = ? [pid 5073] rmdir("./1" [pid 5070] <... umount2 resumed>) = 0 [pid 5158] <... write resumed>) = 4 [pid 5154] +++ exited with 0 +++ [pid 5134] +++ exited with 0 +++ [pid 5128] +++ exited with 0 +++ [pid 5073] <... rmdir resumed>) = 0 [pid 5158] close(3 [pid 5073] mkdir("./2", 0777 [pid 5158] <... close resumed>) = 0 [pid 5073] <... mkdir resumed>) = 0 [pid 5158] symlink("/dev/binderfs", "./binderfs" [pid 5073] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5158] <... symlink resumed>) = 0 [pid 5073] <... openat resumed>) = 3 [pid 5158] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] ioctl(3, LOOP_CLR_FD [pid 5158] <... futex resumed>) = 0 [pid 5073] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5073] close(3 [pid 5158] <... mmap resumed>) = 0x7f3928dce000 [pid 5073] <... close resumed>) = 0 [pid 5158] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5070] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5158] <... mprotect resumed>) = 0 [pid 5158] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5073] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5160 [pid 5158] <... clone resumed>, parent_tid=[5161], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5161 [ 53.848932][ T5156] loop0: detected capacity change from 0 to 512 [ 53.851738][ T5152] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 53.880216][ T5152] EXT4-fs (loop4): 1 truncate cleaned up [ 53.887130][ T5152] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5158] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5161 attached [pid 5070] lstat("./1/file0", [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5128, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- ./strace-static-x86_64: Process 5160 attached [pid 5160] set_robust_list(0x55555612d5e0, 24) = 0 [pid 5160] chdir("./2" [pid 5070] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5161] set_robust_list(0x7f3928dee9e0, 24 [pid 5070] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5161] <... set_robust_list resumed>) = 0 [pid 5160] <... chdir resumed>) = 0 [pid 5160] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5160] setpgid(0, 0) = 0 [pid 5161] memfd_create("syzkaller", 0 [pid 5160] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5161] <... memfd_create resumed>) = 3 [pid 5160] <... openat resumed>) = 3 [pid 5160] write(3, "1000", 4 [pid 5161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5160] <... write resumed>) = 4 [pid 5070] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5161] <... mmap resumed>) = 0x7f39209ce000 [pid 5160] close(3 [pid 5070] <... openat resumed>) = 4 [pid 5069] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5160] <... close resumed>) = 0 [pid 5070] fstat(4, [pid 5161] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5160] symlink("/dev/binderfs", "./binderfs" [pid 5069] <... openat resumed>) = 3 [pid 5160] <... symlink resumed>) = 0 [pid 5160] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3928dce000 [pid 5160] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5160] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5164], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5164 [pid 5160] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5070] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5069] fstat(3, [pid 5160] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5070] getdents64(4, [pid 5069] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(3, [pid 5070] getdents64(4, [pid 5161] <... write resumed>) = 262144 [pid 5152] <... mount resumed>) = 0 [pid 5070] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5069] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5161] munmap(0x7f39209ce000, 262144 [pid 5152] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5070] close(4 [pid 5069] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5164 attached [pid 5161] <... munmap resumed>) = 0 [pid 5164] set_robust_list(0x7f3928dee9e0, 24 [pid 5161] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5152] <... openat resumed>) = 3 [pid 5070] <... close resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5164] <... set_robust_list resumed>) = 0 [pid 5161] <... openat resumed>) = 4 [pid 5152] chdir("./file0" [pid 5070] rmdir("./1/file0" [pid 5069] lstat("./1/binderfs", [pid 5164] memfd_create("syzkaller", 0 [ 53.917108][ T5152] ext4 filesystem being mounted at /root/syzkaller.OeA2WI/2/file0 supports timestamps until 2038 (0x7fffffff) [ 53.937693][ T5156] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [pid 5161] ioctl(4, LOOP_SET_FD, 3 [pid 5152] <... chdir resumed>) = 0 [pid 5070] <... rmdir resumed>) = 0 [pid 5069] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5164] <... memfd_create resumed>) = 3 [pid 5070] getdents64(3, [pid 5069] unlink("./1/binderfs" [pid 5161] <... ioctl resumed>) = 0 [pid 5070] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5069] <... unlink resumed>) = 0 [pid 5161] close(3 [pid 5070] close(3 [pid 5069] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5161] <... close resumed>) = 0 [pid 5070] <... close resumed>) = 0 [pid 5161] mkdir("./file0", 0777 [pid 5070] rmdir("./1" [pid 5161] <... mkdir resumed>) = 0 [pid 5070] <... rmdir resumed>) = 0 [pid 5161] mount("/dev/loop3", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5070] mkdir("./2", 0777 [pid 5164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5152] ioctl(4, LOOP_CLR_FD [pid 5070] <... mkdir resumed>) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5070] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5070] close(3 [pid 5164] <... mmap resumed>) = 0x7f39209ce000 [pid 5152] <... ioctl resumed>) = 0 [pid 5070] <... close resumed>) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555612d5d0) = 5165 [ 53.962846][ T5161] loop3: detected capacity change from 0 to 512 [ 53.963606][ T5156] EXT4-fs (loop0): 1 truncate cleaned up [ 53.978055][ T5069] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 53.989069][ T5156] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5164] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5152] close(4./strace-static-x86_64: Process 5165 attached [pid 5165] set_robust_list(0x55555612d5e0, 24) = 0 [pid 5165] chdir("./2") = 0 [pid 5165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5165] setpgid(0, 0) = 0 [pid 5165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5165] write(3, "1000", 4) = 4 [pid 5165] close(3) = 0 [pid 5165] symlink("/dev/binderfs", "./binderfs" [pid 5152] <... close resumed>) = 0 [pid 5152] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5151] <... futex resumed>) = 0 [pid 5152] fspick(AT_FDCWD, ".", 0 [pid 5151] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... fspick resumed>) = 4 [pid 5151] <... futex resumed>) = 0 [pid 5165] <... symlink resumed>) = 0 [pid 5165] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3928dce000 [pid 5152] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... futex resumed>) = 0 [pid 5151] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5151] <... futex resumed>) = 0 [pid 5152] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5151] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5152] <... fsconfig resumed>) = 0 [pid 5165] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5152] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... mprotect resumed>) = 0 [pid 5152] <... futex resumed>) = 1 [pid 5151] <... futex resumed>) = 0 [pid 5152] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5151] <... futex resumed>) = 0 [pid 5165] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5152] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5151] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... clone resumed>, parent_tid=[5166], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5166 [pid 5165] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5164] <... write resumed>) = 262144 [pid 5069] <... umount2 resumed>) = 0 [pid 5164] munmap(0x7f39209ce000, 262144 [pid 5069] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5164] <... munmap resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] lstat("./1/file0", [pid 5164] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5156] <... mount resumed>) = 0 [pid 5156] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5069] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5164] <... openat resumed>) = 4 [pid 5069] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5164] ioctl(4, LOOP_SET_FD, 3 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5156] <... openat resumed>) = 3 [pid 5156] chdir("./file0") = 0 [pid 5156] ioctl(4, LOOP_CLR_FD) = 0 [pid 5156] close(4) = 0 [pid 5156] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... futex resumed>) = 1 [pid 5156] fspick(AT_FDCWD, ".", 0) = 4 [pid 5156] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... futex resumed>) = 1 [pid 5156] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5156] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... futex resumed>) = 1 [pid 5156] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0./strace-static-x86_64: Process 5166 attached [pid 5166] set_robust_list(0x7f3928dee9e0, 24) = 0 [pid 5166] memfd_create("syzkaller", 0) = 3 [pid 5166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f39209ce000 [pid 5069] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5166] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5166] munmap(0x7f39209ce000, 262144) = 0 [pid 5166] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5166] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5166] close(3) = 0 [pid 5166] mkdir("./file0", 0777 [pid 5151] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5151] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] <... openat resumed>) = 4 [pid 5151] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f39209ed000 [pid 5151] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5151] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5168], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5168 [pid 5151] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 54.020548][ T5152] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 54.022082][ T5156] ext4 filesystem being mounted at /root/syzkaller.13SvPn/2/file0 supports timestamps until 2038 (0x7fffffff) [ 54.050023][ T5164] loop5: detected capacity change from 0 to 512 [ 54.061630][ T5166] loop2: detected capacity change from 0 to 512 [pid 5166] <... mkdir resumed>) = 0 [pid 5151] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5168 attached [pid 5164] <... ioctl resumed>) = 0 [pid 5152] <... fsconfig resumed>) = 0 [pid 5069] fstat(4, [pid 5168] set_robust_list(0x7f3920a0d9e0, 24 [pid 5166] mount("/dev/loop2", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5168] <... set_robust_list resumed>) = 0 [pid 5168] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5164] close(3 [pid 5156] <... fsconfig resumed>) = 0 [pid 5155] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5152] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5155] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5164] <... close resumed>) = 0 [pid 5156] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... mmap resumed>) = 0x7f39209ed000 [pid 5152] <... futex resumed>) = 0 [pid 5069] getdents64(4, [pid 5164] mkdir("./file0", 0777 [pid 5156] <... futex resumed>) = 0 [pid 5152] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5164] <... mkdir resumed>) = 0 [pid 5156] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5069] getdents64(4, [pid 5164] mount("/dev/loop5", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5155] <... mprotect resumed>) = 0 [pid 5069] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5155] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5069] close(4) = 0 [pid 5155] <... clone resumed>, parent_tid=[5171], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5171 [pid 5069] rmdir("./1/file0" [pid 5155] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... rmdir resumed>) = 0 [pid 5155] <... futex resumed>) = 0 [pid 5069] getdents64(3, [pid 5155] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 5171 attached [pid 5069] close(3) = 0 [pid 5171] set_robust_list(0x7f3920a0d9e0, 24 [pid 5069] rmdir("./1" [pid 5151] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5069] <... rmdir resumed>) = 0 [ 54.081781][ T5156] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 54.086113][ T5168] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 54.106381][ T5161] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [pid 5151] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] mkdir("./2", 0777 [pid 5152] <... futex resumed>) = 0 [pid 5151] <... futex resumed>) = 1 [pid 5069] <... mkdir resumed>) = 0 [pid 5152] openat(AT_FDCWD, ".", O_RDONLY [pid 5151] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5152] <... openat resumed>) = 5 [pid 5069] <... openat resumed>) = 3 [pid 5152] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5152] <... futex resumed>) = 1 [pid 5151] <... futex resumed>) = 0 [pid 5069] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5152] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] close(3 [pid 5152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5151] <... futex resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5152] mkdirat(5, "./bus", 000 [pid 5151] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555612d5d0) = 5175 [pid 5171] <... set_robust_list resumed>) = 0 [pid 5171] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5152] <... mkdirat resumed>) = 0 [pid 5155] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5155] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = 1 [pid 5152] <... futex resumed>) = 1 [pid 5155] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 54.144065][ T5166] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 54.167871][ T5171] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 54.170731][ T5168] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5152] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5156] <... futex resumed>) = 0 [pid 5151] <... futex resumed>) = 0 [pid 5156] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5156] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5156] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5155] <... futex resumed>) = 0 [pid 5156] mkdirat(5, "./bus", 000 [pid 5155] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... mkdirat resumed>) = 0 [pid 5156] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5156] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5175 attached [pid 5175] set_robust_list(0x55555612d5e0, 24) = 0 [pid 5175] chdir("./2") = 0 [pid 5175] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5175] setpgid(0, 0) = 0 [pid 5175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5175] write(3, "1000", 4) = 4 [pid 5175] close(3) = 0 [pid 5175] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5175] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3928dce000 [pid 5175] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5175] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5178], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5178 [pid 5175] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5168] <... fsconfig resumed>) = 0 [pid 5168] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5168] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5151] exit_group(0) = ? [pid 5168] <... futex resumed>) = ? [pid 5168] +++ exited with 0 +++ [ 54.199606][ T5166] EXT4-fs (loop2): 1 truncate cleaned up [ 54.209296][ T5161] EXT4-fs (loop3): 1 truncate cleaned up [ 54.220302][ T5164] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 54.232693][ T5166] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. ./strace-static-x86_64: Process 5178 attached [pid 5152] <... futex resumed>) = ? [pid 5178] set_robust_list(0x7f3928dee9e0, 24 [pid 5161] <... mount resumed>) = 0 [pid 5152] +++ exited with 0 +++ [pid 5151] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5151, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5072] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5072] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./2/binderfs") = 0 [pid 5072] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5178] <... set_robust_list resumed>) = 0 [pid 5171] <... fsconfig resumed>) = 0 [pid 5166] <... mount resumed>) = 0 [ 54.236537][ T5161] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 54.247631][ T5171] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 54.259713][ T5161] ext4 filesystem being mounted at /root/syzkaller.m4jObD/2/file0 supports timestamps until 2038 (0x7fffffff) [ 54.271060][ T5164] EXT4-fs (loop5): 1 truncate cleaned up [ 54.282868][ T5166] ext4 filesystem being mounted at /root/syzkaller.Lw0I6A/2/file0 supports timestamps until 2038 (0x7fffffff) [pid 5161] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5178] memfd_create("syzkaller", 0 [pid 5161] <... openat resumed>) = 3 [pid 5178] <... memfd_create resumed>) = 3 [pid 5166] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5161] chdir("./file0" [pid 5178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5166] <... openat resumed>) = 3 [pid 5161] <... chdir resumed>) = 0 [pid 5178] <... mmap resumed>) = 0x7f39209ce000 [pid 5166] chdir("./file0" [pid 5161] ioctl(4, LOOP_CLR_FD [pid 5178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5166] <... chdir resumed>) = 0 [pid 5161] <... ioctl resumed>) = 0 [pid 5166] ioctl(4, LOOP_CLR_FD [pid 5161] close(4 [pid 5178] <... write resumed>) = 262144 [pid 5166] <... ioctl resumed>) = 0 [pid 5161] <... close resumed>) = 0 [pid 5166] close(4 [pid 5161] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... close resumed>) = 0 [pid 5161] <... futex resumed>) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5164] <... mount resumed>) = 0 [pid 5158] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] munmap(0x7f39209ce000, 262144 [pid 5166] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] fspick(AT_FDCWD, ".", 0 [pid 5158] <... futex resumed>) = 0 [pid 5178] <... munmap resumed>) = 0 [pid 5166] <... futex resumed>) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5164] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5161] <... fspick resumed>) = 4 [pid 5158] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5171] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... openat resumed>) = 3 [pid 5161] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... openat resumed>) = 4 [pid 5171] <... futex resumed>) = 0 [pid 5166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5165] <... futex resumed>) = 0 [pid 5164] chdir("./file0" [pid 5161] <... futex resumed>) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5155] exit_group(0 [ 54.293894][ T5164] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 54.313019][ T5072] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.322328][ T5164] ext4 filesystem being mounted at /root/syzkaller.336SfN/2/file0 supports timestamps until 2038 (0x7fffffff) [pid 5178] ioctl(4, LOOP_SET_FD, 3 [pid 5171] ???( [pid 5166] fspick(AT_FDCWD, ".", 0 [pid 5165] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... chdir resumed>) = 0 [pid 5161] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5158] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... ioctl resumed>) = 0 [pid 5171] <... ??? resumed>) = ? [pid 5166] <... fspick resumed>) = 4 [pid 5164] ioctl(4, LOOP_CLR_FD [pid 5161] <... fsconfig resumed>) = 0 [pid 5158] <... futex resumed>) = 0 [pid 5156] <... futex resumed>) = ? [pid 5155] <... exit_group resumed>) = ? [pid 5072] <... umount2 resumed>) = 0 [pid 5178] close(3 [pid 5171] +++ exited with 0 +++ [pid 5166] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... ioctl resumed>) = 0 [pid 5161] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] +++ exited with 0 +++ [pid 5155] +++ exited with 0 +++ [pid 5072] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5178] <... close resumed>) = 0 [pid 5166] <... futex resumed>) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5164] close(4 [pid 5161] <... futex resumed>) = 0 [pid 5158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5155, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5178] mkdir("./file0", 0777 [pid 5166] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... close resumed>) = 0 [pid 5161] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5165] <... futex resumed>) = 0 [pid 5164] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5165] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... futex resumed>) = 1 [pid 5160] <... futex resumed>) = 0 [pid 5158] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] lstat("./2/file0", [pid 5178] <... mkdir resumed>) = 0 [pid 5166] <... fsconfig resumed>) = 0 [pid 5164] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] <... futex resumed>) = 0 [pid 5160] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] <... futex resumed>) = 1 [pid 5072] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5178] mount("/dev/loop1", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5166] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5161] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5160] <... futex resumed>) = 0 [pid 5158] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5166] <... futex resumed>) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5164] fspick(AT_FDCWD, ".", 0 [pid 5160] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5166] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... fspick resumed>) = 4 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 54.356024][ T5178] loop1: detected capacity change from 0 to 512 [pid 5166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5165] <... futex resumed>) = 0 [pid 5164] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5166] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5165] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... futex resumed>) = 1 [pid 5068] <... openat resumed>) = 3 [pid 5164] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5068] getdents64(3, 0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5068] unlink("./2/binderfs" [pid 5160] <... futex resumed>) = 0 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... unlink resumed>) = 0 [pid 5160] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5164] <... futex resumed>) = 0 [pid 5160] <... futex resumed>) = 1 [pid 5072] <... openat resumed>) = 4 [pid 5164] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5160] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] fstat(4, [pid 5164] <... fsconfig resumed>) = 0 [pid 5164] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5160] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5072] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5160] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] getdents64(4, [pid 5164] <... futex resumed>) = 0 [pid 5160] <... futex resumed>) = 1 [pid 5072] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5164] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5160] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] getdents64(4, 0x555556136660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [ 54.404281][ T5161] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 54.417398][ T5166] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 54.433708][ T5068] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5072] rmdir("./2/file0" [pid 5165] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5158] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5165] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... rmdir resumed>) = 0 [pid 5165] <... futex resumed>) = 0 [pid 5165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f39209ed000 [pid 5158] <... futex resumed>) = 0 [pid 5072] getdents64(3, [pid 5165] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5072] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5166] <... fsconfig resumed>) = 0 [pid 5165] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5158] <... mmap resumed>) = 0x7f39209ed000 [pid 5072] close(3 [pid 5166] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] <... clone resumed>, parent_tid=[5181], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5181 [pid 5166] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5158] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5161] <... fsconfig resumed>) = 0 [pid 5158] <... mprotect resumed>) = 0 [pid 5161] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5072] <... close resumed>) = 0 [pid 5161] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] rmdir("./2" [pid 5158] <... clone resumed>, parent_tid=[5182], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5182 [pid 5072] <... rmdir resumed>) = 0 [pid 5158] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] mkdir("./3", 0777 [pid 5158] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... mkdir resumed>) = 0 [pid 5072] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 5182 attached ./strace-static-x86_64: Process 5181 attached [ 54.450404][ T5164] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 54.467715][ T5178] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata ) = 3 [pid 5182] set_robust_list(0x7f3920a0d9e0, 24 [pid 5181] set_robust_list(0x7f3920a0d9e0, 24 [pid 5164] <... fsconfig resumed>) = 0 [pid 5160] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5072] ioctl(3, LOOP_CLR_FD [pid 5068] <... umount2 resumed>) = 0 [pid 5182] <... set_robust_list resumed>) = 0 [pid 5181] <... set_robust_list resumed>) = 0 [pid 5164] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5182] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5181] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5164] <... futex resumed>) = 0 [pid 5160] <... futex resumed>) = 0 [pid 5072] close(3 [pid 5068] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5068] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5068] getdents64(4, 0x555556136660 /* 2 entries */, 32768) = 48 [pid 5068] getdents64(4, 0x555556136660 /* 0 entries */, 32768) = 0 [pid 5068] close(4 [pid 5165] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5068] <... close resumed>) = 0 [pid 5165] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] rmdir("./2/file0" [pid 5166] <... futex resumed>) = 0 [pid 5165] <... futex resumed>) = 1 [pid 5160] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... close resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5166] openat(AT_FDCWD, ".", O_RDONLY [pid 5165] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5068] getdents64(3, [pid 5166] <... openat resumed>) = 5 [pid 5068] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5166] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] close(3 [pid 5166] <... futex resumed>) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5166] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5165] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] rmdir("./2" [pid 5166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5165] <... futex resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5166] mkdirat(5, "./bus", 000 [pid 5165] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] mkdir("./3", 0777./strace-static-x86_64: Process 5183 attached [pid 5166] <... mkdirat resumed>) = -1 EROFS (Read-only file system) [pid 5158] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5068] <... mkdir resumed>) = 0 [pid 5183] set_robust_list(0x55555612d5e0, 24 [pid 5166] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5183 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5183] <... set_robust_list resumed>) = 0 [pid 5166] <... futex resumed>) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5161] <... futex resumed>) = 0 [pid 5158] <... futex resumed>) = 1 [pid 5068] <... openat resumed>) = 3 [pid 5183] chdir("./3" [pid 5166] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] openat(AT_FDCWD, ".", O_RDONLY [pid 5158] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5183] <... chdir resumed>) = 0 [pid 5161] <... openat resumed>) = 5 [pid 5161] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5161] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5158] <... futex resumed>) = 0 [ 54.503250][ T5182] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 54.512875][ T5181] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 54.530267][ T5164] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 54.543669][ T5178] EXT4-fs (loop1): 1 truncate cleaned up [pid 5161] mkdirat(5, "./bus", 000 [pid 5158] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5161] <... mkdirat resumed>) = 0 [pid 5068] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5161] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... prctl resumed>) = 0 [pid 5068] close(3 [pid 5183] setpgid(0, 0 [pid 5161] <... futex resumed>) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5183] <... setpgid resumed>) = 0 [pid 5161] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5160] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5068] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5186 [pid 5183] write(3, "1000", 4 [pid 5160] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5186 attached [pid 5183] <... write resumed>) = 4 [pid 5160] <... futex resumed>) = 0 [pid 5186] set_robust_list(0x55555612d5e0, 24 [pid 5183] close(3 [pid 5160] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5186] <... set_robust_list resumed>) = 0 [pid 5183] <... close resumed>) = 0 [pid 5160] <... mmap resumed>) = 0x7f39209ed000 [pid 5186] chdir("./3" [pid 5183] symlink("/dev/binderfs", "./binderfs" [pid 5160] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5186] <... chdir resumed>) = 0 [pid 5183] <... symlink resumed>) = 0 [pid 5160] <... mprotect resumed>) = 0 [pid 5186] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5183] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5186] <... prctl resumed>) = 0 [pid 5183] <... futex resumed>) = 0 [pid 5186] setpgid(0, 0 [pid 5183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5160] <... clone resumed>, parent_tid=[5188], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5188 [pid 5186] <... setpgid resumed>) = 0 [pid 5183] <... mmap resumed>) = 0x7f3928dce000 [pid 5160] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [ 54.566820][ T5178] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 54.580849][ T5181] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 54.586948][ T5164] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 54.591007][ T5182] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5183] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5181] <... fsconfig resumed>) = 0 [pid 5160] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5188 attached [pid 5186] <... openat resumed>) = 3 [pid 5183] <... mprotect resumed>) = 0 [pid 5160] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] set_robust_list(0x7f3920a0d9e0, 24 [pid 5186] write(3, "1000", 4 [pid 5183] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5188] <... set_robust_list resumed>) = 0 [pid 5186] <... write resumed>) = 4 [pid 5188] openat(AT_FDCWD, ".", O_RDONLY [pid 5186] close(3 [pid 5183] <... clone resumed>, parent_tid=[5189], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5189 [pid 5188] <... openat resumed>) = 5 [pid 5186] <... close resumed>) = 0 [pid 5183] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5189 attached [pid 5188] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] symlink("/dev/binderfs", "./binderfs" [pid 5183] <... futex resumed>) = 0 [pid 5182] <... fsconfig resumed>) = 0 [pid 5181] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... mount resumed>) = 0 [pid 5164] <... fsconfig resumed>) = 0 [pid 5189] set_robust_list(0x7f3928dee9e0, 24 [pid 5182] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = 0 [pid 5178] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5164] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... set_robust_list resumed>) = 0 [pid 5188] <... futex resumed>) = 1 [pid 5186] <... symlink resumed>) = 0 [pid 5183] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5182] <... futex resumed>) = 0 [pid 5181] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5178] <... openat resumed>) = 3 [pid 5164] <... futex resumed>) = 0 [pid 5160] <... futex resumed>) = 0 [pid 5189] memfd_create("syzkaller", 0 [pid 5188] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5178] chdir("./file0" [pid 5165] exit_group(0 [pid 5164] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5160] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... memfd_create resumed>) = 3 [pid 5186] <... futex resumed>) = 0 [pid 5181] <... futex resumed>) = ? [pid 5178] <... chdir resumed>) = 0 [pid 5166] <... futex resumed>) = ? [pid 5165] <... exit_group resumed>) = ? [pid 5164] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5160] <... futex resumed>) = 0 [pid 5158] exit_group(0 [pid 5189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5181] +++ exited with 0 +++ [pid 5178] ioctl(4, LOOP_CLR_FD [pid 5166] +++ exited with 0 +++ [pid 5164] mkdirat(5, "./bus", 000 [pid 5189] <... mmap resumed>) = 0x7f39209ce000 [pid 5178] <... ioctl resumed>) = 0 [pid 5165] +++ exited with 0 +++ [pid 5160] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... mmap resumed>) = 0x7f3928dce000 [pid 5182] <... futex resumed>) = ? [pid 5161] <... futex resumed>) = ? [pid 5158] <... exit_group resumed>) = ? [pid 5186] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5182] +++ exited with 0 +++ [pid 5161] +++ exited with 0 +++ [pid 5158] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5165, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5189] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5186] <... mprotect resumed>) = 0 [pid 5178] close(4 [pid 5070] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5186] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5164] <... mkdirat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5071] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5158, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5164] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] restart_syscall(<... resuming interrupted clone ...> [pid 5070] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5189] <... write resumed>) = 262144 [pid 5186] <... clone resumed>, parent_tid=[5190], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5190 [pid 5178] <... close resumed>) = 0 [pid 5164] <... futex resumed>) = 1 [pid 5160] <... futex resumed>) = 0 [pid 5071] <... restart_syscall resumed>) = 0 [pid 5070] <... openat resumed>) = 3 [pid 5186] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5160] exit_group(0 [pid 5070] fstat(3, [pid 5188] <... futex resumed>) = ? [pid 5186] <... futex resumed>) = 0 [pid 5164] <... futex resumed>) = ? [pid 5160] <... exit_group resumed>) = ? [pid 5070] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5188] +++ exited with 0 +++ [pid 5186] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5164] +++ exited with 0 +++ [pid 5160] +++ exited with 0 +++ [pid 5071] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] getdents64(3, [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5160, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5071] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5070] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5071] <... openat resumed>) = 3 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5071] fstat(3, [pid 5070] lstat("./2/binderfs", [pid 5073] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5071] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] <... openat resumed>) = 3 [pid 5071] getdents64(3, [pid 5070] unlink("./2/binderfs" [pid 5178] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] munmap(0x7f39209ce000, 262144 [pid 5073] fstat(3, [pid 5071] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5070] <... unlink resumed>) = 0 [pid 5178] <... futex resumed>) = 1 [pid 5175] <... futex resumed>) = 0 [pid 5073] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5071] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [ 54.628065][ T5178] ext4 filesystem being mounted at /root/syzkaller.Umn7fv/2/file0 supports timestamps until 2038 (0x7fffffff) [ 54.649768][ T5164] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [pid 5070] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5190 attached [pid 5189] <... munmap resumed>) = 0 [pid 5178] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] getdents64(3, [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5190] set_robust_list(0x7f3928dee9e0, 24 [pid 5189] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5178] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5190] <... set_robust_list resumed>) = 0 [pid 5189] <... openat resumed>) = 4 [pid 5178] fspick(AT_FDCWD, ".", 0 [pid 5175] <... futex resumed>) = 0 [pid 5073] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5071] lstat("./2/binderfs", [pid 5190] memfd_create("syzkaller", 0 [pid 5189] ioctl(4, LOOP_SET_FD, 3 [pid 5178] <... fspick resumed>) = 4 [pid 5175] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5071] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5190] <... memfd_create resumed>) = 3 [pid 5178] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5189] <... ioctl resumed>) = 0 [pid 5178] <... futex resumed>) = 0 [pid 5175] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] lstat("./2/binderfs", [pid 5071] unlink("./2/binderfs" [pid 5190] <... mmap resumed>) = 0x7f39209ce000 [pid 5189] close(3 [pid 5178] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5175] <... futex resumed>) = 0 [pid 5073] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5189] <... close resumed>) = 0 [pid 5178] <... fsconfig resumed>) = 0 [pid 5175] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] unlink("./2/binderfs" [pid 5071] <... unlink resumed>) = 0 [pid 5070] <... umount2 resumed>) = 0 [pid 5190] <... write resumed>) = 262144 [pid 5189] mkdir("./file0", 0777 [pid 5178] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5190] munmap(0x7f39209ce000, 262144 [pid 5189] <... mkdir resumed>) = 0 [pid 5178] <... futex resumed>) = 0 [pid 5073] <... unlink resumed>) = 0 [pid 5071] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5175] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... munmap resumed>) = 0 [pid 5189] mount("/dev/loop4", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5178] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5073] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 54.683013][ T5070] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.707503][ T5189] loop4: detected capacity change from 0 to 512 [pid 5190] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5175] <... futex resumed>) = 0 [pid 5190] <... openat resumed>) = 4 [pid 5190] ioctl(4, LOOP_SET_FD, 3 [pid 5175] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] lstat("./2/file0", [pid 5190] <... ioctl resumed>) = 0 [pid 5190] close(3) = 0 [pid 5190] mkdir("./file0", 0777) = 0 [pid 5190] mount("/dev/loop0", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5070] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5070] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x555556136660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x555556136660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./2/file0") = 0 [pid 5070] getdents64(3, 0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./2") = 0 [pid 5070] mkdir("./3", 0777) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5070] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5070] close(3) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5071] <... umount2 resumed>) = 0 [pid 5070] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5192 [pid 5073] <... umount2 resumed>) = 0 [pid 5071] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./2/file0", [pid 5071] lstat("./2/file0", ./strace-static-x86_64: Process 5192 attached [ 54.737268][ T5071] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.738317][ T5190] loop0: detected capacity change from 0 to 512 [ 54.754345][ T5073] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.765177][ T5178] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5178] <... fsconfig resumed>) = 0 [pid 5175] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5073] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5071] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5175] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5175] <... futex resumed>) = 0 [pid 5175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5175] <... mmap resumed>) = 0x7f39209ed000 [pid 5175] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5071] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5175] <... mprotect resumed>) = 0 [pid 5071] <... openat resumed>) = 4 [pid 5073] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5175] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5071] fstat(4, [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5071] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5175] <... clone resumed>, parent_tid=[5196], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5196 [pid 5073] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5071] getdents64(4, [pid 5175] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... openat resumed>) = 4 [pid 5175] <... futex resumed>) = 0 [pid 5071] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5175] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] fstat(4, [pid 5071] getdents64(4, 0x555556136660 /* 0 entries */, 32768) = 0 [pid 5073] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5071] close(4 [pid 5073] getdents64(4, [pid 5071] <... close resumed>) = 0 [pid 5073] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5071] rmdir("./2/file0" [pid 5073] getdents64(4, ./strace-static-x86_64: Process 5196 attached [pid 5196] set_robust_list(0x7f3920a0d9e0, 24) = 0 [pid 5196] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5073] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5071] <... rmdir resumed>) = 0 [pid 5073] close(4 [pid 5071] getdents64(3, [pid 5073] <... close resumed>) = 0 [pid 5071] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5192] set_robust_list(0x55555612d5e0, 24 [pid 5178] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [ 54.801135][ T5189] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 54.834278][ T5196] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 54.841732][ T5189] EXT4-fs (loop4): 1 truncate cleaned up [pid 5073] rmdir("./2/file0" [pid 5192] <... set_robust_list resumed>) = 0 [pid 5178] <... futex resumed>) = 0 [pid 5071] close(3 [pid 5192] chdir("./3" [pid 5178] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] <... rmdir resumed>) = 0 [pid 5071] <... close resumed>) = 0 [pid 5192] <... chdir resumed>) = 0 [pid 5175] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5073] getdents64(3, [pid 5071] rmdir("./2" [pid 5192] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5175] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5071] <... rmdir resumed>) = 0 [pid 5192] <... prctl resumed>) = 0 [pid 5178] <... futex resumed>) = 0 [pid 5175] <... futex resumed>) = 1 [pid 5073] close(3 [pid 5071] mkdir("./3", 0777 [pid 5192] setpgid(0, 0 [pid 5178] openat(AT_FDCWD, ".", O_RDONLY [pid 5175] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... close resumed>) = 0 [pid 5071] <... mkdir resumed>) = 0 [pid 5192] <... setpgid resumed>) = 0 [pid 5189] <... mount resumed>) = 0 [pid 5178] <... openat resumed>) = 5 [pid 5073] rmdir("./2" [pid 5071] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5189] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5178] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... openat resumed>) = 3 [pid 5189] chdir("./file0") = 0 [pid 5189] ioctl(4, LOOP_CLR_FD) = 0 [pid 5178] <... futex resumed>) = 1 [pid 5175] <... futex resumed>) = 0 [pid 5073] <... rmdir resumed>) = 0 [pid 5192] write(3, "1000", 4 [ 54.851233][ T5189] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 54.855976][ T5190] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 54.863838][ T5189] ext4 filesystem being mounted at /root/syzkaller.OeA2WI/3/file0 supports timestamps until 2038 (0x7fffffff) [ 54.894984][ T5190] EXT4-fs (loop0): 1 truncate cleaned up [pid 5189] close(4 [pid 5178] mkdirat(5, "./bus", 000 [pid 5175] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... openat resumed>) = 3 [pid 5073] mkdir("./3", 0777 [pid 5192] <... write resumed>) = 4 [pid 5189] <... close resumed>) = 0 [pid 5189] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5189] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] <... futex resumed>) = 0 [pid 5175] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5071] close(3) = 0 [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555612d5d0) = 5197 [pid 5073] <... mkdir resumed>) = 0 [pid 5192] close(3 [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... close resumed>) = 0 [pid 5192] symlink("/dev/binderfs", "./binderfs" [pid 5189] <... futex resumed>) = 0 [pid 5183] <... futex resumed>) = 1 [pid 5192] <... symlink resumed>) = 0 [pid 5189] fspick(AT_FDCWD, ".", 0 [pid 5183] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... fspick resumed>) = 4 [pid 5073] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5192] <... futex resumed>) = 0 [pid 5189] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... mkdirat resumed>) = 0 [pid 5073] <... openat resumed>) = 3 [pid 5192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5189] <... futex resumed>) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5178] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 5197 attached [pid 5192] <... mmap resumed>) = 0x7f3928dce000 [pid 5189] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5178] <... futex resumed>) = 1 [pid 5175] <... futex resumed>) = 0 [pid 5073] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5190] <... mount resumed>) = 0 [pid 5192] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5189] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5183] <... futex resumed>) = 0 [pid 5178] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] close(3 [pid 5190] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5197] set_robust_list(0x55555612d5e0, 24 [pid 5192] <... mprotect resumed>) = 0 [pid 5189] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5183] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... close resumed>) = 0 [pid 5192] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5189] <... fsconfig resumed>) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5189] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... clone resumed>, parent_tid=[5199], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5199 [pid 5189] <... futex resumed>) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5073] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5200 [pid 5192] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... futex resumed>) = 0 [pid 5189] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5183] <... futex resumed>) = 0 [pid 5192] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 54.901220][ T5190] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 54.919613][ T5190] ext4 filesystem being mounted at /root/syzkaller.13SvPn/3/file0 supports timestamps until 2038 (0x7fffffff) [ 54.934949][ T5196] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5189] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5183] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5200 attached ./strace-static-x86_64: Process 5199 attached [pid 5197] <... set_robust_list resumed>) = 0 [pid 5196] <... fsconfig resumed>) = 0 [pid 5190] <... openat resumed>) = 3 [pid 5200] set_robust_list(0x55555612d5e0, 24 [pid 5199] set_robust_list(0x7f3928dee9e0, 24 [pid 5197] chdir("./3" [pid 5196] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] chdir("./file0" [pid 5200] <... set_robust_list resumed>) = 0 [pid 5199] <... set_robust_list resumed>) = 0 [pid 5197] <... chdir resumed>) = 0 [pid 5196] <... futex resumed>) = 0 [pid 5190] <... chdir resumed>) = 0 [pid 5189] <... fsconfig resumed>) = 0 [pid 5200] chdir("./3" [pid 5199] memfd_create("syzkaller", 0 [pid 5197] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5196] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5190] ioctl(4, LOOP_CLR_FD [pid 5200] <... chdir resumed>) = 0 [pid 5199] <... memfd_create resumed>) = 3 [pid 5197] <... prctl resumed>) = 0 [pid 5190] <... ioctl resumed>) = 0 [pid 5189] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5197] setpgid(0, 0 [pid 5190] close(4 [pid 5175] exit_group(0 [pid 5200] <... prctl resumed>) = 0 [pid 5199] <... mmap resumed>) = 0x7f39209ce000 [pid 5197] <... setpgid resumed>) = 0 [pid 5190] <... close resumed>) = 0 [pid 5183] <... futex resumed>) = 0 [pid 5199] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5197] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5190] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] setpgid(0, 0 [pid 5199] <... write resumed>) = 262144 [pid 5197] <... openat resumed>) = 3 [pid 5196] <... futex resumed>) = ? [pid 5190] <... futex resumed>) = 1 [pid 5189] <... futex resumed>) = 1 [pid 5186] <... futex resumed>) = 0 [pid 5183] <... futex resumed>) = 0 [pid 5178] <... futex resumed>) = ? [pid 5175] <... exit_group resumed>) = ? [pid 5200] <... setpgid resumed>) = 0 [pid 5199] munmap(0x7f39209ce000, 262144 [pid 5197] write(3, "1000", 4 [pid 5196] +++ exited with 0 +++ [pid 5190] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5189] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5186] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] +++ exited with 0 +++ [pid 5200] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5199] <... munmap resumed>) = 0 [pid 5197] <... write resumed>) = 4 [pid 5190] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5186] <... futex resumed>) = 0 [pid 5175] +++ exited with 0 +++ [pid 5200] <... openat resumed>) = 3 [pid 5199] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5197] close(3 [pid 5190] fspick(AT_FDCWD, ".", 0 [pid 5186] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5175, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5200] write(3, "1000", 4 [pid 5199] <... openat resumed>) = 4 [pid 5197] <... close resumed>) = 0 [ 54.950714][ T5189] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 54.985676][ T5189] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [pid 5190] <... fspick resumed>) = 4 [pid 5200] <... write resumed>) = 4 [pid 5199] ioctl(4, LOOP_SET_FD, 3 [pid 5197] symlink("/dev/binderfs", "./binderfs" [pid 5190] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] close(3 [pid 5199] <... ioctl resumed>) = 0 [pid 5197] <... symlink resumed>) = 0 [pid 5190] <... futex resumed>) = 1 [pid 5186] <... futex resumed>) = 0 [pid 5200] <... close resumed>) = 0 [pid 5197] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5200] symlink("/dev/binderfs", "./binderfs" [pid 5197] <... futex resumed>) = 0 [pid 5190] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5186] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5190] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5200] <... symlink resumed>) = 0 [pid 5197] <... mmap resumed>) = 0x7f3928dce000 [pid 5190] <... fsconfig resumed>) = 0 [pid 5186] <... futex resumed>) = 0 [pid 5069] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5200] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5190] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5200] <... futex resumed>) = 0 [pid 5199] close(3 [pid 5197] <... mprotect resumed>) = 0 [pid 5190] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5069] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5200] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5199] <... close resumed>) = 0 [pid 5197] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5190] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... openat resumed>) = 3 [pid 5200] <... mmap resumed>) = 0x7f3928dce000 [pid 5199] mkdir("./file0", 0777 [pid 5190] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5186] <... futex resumed>) = 0 [pid 5069] fstat(3, ./strace-static-x86_64: Process 5201 attached [pid 5200] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5199] <... mkdir resumed>) = 0 [pid 5197] <... clone resumed>, parent_tid=[5201], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5201 [pid 5190] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5186] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5200] <... mprotect resumed>) = 0 [pid 5199] mount("/dev/loop2", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5197] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5197] <... futex resumed>) = 0 [pid 5069] getdents64(3, [pid 5197] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5201] set_robust_list(0x7f3928dee9e0, 24) = 0 [pid 5201] memfd_create("syzkaller", 0) = 3 [pid 5201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f39209ce000 [pid 5201] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5201] munmap(0x7f39209ce000, 262144) = 0 [pid 5201] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5069] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5200] <... clone resumed>, parent_tid=[5203], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5203 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5200] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] lstat("./2/binderfs", [pid 5200] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5069] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5069] unlink("./2/binderfs") = 0 [pid 5069] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5201] <... openat resumed>) = 4 ./strace-static-x86_64: Process 5203 attached [pid 5190] <... fsconfig resumed>) = 0 [ 55.002503][ T5199] loop2: detected capacity change from 0 to 512 [ 55.022921][ T5190] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 55.039053][ T5189] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5201] ioctl(4, LOOP_SET_FD, 3 [pid 5203] set_robust_list(0x7f3928dee9e0, 24 [pid 5183] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5183] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5203] <... set_robust_list resumed>) = 0 [pid 5183] <... mmap resumed>) = 0x7f39209ed000 [pid 5183] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5203] memfd_create("syzkaller", 0 [pid 5183] <... mprotect resumed>) = 0 [pid 5203] <... memfd_create resumed>) = 3 [pid 5183] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f39209ce000 [pid 5183] <... clone resumed>, parent_tid=[5206], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5206 [pid 5203] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5186] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5183] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... write resumed>) = 262144 [pid 5190] <... futex resumed>) = 0 [pid 5203] munmap(0x7f39209ce000, 262144 [pid 5190] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5203] <... munmap resumed>) = 0 [pid 5203] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5203] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5206 attached [pid 5186] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5206] set_robust_list(0x7f3920a0d9e0, 24 [pid 5203] <... ioctl resumed>) = 0 [pid 5190] <... futex resumed>) = 0 [pid 5186] <... futex resumed>) = 1 [ 55.040488][ T5069] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.051077][ T5201] loop3: detected capacity change from 0 to 512 [ 55.073138][ T5199] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 55.087749][ T5203] loop5: detected capacity change from 0 to 512 [pid 5183] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] <... set_robust_list resumed>) = 0 [pid 5190] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5186] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5206] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5206] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5183] <... futex resumed>) = 0 [pid 5206] mkdirat(5, "./bus", 000 [pid 5183] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] close(3 [pid 5201] <... ioctl resumed>) = 0 [pid 5189] <... fsconfig resumed>) = 0 [pid 5069] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5069] umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5203] <... close resumed>) = 0 [pid 5201] close(3 [pid 5189] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... openat resumed>) = 4 [pid 5069] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5069] getdents64(4, 0x555556136660 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(4, 0x555556136660 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./2/file0") = 0 [pid 5069] getdents64(3, 0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5069] close(3 [pid 5203] mkdir("./file0", 0777 [pid 5201] <... close resumed>) = 0 [pid 5189] <... futex resumed>) = 0 [pid 5069] <... close resumed>) = 0 [ 55.100372][ T5190] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 55.116661][ T5206] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 55.130479][ T5199] EXT4-fs (loop2): 1 truncate cleaned up [ 55.137184][ T5199] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5069] rmdir("./2") = 0 [pid 5069] mkdir("./3", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5186] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5069] close(3 [pid 5203] <... mkdir resumed>) = 0 [pid 5201] mkdir("./file0", 0777 [pid 5199] <... mount resumed>) = 0 [pid 5189] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... close resumed>) = 0 [pid 5203] mount("/dev/loop5", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5201] <... mkdir resumed>) = 0 [pid 5199] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5186] <... futex resumed>) = 0 [pid 5201] mount("/dev/loop3", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5199] <... openat resumed>) = 3 [pid 5186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5199] chdir("./file0") = 0 [pid 5186] <... mmap resumed>) = 0x7f39209ed000 [pid 5199] ioctl(4, LOOP_CLR_FD) = 0 [pid 5186] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5199] close(4) = 0 [pid 5199] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5186] <... mprotect resumed>) = 0 [pid 5199] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5192] <... futex resumed>) = 0 [pid 5199] fspick(AT_FDCWD, ".", 0 [pid 5192] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] <... fspick resumed>) = 4 [pid 5199] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5186] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5199] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5208 [pid 5199] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5192] <... futex resumed>) = 0 [pid 5199] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5192] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] <... fsconfig resumed>) = 0 [pid 5199] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5199] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5192] <... futex resumed>) = 0 [pid 5199] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5192] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5186] <... clone resumed>, parent_tid=[5209], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5209 [pid 5186] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5209 attached [pid 5209] set_robust_list(0x7f3920a0d9e0, 24) = 0 [pid 5209] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5209] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5206] <... mkdirat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5206] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5208 attached [pid 5208] set_robust_list(0x55555612d5e0, 24) = 0 [ 55.150178][ T5199] ext4 filesystem being mounted at /root/syzkaller.Lw0I6A/3/file0 supports timestamps until 2038 (0x7fffffff) [ 55.178921][ T5190] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5208] chdir("./3") = 0 [pid 5208] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5208] setpgid(0, 0) = 0 [pid 5208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5183] exit_group(0) = ? [pid 5189] <... futex resumed>) = ? [pid 5189] +++ exited with 0 +++ [pid 5206] <... futex resumed>) = ? [pid 5186] <... futex resumed>) = 1 [pid 5208] write(3, "1000", 4) = 4 [pid 5208] close(3 [pid 5206] +++ exited with 0 +++ [pid 5183] +++ exited with 0 +++ [pid 5186] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5183, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5186] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5209] <... futex resumed>) = 0 [pid 5186] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5209] mkdirat(5, "./bus", 000 [pid 5186] <... futex resumed>) = 0 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5208] <... close resumed>) = 0 [pid 5208] symlink("/dev/binderfs", "./binderfs" [pid 5072] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5186] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... openat resumed>) = 3 [pid 5208] <... symlink resumed>) = 0 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5072] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./3/binderfs" [pid 5208] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... unlink resumed>) = 0 [pid 5072] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5208] <... futex resumed>) = 0 [pid 5208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3928dce000 [pid 5208] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5208] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5212], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5212 [ 55.195181][ T5199] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5208] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5212 attached [pid 5212] set_robust_list(0x7f3928dee9e0, 24) = 0 [pid 5192] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5192] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f39209ed000 [pid 5192] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5192] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5213], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5213 [pid 5192] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] memfd_create("syzkaller", 0) = 3 [pid 5212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f39209ce000 [pid 5212] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5209] <... mkdirat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5209] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5186] <... futex resumed>) = 0 [pid 5212] <... write resumed>) = 262144 [pid 5212] munmap(0x7f39209ce000, 262144./strace-static-x86_64: Process 5213 attached ) = 0 [pid 5209] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5199] <... fsconfig resumed>) = 0 [pid 5190] <... fsconfig resumed>) = 0 [pid 5213] set_robust_list(0x7f3920a0d9e0, 24 [pid 5212] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5199] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... umount2 resumed>) = 0 [pid 5213] <... set_robust_list resumed>) = 0 [pid 5212] <... openat resumed>) = 4 [ 55.228266][ T5072] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.250941][ T5201] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [pid 5199] <... futex resumed>) = 0 [pid 5190] <... futex resumed>) = 0 [pid 5213] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5212] ioctl(4, LOOP_SET_FD, 3 [pid 5199] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5190] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] exit_group(0 [pid 5209] <... futex resumed>) = ? [pid 5192] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5186] <... exit_group resumed>) = ? [pid 5072] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5212] <... ioctl resumed>) = 0 [pid 5209] +++ exited with 0 +++ [pid 5199] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5192] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... futex resumed>) = ? [pid 5212] close(3 [pid 5199] openat(AT_FDCWD, ".", O_RDONLY [pid 5190] +++ exited with 0 +++ [pid 5186] +++ exited with 0 +++ [pid 5212] <... close resumed>) = 0 [pid 5199] <... openat resumed>) = 5 [pid 5212] mkdir("./file0", 0777 [pid 5199] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... mkdir resumed>) = 0 [pid 5199] <... futex resumed>) = 0 [pid 5212] mount("/dev/loop1", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5199] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] <... futex resumed>) = 1 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5186, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5199] <... futex resumed>) = 0 [pid 5192] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 55.277551][ T5203] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 55.278025][ T5213] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 55.301844][ T5201] EXT4-fs (loop3): 1 truncate cleaned up [ 55.301972][ T5212] loop1: detected capacity change from 0 to 512 [ 55.307501][ T5201] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5072] lstat("./3/file0", [pid 5192] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, 0x555556136660 /* 2 entries */, 32768) = 48 [pid 5072] getdents64(4, 0x555556136660 /* 0 entries */, 32768) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./3/file0" [pid 5199] <... futex resumed>) = 0 [pid 5192] <... futex resumed>) = 1 [pid 5072] <... rmdir resumed>) = 0 [pid 5199] mkdirat(5, "./bus", 000 [pid 5192] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] getdents64(3, 0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./3" [pid 5199] <... mkdirat resumed>) = 0 [pid 5072] <... rmdir resumed>) = 0 [pid 5068] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] mkdir("./4", 0777) = 0 [pid 5072] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5072] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5072] close(3 [pid 5199] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... close resumed>) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555612d5d0) = 5218 ./strace-static-x86_64: Process 5218 attached [pid 5199] <... futex resumed>) = 1 [pid 5192] <... futex resumed>) = 0 [pid 5068] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5201] <... mount resumed>) = 0 [ 55.328983][ T5203] EXT4-fs (loop5): 1 truncate cleaned up [ 55.340474][ T5203] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 55.354326][ T5213] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 55.364228][ T5201] ext4 filesystem being mounted at /root/syzkaller.m4jObD/3/file0 supports timestamps until 2038 (0x7fffffff) [pid 5201] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5201] chdir("./file0") = 0 [pid 5201] ioctl(4, LOOP_CLR_FD) = 0 [pid 5201] close(4 [pid 5199] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] <... openat resumed>) = 3 [pid 5068] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5068] getdents64(3, 0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5218] set_robust_list(0x55555612d5e0, 24 [pid 5201] <... close resumed>) = 0 [pid 5068] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5213] <... fsconfig resumed>) = 0 [pid 5218] <... set_robust_list resumed>) = 0 [pid 5201] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5218] chdir("./4" [pid 5213] <... futex resumed>) = 0 [pid 5201] <... futex resumed>) = 1 [pid 5197] <... futex resumed>) = 0 [pid 5068] lstat("./3/binderfs", [pid 5218] <... chdir resumed>) = 0 [pid 5213] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5197] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5218] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5201] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5197] <... futex resumed>) = 0 [pid 5068] unlink("./3/binderfs" [pid 5218] <... prctl resumed>) = 0 [pid 5201] fspick(AT_FDCWD, ".", 0 [pid 5197] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] exit_group(0 [pid 5218] setpgid(0, 0 [pid 5201] <... fspick resumed>) = 4 [pid 5192] <... exit_group resumed>) = ? [pid 5199] <... futex resumed>) = ? [pid 5068] <... unlink resumed>) = 0 [pid 5213] <... futex resumed>) = ? [pid 5218] <... setpgid resumed>) = 0 [pid 5201] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] +++ exited with 0 +++ [pid 5068] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5213] +++ exited with 0 +++ [pid 5192] +++ exited with 0 +++ [pid 5218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5192, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5201] <... futex resumed>) = 1 [pid 5218] <... openat resumed>) = 3 [pid 5203] <... mount resumed>) = 0 [pid 5197] <... futex resumed>) = 0 [pid 5070] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 55.370319][ T5212] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 55.401318][ T5203] ext4 filesystem being mounted at /root/syzkaller.336SfN/3/file0 supports timestamps until 2038 (0x7fffffff) [ 55.418010][ T5212] EXT4-fs (loop1): 1 truncate cleaned up [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5070] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./3/binderfs") = 0 [pid 5070] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5201] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] write(3, "1000", 4) = 4 [pid 5218] close(3) = 0 [pid 5197] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5201] <... futex resumed>) = 0 [pid 5197] <... futex resumed>) = 1 [pid 5218] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5218] <... futex resumed>) = 0 [pid 5201] <... fsconfig resumed>) = 0 [pid 5218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5201] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... mmap resumed>) = 0x7f3928dce000 [pid 5201] <... futex resumed>) = 0 [pid 5218] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5201] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] <... mprotect resumed>) = 0 [pid 5218] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5220], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5220 [pid 5218] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5218] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5203] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5197] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... openat resumed>) = 3 [pid 5203] chdir("./file0" [pid 5197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5203] <... chdir resumed>) = 0 [pid 5197] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] ioctl(4, LOOP_CLR_FD) = 0 [pid 5203] close(4./strace-static-x86_64: Process 5220 attached ) = 0 [pid 5201] <... futex resumed>) = 0 [pid 5197] <... futex resumed>) = 1 [pid 5203] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5203] <... futex resumed>) = 1 [pid 5200] <... futex resumed>) = 0 [pid 5203] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5200] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5200] <... futex resumed>) = 0 [pid 5203] fspick(AT_FDCWD, ".", 0 [pid 5200] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... fspick resumed>) = 4 [pid 5220] set_robust_list(0x7f3928dee9e0, 24 [pid 5203] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... futex resumed>) = 1 [pid 5200] <... futex resumed>) = 0 [pid 5203] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5200] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5200] <... futex resumed>) = 0 [pid 5203] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [ 55.427045][ T5212] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 55.442091][ T5068] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.453607][ T5070] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5200] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... fsconfig resumed>) = 0 [pid 5203] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5200] <... futex resumed>) = 0 [pid 5203] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5200] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5200] <... futex resumed>) = 0 [pid 5203] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5200] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... set_robust_list resumed>) = 0 [pid 5212] <... mount resumed>) = 0 [pid 5220] memfd_create("syzkaller", 0 [pid 5212] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5220] <... memfd_create resumed>) = 3 [pid 5212] <... openat resumed>) = 3 [pid 5220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5212] chdir("./file0" [pid 5220] <... mmap resumed>) = 0x7f39209ce000 [pid 5212] <... chdir resumed>) = 0 [pid 5220] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5212] ioctl(4, LOOP_CLR_FD [pid 5220] munmap(0x7f39209ce000, 262144 [pid 5212] <... ioctl resumed>) = 0 [pid 5220] <... munmap resumed>) = 0 [pid 5212] close(4 [pid 5220] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5212] <... close resumed>) = 0 [pid 5070] <... umount2 resumed>) = 0 [pid 5068] <... umount2 resumed>) = 0 [pid 5220] <... openat resumed>) = 4 [pid 5212] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [ 55.473182][ T5212] ext4 filesystem being mounted at /root/syzkaller.Umn7fv/3/file0 supports timestamps until 2038 (0x7fffffff) [ 55.489537][ T5201] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 55.492450][ T5203] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 55.523462][ T5220] loop4: detected capacity change from 0 to 512 [pid 5068] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5220] ioctl(4, LOOP_SET_FD, 3 [pid 5212] <... futex resumed>) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5212] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] lstat("./3/file0", [pid 5068] lstat("./3/file0", [pid 5212] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5208] <... futex resumed>) = 0 [pid 5200] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5070] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5068] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5212] fspick(AT_FDCWD, ".", 0 [pid 5208] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... fsconfig resumed>) = 0 [pid 5201] <... fsconfig resumed>) = 0 [pid 5200] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5212] <... fspick resumed>) = 4 [pid 5203] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] <... futex resumed>) = 0 [pid 5197] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5212] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = 0 [pid 5201] <... futex resumed>) = 0 [pid 5200] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5197] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5220] <... ioctl resumed>) = 0 [pid 5212] <... futex resumed>) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5197] <... futex resumed>) = 0 [pid 5068] <... openat resumed>) = 4 [pid 5220] close(3 [pid 5212] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] fstat(4, [pid 5220] <... close resumed>) = 0 [pid 5212] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5208] <... futex resumed>) = 0 [pid 5068] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5220] mkdir("./file0", 0777 [pid 5212] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5208] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] getdents64(4, [pid 5220] <... mkdir resumed>) = 0 [pid 5212] <... fsconfig resumed>) = 0 [pid 5068] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5220] mount("/dev/loop4", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5212] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] getdents64(4, [pid 5212] <... futex resumed>) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5200] <... mmap resumed>) = 0x7f39209ed000 [pid 5070] <... openat resumed>) = 4 [pid 5068] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5212] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] close(4 [pid 5212] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5208] <... futex resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5212] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5208] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5200] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5070] fstat(4, [pid 5068] rmdir("./3/file0" [pid 5200] <... mprotect resumed>) = 0 [pid 5070] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5200] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5070] getdents64(4, 0x555556136660 /* 2 entries */, 32768) = 48 [pid 5200] <... clone resumed>, parent_tid=[5223], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5223 [pid 5070] getdents64(4, [pid 5200] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5200] <... futex resumed>) = 0 [pid 5070] close(4 [pid 5200] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... close resumed>) = 0 [pid 5070] rmdir("./3/file0") = 0 [pid 5070] getdents64(3, 0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./3") = 0 [pid 5070] mkdir("./4", 0777) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5070] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5070] close(3 [pid 5197] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5070] <... close resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5197] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555612d5d0) = 5224 ./strace-static-x86_64: Process 5223 attached [pid 5223] set_robust_list(0x7f3920a0d9e0, 24) = 0 [pid 5223] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5212] <... fsconfig resumed>) = 0 [pid 5197] <... futex resumed>) = 0 [pid 5068] getdents64(3, [pid 5212] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5197] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5212] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5212] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5208] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5224 attached [ 55.570803][ T5201] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 55.574806][ T5220] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 55.596876][ T5212] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 55.599991][ T5223] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [pid 5212] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5208] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5197] <... mmap resumed>) = 0x7f39209ed000 [pid 5068] close(3 [pid 5197] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5068] <... close resumed>) = 0 [pid 5197] <... mprotect resumed>) = 0 [pid 5068] rmdir("./3" [pid 5197] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5068] <... rmdir resumed>) = 0 [pid 5068] mkdir("./4", 0777 [pid 5197] <... clone resumed>, parent_tid=[5226], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5226 [pid 5068] <... mkdir resumed>) = 0 [pid 5197] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5197] <... futex resumed>) = 0 [pid 5068] <... openat resumed>) = 3 [pid 5197] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3./strace-static-x86_64: Process 5226 attached [pid 5224] set_robust_list(0x55555612d5e0, 24 [pid 5200] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5068] <... close resumed>) = 0 [pid 5200] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = 0 [pid 5200] <... futex resumed>) = 1 [pid 5203] openat(AT_FDCWD, ".", O_RDONLY [pid 5200] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... openat resumed>) = 5 [pid 5203] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5200] <... futex resumed>) = 0 [pid 5203] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5200] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] set_robust_list(0x7f3920a0d9e0, 24 [pid 5224] <... set_robust_list resumed>) = 0 [pid 5203] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5201] <... fsconfig resumed>) = 0 [pid 5200] <... futex resumed>) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5226] <... set_robust_list resumed>) = 0 [pid 5224] chdir("./4" [pid 5203] mkdirat(5, "./bus", 000 [ 55.621128][ T5212] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 55.632717][ T5220] EXT4-fs (loop4): 1 truncate cleaned up [ 55.646135][ T5201] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 55.648896][ T5220] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5201] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5229 attached [pid 5226] openat(AT_FDCWD, ".", O_RDONLY [pid 5224] <... chdir resumed>) = 0 [pid 5208] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5203] <... mkdirat resumed>) = 0 [pid 5068] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5229 [pid 5226] <... openat resumed>) = 5 [pid 5224] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5208] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... prctl resumed>) = 0 [pid 5208] <... futex resumed>) = 0 [pid 5203] <... futex resumed>) = 1 [pid 5200] <... futex resumed>) = 0 [pid 5229] set_robust_list(0x55555612d5e0, 24 [pid 5226] <... futex resumed>) = 1 [pid 5224] setpgid(0, 0 [pid 5220] <... mount resumed>) = 0 [pid 5208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5203] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] <... futex resumed>) = 0 [pid 5197] <... futex resumed>) = 0 [pid 5229] <... set_robust_list resumed>) = 0 [pid 5226] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] <... setpgid resumed>) = 0 [pid 5220] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5208] <... mmap resumed>) = 0x7f39209ed000 [pid 5201] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5197] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] chdir("./4" [pid 5220] <... openat resumed>) = 3 [pid 5201] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5229] <... chdir resumed>) = 0 [pid 5220] chdir("./file0" [pid 5201] mkdirat(5, "./bus", 000 [pid 5229] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5220] <... chdir resumed>) = 0 [pid 5229] <... prctl resumed>) = 0 [pid 5229] setpgid(0, 0 [pid 5220] ioctl(4, LOOP_CLR_FD [pid 5229] <... setpgid resumed>) = 0 [pid 5220] <... ioctl resumed>) = 0 [pid 5229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5220] close(4 [pid 5229] <... openat resumed>) = 3 [pid 5224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5223] <... fsconfig resumed>) = 0 [pid 5220] <... close resumed>) = 0 [pid 5208] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5197] <... futex resumed>) = 0 [pid 5229] write(3, "1000", 4 [pid 5223] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... write resumed>) = 4 [pid 5224] <... openat resumed>) = 3 [pid 5223] <... futex resumed>) = 0 [pid 5220] <... futex resumed>) = 1 [pid 5200] exit_group(0 [pid 5218] <... futex resumed>) = 0 [pid 5197] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] close(3 [pid 5224] write(3, "1000", 4 [pid 5218] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... fsconfig resumed>) = 0 [pid 5208] <... mprotect resumed>) = 0 [pid 5203] <... futex resumed>) = ? [pid 5200] <... exit_group resumed>) = ? [pid 5224] <... write resumed>) = 4 [pid 5218] <... futex resumed>) = 0 [pid 5212] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [ 55.679004][ T5220] ext4 filesystem being mounted at /root/syzkaller.OeA2WI/4/file0 supports timestamps until 2038 (0x7fffffff) [ 55.693062][ T5223] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 55.704081][ T5212] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5208] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5203] +++ exited with 0 +++ ./strace-static-x86_64: Process 5230 attached [pid 5229] <... close resumed>) = 0 [pid 5224] close(3 [pid 5220] fspick(AT_FDCWD, ".", 0 [pid 5218] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] <... futex resumed>) = 0 [pid 5201] <... mkdirat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5229] symlink("/dev/binderfs", "./binderfs" [pid 5224] <... close resumed>) = 0 [pid 5220] <... fspick resumed>) = 4 [pid 5208] <... clone resumed>, parent_tid=[5230], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5230 [pid 5201] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] set_robust_list(0x7f3920a0d9e0, 24 [pid 5229] <... symlink resumed>) = 0 [pid 5224] symlink("/dev/binderfs", "./binderfs" [pid 5197] <... futex resumed>) = 0 [pid 5208] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... set_robust_list resumed>) = 0 [pid 5230] openat(AT_FDCWD, ".", O_RDONLY [pid 5224] <... symlink resumed>) = 0 [pid 5197] exit_group(0 [pid 5230] <... openat resumed>) = 5 [pid 5229] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... futex resumed>) = ? [pid 5224] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] <... futex resumed>) = 0 [pid 5201] <... futex resumed>) = ? [pid 5197] <... exit_group resumed>) = ? [pid 5230] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5226] +++ exited with 0 +++ [pid 5224] <... futex resumed>) = 0 [pid 5220] <... futex resumed>) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5208] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] +++ exited with 0 +++ [pid 5230] <... futex resumed>) = 0 [pid 5230] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] +++ exited with 0 +++ [pid 5218] <... futex resumed>) = 0 [pid 5208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5218] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5071] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5197, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5229] <... mmap resumed>) = 0x7f3928dce000 [pid 5208] <... futex resumed>) = 1 [pid 5229] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5224] <... mmap resumed>) = 0x7f3928dce000 [pid 5208] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... fsconfig resumed>) = 0 [pid 5229] <... mprotect resumed>) = 0 [pid 5224] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5220] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... futex resumed>) = 0 [pid 5224] <... mprotect resumed>) = 0 [pid 5071] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5229] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5224] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5220] <... futex resumed>) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5212] mkdirat(5, "./bus", 000 [pid 5223] +++ exited with 0 +++ [pid 5200] +++ exited with 0 +++ [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5218] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5200, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5229] <... clone resumed>, parent_tid=[5231], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5231 [pid 5220] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5218] <... futex resumed>) = 0 [pid 5071] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5229] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... clone resumed>, parent_tid=[5232], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5232 [pid 5218] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5224] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5071] <... openat resumed>) = 3 [pid 5224] <... futex resumed>) = 0 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5229] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5224] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5073] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5071] fstat(3, ./strace-static-x86_64: Process 5231 attached [pid 5231] set_robust_list(0x7f3928dee9e0, 24) = 0 [pid 5231] memfd_create("syzkaller", 0) = 3 [pid 5231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f39209ce000 [pid 5231] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5231] munmap(0x7f39209ce000, 262144 [pid 5071] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] <... openat resumed>) = 3 [pid 5073] fstat(3, [pid 5071] getdents64(3, 0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5073] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5071] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] getdents64(3, [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5071] lstat("./3/binderfs", [pid 5073] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5071] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5071] unlink("./3/binderfs" [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5071] <... unlink resumed>) = 0 [pid 5073] lstat("./3/binderfs", [pid 5071] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5073] unlink("./3/binderfs") = 0 [pid 5073] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5231] <... munmap resumed>) = 0 [pid 5231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 55.717099][ T5201] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [pid 5231] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5232 attached [pid 5212] <... mkdirat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5231] <... ioctl resumed>) = 0 [pid 5231] close(3) = 0 [pid 5231] mkdir("./file0", 0777) = 0 [pid 5231] mount("/dev/loop0", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5232] set_robust_list(0x7f3928dee9e0, 24) = 0 [pid 5232] memfd_create("syzkaller", 0) = 3 [pid 5232] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f39209ce000 [pid 5232] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5232] munmap(0x7f39209ce000, 262144 [pid 5208] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5232] <... munmap resumed>) = 0 [pid 5232] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5218] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5218] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = 0 [pid 5212] <... futex resumed>) = 0 [pid 5218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5212] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] <... fsconfig resumed>) = 0 [pid 5218] <... mmap resumed>) = 0x7f39209ed000 [pid 5208] exit_group(0 [pid 5220] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5220] <... futex resumed>) = 0 [pid 5230] <... futex resumed>) = ? [pid 5220] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] <... mprotect resumed>) = 0 [pid 5212] <... futex resumed>) = ? [pid 5208] <... exit_group resumed>) = ? [pid 5230] +++ exited with 0 +++ [pid 5218] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5212] +++ exited with 0 +++ [pid 5208] +++ exited with 0 +++ [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5208, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [ 55.770303][ T5231] loop0: detected capacity change from 0 to 512 [ 55.778548][ T5220] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 55.791364][ T5071] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.805062][ T5073] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5232] <... openat resumed>) = 4 [pid 5232] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5234 attached [pid 5218] <... clone resumed>, parent_tid=[5234], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5234 [pid 5234] set_robust_list(0x7f3920a0d9e0, 24 [pid 5218] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... set_robust_list resumed>) = 0 [pid 5218] <... futex resumed>) = 0 [pid 5234] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5218] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5069] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5069] getdents64(3, 0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5069] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5069] unlink("./3/binderfs" [pid 5232] <... ioctl resumed>) = 0 [pid 5232] close(3) = 0 [pid 5232] mkdir("./file0", 0777) = 0 [pid 5232] mount("/dev/loop2", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5069] <... unlink resumed>) = 0 [pid 5071] <... umount2 resumed>) = 0 [ 55.820190][ T5232] loop2: detected capacity change from 0 to 512 [ 55.828157][ T5234] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 55.844388][ T5231] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [pid 5069] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5071] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5218] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5071] lstat("./3/file0", [pid 5218] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5220] <... futex resumed>) = 0 [pid 5218] <... futex resumed>) = 1 [pid 5071] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5220] openat(AT_FDCWD, ".", O_RDONLY [pid 5218] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5220] <... openat resumed>) = 5 [pid 5071] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5220] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5071] <... openat resumed>) = 4 [pid 5220] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] fstat(4, [pid 5220] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5218] <... futex resumed>) = 0 [pid 5071] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5220] mkdirat(5, "./bus", 000 [pid 5218] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] getdents64(4, 0x555556136660 /* 2 entries */, 32768) = 48 [pid 5071] getdents64(4, 0x555556136660 /* 0 entries */, 32768) = 0 [pid 5220] <... mkdirat resumed>) = 0 [pid 5071] close(4) = 0 [pid 5071] rmdir("./3/file0" [pid 5220] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... rmdir resumed>) = 0 [pid 5220] <... futex resumed>) = 1 [pid 5218] <... futex resumed>) = 0 [pid 5071] getdents64(3, [pid 5220] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5071] close(3) = 0 [pid 5071] rmdir("./3") = 0 [pid 5071] mkdir("./4", 0777) = 0 [pid 5071] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5071] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 55.869500][ T5069] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.900844][ T5234] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5071] close(3) = 0 [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555612d5d0) = 5239 [pid 5073] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 5239 attached [pid 5234] <... fsconfig resumed>) = 0 [pid 5073] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5239] set_robust_list(0x55555612d5e0, 24 [pid 5234] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] exit_group(0 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5234] <... futex resumed>) = 0 [pid 5220] <... futex resumed>) = ? [pid 5218] <... exit_group resumed>) = ? [pid 5239] <... set_robust_list resumed>) = 0 [pid 5234] +++ exited with 0 +++ [pid 5220] +++ exited with 0 +++ [pid 5218] +++ exited with 0 +++ [pid 5073] lstat("./3/file0", [pid 5239] chdir("./4" [pid 5073] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5218, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5073] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5239] <... chdir resumed>) = 0 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5239] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5072] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5239] <... prctl resumed>) = 0 [pid 5073] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5231] <... mount resumed>) = 0 [pid 5231] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5231] chdir("./file0") = 0 [pid 5231] ioctl(4, LOOP_CLR_FD) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5231] close(4 [pid 5072] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5072] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./4/binderfs") = 0 [pid 5072] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5231] <... close resumed>) = 0 [pid 5231] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5239] setpgid(0, 0 [pid 5229] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... openat resumed>) = 4 [pid 5069] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5239] <... setpgid resumed>) = 0 [pid 5229] <... futex resumed>) = 0 [pid 5073] fstat(4, [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5229] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5239] <... openat resumed>) = 3 [pid 5073] getdents64(4, [pid 5069] lstat("./3/file0", [pid 5239] write(3, "1000", 4 [pid 5073] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [ 55.916173][ T5231] EXT4-fs (loop0): 1 truncate cleaned up [ 55.925821][ T5231] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 55.930499][ T5232] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 55.939654][ T5231] ext4 filesystem being mounted at /root/syzkaller.13SvPn/4/file0 supports timestamps until 2038 (0x7fffffff) [pid 5231] fspick(AT_FDCWD, ".", 0) = 4 [pid 5231] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] <... write resumed>) = 4 [pid 5229] <... futex resumed>) = 0 [pid 5073] getdents64(4, [pid 5069] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5229] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] close(3 [pid 5073] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5069] umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5239] <... close resumed>) = 0 [pid 5073] close(4 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] <... close resumed>) = 0 [pid 5239] symlink("/dev/binderfs", "./binderfs" [pid 5069] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5073] rmdir("./3/file0" [pid 5239] <... symlink resumed>) = 0 [pid 5231] <... futex resumed>) = 0 [pid 5229] <... futex resumed>) = 1 [pid 5069] <... openat resumed>) = 4 [pid 5231] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5229] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... fsconfig resumed>) = 0 [pid 5073] <... rmdir resumed>) = 0 [pid 5069] fstat(4, [pid 5231] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5231] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5229] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] <... futex resumed>) = 0 [pid 5073] getdents64(3, [pid 5069] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5073] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [ 56.001254][ T5232] EXT4-fs (loop2): 1 truncate cleaned up [ 56.004881][ T5072] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.007675][ T5232] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 56.033073][ T5232] ext4 filesystem being mounted at /root/syzkaller.Lw0I6A/4/file0 supports timestamps until 2038 (0x7fffffff) [pid 5069] getdents64(4, [pid 5239] <... mmap resumed>) = 0x7f3928dce000 [pid 5073] close(3 [pid 5069] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5239] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5232] <... mount resumed>) = 0 [pid 5073] <... close resumed>) = 0 [pid 5069] getdents64(4, [pid 5073] rmdir("./3" [pid 5069] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5239] <... mprotect resumed>) = 0 [pid 5239] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5232] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5073] <... rmdir resumed>) = 0 [pid 5069] close(4) = 0 [pid 5073] mkdir("./4", 0777 [pid 5069] rmdir("./3/file0" [pid 5239] <... clone resumed>, parent_tid=[5240], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5240 [pid 5073] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5240 attached [pid 5239] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] <... openat resumed>) = 3 [pid 5073] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5069] <... rmdir resumed>) = 0 [pid 5240] set_robust_list(0x7f3928dee9e0, 24 [pid 5239] <... futex resumed>) = 0 [pid 5232] chdir("./file0" [pid 5240] <... set_robust_list resumed>) = 0 [pid 5239] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5073] <... openat resumed>) = 3 [pid 5069] getdents64(3, [pid 5232] <... chdir resumed>) = 0 [pid 5073] ioctl(3, LOOP_CLR_FD [pid 5069] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5232] ioctl(4, LOOP_CLR_FD [pid 5073] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5232] <... ioctl resumed>) = 0 [pid 5073] close(3 [pid 5069] close(3 [pid 5232] close(4 [pid 5073] <... close resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5232] <... close resumed>) = 0 [pid 5069] rmdir("./3"./strace-static-x86_64: Process 5241 attached [pid 5240] memfd_create("syzkaller", 0 [pid 5232] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... rmdir resumed>) = 0 [pid 5073] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5241 [pid 5069] mkdir("./4", 0777 [pid 5241] set_robust_list(0x55555612d5e0, 24 [pid 5240] <... memfd_create resumed>) = 3 [pid 5232] <... futex resumed>) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5069] <... mkdir resumed>) = 0 [pid 5241] <... set_robust_list resumed>) = 0 [pid 5240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5232] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] <... fsconfig resumed>) = 0 [pid 5229] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5224] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5229] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5229] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f39209ed000 [pid 5232] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5229] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5224] <... futex resumed>) = 0 [pid 5232] fspick(AT_FDCWD, ".", 0 [pid 5229] <... mprotect resumed>) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5241] chdir("./4" [pid 5240] <... mmap resumed>) = 0x7f39209ce000 [pid 5232] <... fspick resumed>) = 4 [pid 5231] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5224] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] <... chdir resumed>) = 0 [pid 5240] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5232] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... futex resumed>) = 0 [pid 5224] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5072] <... umount2 resumed>) = 0 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5232] <... futex resumed>) = 0 [pid 5229] <... clone resumed>, parent_tid=[5242], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5242 [pid 5224] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5229] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 0 [pid 5072] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5232] <... fsconfig resumed>) = 0 [pid 5229] <... futex resumed>) = 0 [pid 5224] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5242 attached [ 56.047425][ T5231] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5232] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] close(3 [pid 5242] set_robust_list(0x7f3920a0d9e0, 24 [pid 5232] <... futex resumed>) = 0 [pid 5224] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... close resumed>) = 0 [pid 5232] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5224] <... futex resumed>) = 0 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5242] <... set_robust_list resumed>) = 0 [pid 5224] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] lstat("./4/file0", [pid 5242] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5072] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 ./strace-static-x86_64: Process 5243 attached [pid 5241] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5240] <... write resumed>) = 262144 [pid 5231] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5243] set_robust_list(0x55555612d5e0, 24 [pid 5241] <... prctl resumed>) = 0 [pid 5240] munmap(0x7f39209ce000, 262144 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5243 [pid 5243] <... set_robust_list resumed>) = 0 [pid 5241] setpgid(0, 0 [pid 5240] <... munmap resumed>) = 0 [pid 5243] chdir("./4" [pid 5241] <... setpgid resumed>) = 0 [pid 5240] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5243] <... chdir resumed>) = 0 [pid 5241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5240] <... openat resumed>) = 4 [pid 5243] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5241] <... openat resumed>) = 3 [pid 5240] ioctl(4, LOOP_SET_FD, 3 [pid 5243] <... prctl resumed>) = 0 [pid 5241] write(3, "1000", 4 [pid 5072] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5243] setpgid(0, 0 [pid 5241] <... write resumed>) = 4 [pid 5072] <... openat resumed>) = 4 [pid 5243] <... setpgid resumed>) = 0 [pid 5241] close(3 [pid 5072] fstat(4, [pid 5243] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5241] <... close resumed>) = 0 [pid 5072] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5243] <... openat resumed>) = 3 [pid 5241] symlink("/dev/binderfs", "./binderfs" [pid 5072] getdents64(4, [pid 5243] write(3, "1000", 4 [pid 5241] <... symlink resumed>) = 0 [pid 5072] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5243] <... write resumed>) = 4 [pid 5241] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] getdents64(4, [pid 5243] close(3 [pid 5241] <... futex resumed>) = 0 [pid 5072] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5243] <... close resumed>) = 0 [pid 5241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5240] <... ioctl resumed>) = 0 [pid 5072] close(4 [pid 5243] symlink("/dev/binderfs", "./binderfs" [pid 5241] <... mmap resumed>) = 0x7f3928dce000 [pid 5240] close(3 [pid 5243] <... symlink resumed>) = 0 [pid 5241] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5240] <... close resumed>) = 0 [pid 5243] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... mprotect resumed>) = 0 [pid 5240] mkdir("./file0", 0777 [pid 5243] <... futex resumed>) = 0 [pid 5241] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5240] <... mkdir resumed>) = 0 [pid 5232] <... fsconfig resumed>) = 0 [pid 5072] <... close resumed>) = 0 [pid 5243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5240] mount("/dev/loop3", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5232] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] rmdir("./4/file0" [pid 5243] <... mmap resumed>) = 0x7f3928dce000 [pid 5241] <... clone resumed>, parent_tid=[5245], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5245 [pid 5229] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 56.101463][ T5242] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 56.113531][ T5232] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 56.124339][ T5240] loop3: detected capacity change from 0 to 512 [pid 5243] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5241] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] <... mprotect resumed>) = 0 [pid 5241] <... futex resumed>) = 0 [pid 5232] <... futex resumed>) = 1 [pid 5229] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 0 [pid 5072] <... rmdir resumed>) = 0 [pid 5243] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5241] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5224] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5243] <... clone resumed>, parent_tid=[5247], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5247 [pid 5224] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5243] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5247 attached [pid 5247] set_robust_list(0x7f3928dee9e0, 24) = 0 [pid 5247] memfd_create("syzkaller", 0) = 3 [pid 5247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f39209ce000 [pid 5247] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5232] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5231] <... futex resumed>) = 0 [pid 5229] <... futex resumed>) = 1 [pid 5072] getdents64(3, [pid 5231] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5231] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5231] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] <... write resumed>) = 262144 [pid 5247] munmap(0x7f39209ce000, 262144) = 0 [pid 5247] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5229] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 5245 attached [pid 5247] ioctl(4, LOOP_SET_FD, 3 [pid 5229] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5072] close(3 [pid 5245] set_robust_list(0x7f3928dee9e0, 24 [pid 5242] <... fsconfig resumed>) = 0 [pid 5229] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... close resumed>) = 0 [pid 5245] <... set_robust_list resumed>) = 0 [pid 5242] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] <... futex resumed>) = 0 [pid 5229] <... futex resumed>) = 1 [pid 5072] rmdir("./4" [pid 5245] memfd_create("syzkaller", 0 [pid 5242] <... futex resumed>) = 0 [pid 5231] mkdirat(5, "./bus", 000 [pid 5229] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... rmdir resumed>) = 0 [pid 5245] <... memfd_create resumed>) = 3 [pid 5242] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5231] <... mkdirat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5224] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5072] mkdir("./5", 0777 [ 56.152004][ T5242] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 56.166474][ T5232] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 56.180303][ T5247] loop1: detected capacity change from 0 to 512 [pid 5245] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5231] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... mkdir resumed>) = 0 [pid 5245] <... mmap resumed>) = 0x7f39209ce000 [pid 5072] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5245] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5072] <... openat resumed>) = 3 [pid 5245] <... write resumed>) = 262144 [pid 5072] ioctl(3, LOOP_CLR_FD [pid 5245] munmap(0x7f39209ce000, 262144 [pid 5072] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5245] <... munmap resumed>) = 0 [pid 5072] close(3 [pid 5247] <... ioctl resumed>) = 0 [pid 5245] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5231] <... futex resumed>) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5224] <... futex resumed>) = 0 [pid 5072] <... close resumed>) = 0 [pid 5245] <... openat resumed>) = 4 [pid 5229] exit_group(0 [ 56.208559][ T5240] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 56.228488][ T5240] EXT4-fs (loop3): 1 truncate cleaned up [ 56.229593][ T5232] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 56.234561][ T5240] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5245] ioctl(4, LOOP_SET_FD, 3 [pid 5242] <... futex resumed>) = ? [pid 5229] <... exit_group resumed>) = ? [pid 5247] close(3 [pid 5242] +++ exited with 0 +++ [pid 5224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5072] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5250 ./strace-static-x86_64: Process 5250 attached [pid 5250] set_robust_list(0x55555612d5e0, 24) = 0 [pid 5250] chdir("./5") = 0 [pid 5250] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5250] setpgid(0, 0) = 0 [pid 5250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5250] write(3, "1000", 4) = 4 [pid 5250] close(3) = 0 [pid 5250] symlink("/dev/binderfs", "./binderfs" [pid 5247] <... close resumed>) = 0 [pid 5250] <... symlink resumed>) = 0 [pid 5231] +++ exited with 0 +++ [pid 5229] +++ exited with 0 +++ [pid 5224] <... mmap resumed>) = 0x7f39209ed000 [pid 5250] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] mkdir("./file0", 0777 [pid 5224] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5250] <... futex resumed>) = 0 [pid 5247] <... mkdir resumed>) = 0 [pid 5240] <... mount resumed>) = 0 [pid 5250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5224] <... mprotect resumed>) = 0 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5229, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5224] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5247] mount("/dev/loop1", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5068] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5250] <... mmap resumed>) = 0x7f3928dce000 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5224] <... clone resumed>, parent_tid=[5251], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5251 [pid 5250] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5240] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5224] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... openat resumed>) = 3 [pid 5250] <... mprotect resumed>) = 0 [pid 5240] <... openat resumed>) = 3 [pid 5224] <... futex resumed>) = 0 [pid 5250] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5240] chdir("./file0" [pid 5224] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] fstat(3, ./strace-static-x86_64: Process 5254 attached [pid 5240] <... chdir resumed>) = 0 [pid 5068] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5254] set_robust_list(0x7f3928dee9e0, 24 [pid 5250] <... clone resumed>, parent_tid=[5254], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5254 [pid 5240] ioctl(4, LOOP_CLR_FD [pid 5068] getdents64(3, [pid 5254] <... set_robust_list resumed>) = 0 [pid 5250] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5240] <... ioctl resumed>) = 0 [pid 5068] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 5251 attached [pid 5251] set_robust_list(0x7f3920a0d9e0, 24 [pid 5068] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5251] <... set_robust_list resumed>) = 0 [pid 5251] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5251] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5251] <... futex resumed>) = 1 [pid 5224] <... futex resumed>) = 0 [ 56.249243][ T5245] loop5: detected capacity change from 0 to 512 [ 56.263578][ T5240] ext4 filesystem being mounted at /root/syzkaller.m4jObD/4/file0 supports timestamps until 2038 (0x7fffffff) [pid 5251] mkdirat(5, "./bus", 000 [pid 5250] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5245] <... ioctl resumed>) = 0 [pid 5224] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] lstat("./4/binderfs", [pid 5245] close(3 [pid 5240] close(4 [pid 5224] <... futex resumed>) = 0 [pid 5245] <... close resumed>) = 0 [pid 5232] <... fsconfig resumed>) = 0 [pid 5245] mkdir("./file0", 0777 [pid 5232] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... mkdir resumed>) = 0 [pid 5232] <... futex resumed>) = 0 [pid 5245] mount("/dev/loop5", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5232] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5254] memfd_create("syzkaller", 0) = 3 [pid 5254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f39209ce000 [pid 5254] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5254] munmap(0x7f39209ce000, 262144 [pid 5224] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5251] <... mkdirat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5068] unlink("./4/binderfs" [pid 5251] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5251] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] <... unlink resumed>) = 0 [pid 5224] exit_group(0 [pid 5251] <... futex resumed>) = ? [pid 5232] <... futex resumed>) = ? [pid 5224] <... exit_group resumed>) = ? [pid 5068] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5251] +++ exited with 0 +++ [pid 5240] <... close resumed>) = 0 [pid 5232] +++ exited with 0 +++ [pid 5254] <... munmap resumed>) = 0 [pid 5224] +++ exited with 0 +++ [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5224, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5070] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5254] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5254] ioctl(4, LOOP_SET_FD, 3 [pid 5240] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5240] fspick(AT_FDCWD, ".", 0 [pid 5239] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5240] <... fspick resumed>) = 4 [pid 5239] <... futex resumed>) = 0 [pid 5254] <... ioctl resumed>) = 0 [pid 5254] close(3) = 0 [pid 5254] mkdir("./file0", 0777 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5240] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... futex resumed>) = 0 [pid 5239] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5070] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5240] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5240] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5239] <... futex resumed>) = 0 [pid 5070] <... openat resumed>) = 3 [pid 5240] <... fsconfig resumed>) = 0 [pid 5239] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] fstat(3, [pid 5240] <... futex resumed>) = 0 [pid 5239] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5070] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5239] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5239] <... futex resumed>) = 0 [pid 5070] getdents64(3, [pid 5239] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] <... mkdir resumed>) = 0 [pid 5070] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5254] mount("/dev/loop4", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5070] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 56.299830][ T5247] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 56.327167][ T5068] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.327823][ T5254] loop4: detected capacity change from 0 to 512 [pid 5070] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./4/binderfs") = 0 [pid 5070] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5240] <... fsconfig resumed>) = 0 [pid 5240] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5239] <... futex resumed>) = 0 [pid 5239] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 56.358753][ T5240] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 56.366015][ T5245] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 56.386094][ T5070] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.397059][ T5245] EXT4-fs (loop5): 1 truncate cleaned up [ 56.398235][ T5247] EXT4-fs (loop1): 1 truncate cleaned up [pid 5240] <... futex resumed>) = 0 [ 56.409798][ T5247] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 56.410019][ T5245] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 56.426463][ T5254] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 56.445712][ T5240] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [pid 5240] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5239] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5239] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f39209ed000 [pid 5239] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5239] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5259], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5259 [pid 5239] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5259 attached [pid 5259] set_robust_list(0x7f3920a0d9e0, 24) = 0 [pid 5259] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5259] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5259] mkdirat(5, "./bus", 000 [pid 5247] <... mount resumed>) = 0 [pid 5245] <... mount resumed>) = 0 [pid 5239] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5245] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5247] <... openat resumed>) = 3 [pid 5245] <... openat resumed>) = 3 [pid 5247] chdir("./file0" [pid 5245] chdir("./file0" [pid 5247] <... chdir resumed>) = 0 [pid 5245] <... chdir resumed>) = 0 [pid 5239] <... futex resumed>) = 0 [pid 5247] ioctl(4, LOOP_CLR_FD [pid 5245] ioctl(4, LOOP_CLR_FD [pid 5239] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5259] <... mkdirat resumed>) = 0 [pid 5247] <... ioctl resumed>) = 0 [pid 5245] <... ioctl resumed>) = 0 [pid 5068] <... umount2 resumed>) = 0 [pid 5259] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5259] <... futex resumed>) = 1 [pid 5247] close(4 [pid 5245] close(4 [pid 5239] <... futex resumed>) = 0 [ 56.448987][ T5247] ext4 filesystem being mounted at /root/syzkaller.Umn7fv/4/file0 supports timestamps until 2038 (0x7fffffff) [ 56.470467][ T5245] ext4 filesystem being mounted at /root/syzkaller.336SfN/4/file0 supports timestamps until 2038 (0x7fffffff) [ 56.471765][ T5254] EXT4-fs (loop4): 1 truncate cleaned up [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5259] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] <... close resumed>) = 0 [pid 5245] <... close resumed>) = 0 [pid 5068] lstat("./4/file0", [pid 5247] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... umount2 resumed>) = 0 [pid 5068] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5247] <... futex resumed>) = 1 [pid 5245] <... futex resumed>) = 1 [pid 5243] <... futex resumed>) = 0 [pid 5241] <... futex resumed>) = 0 [pid 5068] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5247] fspick(AT_FDCWD, ".", 0 [pid 5245] fspick(AT_FDCWD, ".", 0 [pid 5243] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5247] <... fspick resumed>) = 4 [pid 5245] <... fspick resumed>) = 4 [pid 5243] <... futex resumed>) = 0 [pid 5241] <... futex resumed>) = 0 [pid 5070] lstat("./4/file0", [pid 5068] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5247] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5068] <... openat resumed>) = 4 [ 56.515838][ T5254] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [ 56.530566][ T5240] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5247] <... futex resumed>) = 0 [pid 5245] <... futex resumed>) = 0 [pid 5243] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5241] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5070] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] fstat(4, [pid 5254] <... mount resumed>) = 0 [pid 5247] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5243] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... fsconfig resumed>) = 0 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5254] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5247] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5245] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5243] <... futex resumed>) = 0 [pid 5241] <... futex resumed>) = 0 [pid 5240] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] getdents64(4, [pid 5254] <... openat resumed>) = 3 [pid 5247] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5245] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5243] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... futex resumed>) = 0 [pid 5070] <... openat resumed>) = 4 [pid 5254] chdir("./file0" [pid 5247] <... fsconfig resumed>) = 0 [pid 5245] <... fsconfig resumed>) = 0 [pid 5240] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5068] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5254] <... chdir resumed>) = 0 [pid 5247] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] exit_group(0 [pid 5070] fstat(4, [pid 5068] getdents64(4, [pid 5259] <... futex resumed>) = ? [pid 5254] ioctl(4, LOOP_CLR_FD [pid 5247] <... futex resumed>) = 1 [pid 5245] <... futex resumed>) = 1 [pid 5243] <... futex resumed>) = 0 [pid 5241] <... futex resumed>) = 0 [pid 5239] <... exit_group resumed>) = ? [pid 5259] +++ exited with 0 +++ [pid 5254] <... ioctl resumed>) = 0 [pid 5247] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5243] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... futex resumed>) = ? [pid 5070] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5068] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5254] close(4 [pid 5247] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5245] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5243] <... futex resumed>) = 0 [pid 5241] <... futex resumed>) = 0 [pid 5254] <... close resumed>) = 0 [pid 5247] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5245] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5243] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] +++ exited with 0 +++ [pid 5239] +++ exited with 0 +++ [pid 5070] getdents64(4, [pid 5068] close(4 [pid 5254] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] <... futex resumed>) = 0 [ 56.554882][ T5254] ext4 filesystem being mounted at /root/syzkaller.OeA2WI/5/file0 supports timestamps until 2038 (0x7fffffff) [pid 5254] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5250] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5239, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5250] <... futex resumed>) = 1 [pid 5254] <... futex resumed>) = 0 [pid 5254] fspick(AT_FDCWD, ".", 0 [pid 5250] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5254] <... fspick resumed>) = 4 [pid 5070] getdents64(4, [pid 5254] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... close resumed>) = 0 [pid 5068] rmdir("./4/file0") = 0 [pid 5068] getdents64(3, 0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5068] close(3) = 0 [pid 5068] rmdir("./4") = 0 [pid 5068] mkdir("./5", 0777) = 0 [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5068] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5068] close(3 [pid 5254] <... futex resumed>) = 1 [pid 5250] <... futex resumed>) = 0 [pid 5247] <... fsconfig resumed>) = 0 [pid 5245] <... fsconfig resumed>) = 0 [pid 5071] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5070] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5254] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... openat resumed>) = 3 [pid 5254] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5250] <... futex resumed>) = 0 [pid 5247] <... futex resumed>) = 1 [pid 5243] <... futex resumed>) = 0 [pid 5241] <... futex resumed>) = 0 [pid 5245] <... futex resumed>) = 1 [pid 5071] fstat(3, [pid 5070] close(4 [pid 5254] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5250] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5247] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5245] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5243] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] <... close resumed>) = 0 [pid 5254] <... fsconfig resumed>) = 0 [pid 5247] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5243] <... futex resumed>) = 0 [pid 5068] <... close resumed>) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555612d5d0) = 5261 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5261 attached [pid 5254] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5243] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] getdents64(3, [pid 5070] rmdir("./4/file0" [pid 5254] <... futex resumed>) = 1 [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5071] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5071] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5071] unlink("./4/binderfs") = 0 [ 56.606257][ T5247] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 56.618052][ T5245] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 56.637295][ T5245] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [pid 5071] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5261] set_robust_list(0x55555612d5e0, 24 [pid 5254] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5070] <... rmdir resumed>) = 0 [pid 5261] <... set_robust_list resumed>) = 0 [pid 5070] getdents64(3, 0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./4") = 0 [pid 5070] mkdir("./5", 0777) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5070] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5070] close(3 [pid 5261] chdir("./5" [pid 5241] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5070] <... close resumed>) = 0 [pid 5261] <... chdir resumed>) = 0 [pid 5254] <... fsconfig resumed>) = 0 [pid 5250] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5243] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5241] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5261] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5254] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5261] <... prctl resumed>) = 0 [pid 5254] <... futex resumed>) = 0 [pid 5250] <... futex resumed>) = 0 [pid 5243] <... futex resumed>) = 0 [pid 5241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5070] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5264 [pid 5261] setpgid(0, 0 [pid 5254] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5243] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5241] <... mmap resumed>) = 0x7f39209ed000 ./strace-static-x86_64: Process 5264 attached [pid 5261] <... setpgid resumed>) = 0 [pid 5250] <... mmap resumed>) = 0x7f39209ed000 [pid 5243] <... mmap resumed>) = 0x7f39209ed000 [ 56.648066][ T5247] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 56.661713][ T5071] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.672827][ T5254] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 56.672886][ T5245] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5241] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5264] set_robust_list(0x55555612d5e0, 24 [pid 5261] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5250] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5243] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5241] <... mprotect resumed>) = 0 [pid 5264] <... set_robust_list resumed>) = 0 [pid 5250] <... mprotect resumed>) = 0 [pid 5243] <... mprotect resumed>) = 0 [pid 5241] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5264] chdir("./5" [pid 5250] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5243] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5264] <... chdir resumed>) = 0 [pid 5241] <... clone resumed>, parent_tid=[5265], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5265 [pid 5264] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5250] <... clone resumed>, parent_tid=[5266], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5266 [pid 5243] <... clone resumed>, parent_tid=[5267], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5267 [pid 5241] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] <... prctl resumed>) = 0 [pid 5250] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5264] setpgid(0, 0 [pid 5250] <... futex resumed>) = 0 [pid 5243] <... futex resumed>) = 0 [pid 5241] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5267 attached ./strace-static-x86_64: Process 5265 attached [pid 5264] <... setpgid resumed>) = 0 [pid 5261] <... openat resumed>) = 3 [pid 5250] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] set_robust_list(0x7f3920a0d9e0, 24 [pid 5265] set_robust_list(0x7f3920a0d9e0, 24 [pid 5264] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5261] write(3, "1000", 4 [pid 5071] <... umount2 resumed>) = 0 [pid 5267] <... set_robust_list resumed>) = 0 [pid 5265] <... set_robust_list resumed>) = 0 [pid 5264] <... openat resumed>) = 3 [pid 5261] <... write resumed>) = 4 [pid 5267] openat(AT_FDCWD, ".", O_RDONLY [pid 5265] openat(AT_FDCWD, ".", O_RDONLY [pid 5264] write(3, "1000", 4 [pid 5261] close(3 [pid 5071] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5266 attached [pid 5267] <... openat resumed>) = 5 [pid 5265] <... openat resumed>) = 5 [pid 5264] <... write resumed>) = 4 [pid 5261] <... close resumed>) = 0 [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5267] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] set_robust_list(0x7f3920a0d9e0, 24 [pid 5265] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] close(3 [pid 5261] symlink("/dev/binderfs", "./binderfs" [pid 5071] lstat("./4/file0", [pid 5267] <... futex resumed>) = 1 [pid 5266] <... set_robust_list resumed>) = 0 [pid 5265] <... futex resumed>) = 1 [pid 5264] <... close resumed>) = 0 [pid 5261] <... symlink resumed>) = 0 [pid 5247] <... fsconfig resumed>) = 0 [pid 5243] <... futex resumed>) = 0 [pid 5241] <... futex resumed>) = 0 [pid 5071] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5267] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5265] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5264] symlink("/dev/binderfs", "./binderfs" [pid 5261] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5243] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5267] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5265] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5264] <... symlink resumed>) = 0 [pid 5243] <... futex resumed>) = 0 [pid 5241] <... futex resumed>) = 0 [pid 5267] mkdirat(5, "./bus", 000 [pid 5265] mkdirat(5, "./bus", 000 [pid 5264] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... fsconfig resumed>) = 0 [pid 5243] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5241] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... futex resumed>) = 0 [pid 5245] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5245] <... futex resumed>) = 0 [pid 5264] <... mmap resumed>) = 0x7f3928dce000 [pid 5245] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5264] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5264] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5261] <... futex resumed>) = 0 [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5267] <... mkdirat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5265] <... mkdirat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5247] <... futex resumed>) = 0 [pid 5267] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5265] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] <... clone resumed>, parent_tid=[5268], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5268 [pid 5261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5247] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5071] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5267] <... futex resumed>) = 1 [pid 5265] <... futex resumed>) = 1 [pid 5264] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] <... mmap resumed>) = 0x7f3928dce000 [pid 5243] <... futex resumed>) = 0 [pid 5241] <... futex resumed>) = 0 [pid 5071] <... openat resumed>) = 4 ./strace-static-x86_64: Process 5268 attached [pid 5267] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5265] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5264] <... futex resumed>) = 0 [pid 5261] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5243] exit_group(0 [pid 5241] exit_group(0 [pid 5071] fstat(4, [pid 5268] set_robust_list(0x7f3928dee9e0, 24 [pid 5267] <... futex resumed>) = ? [pid 5265] <... futex resumed>) = ? [pid 5264] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5261] <... mprotect resumed>) = 0 [pid 5247] <... futex resumed>) = ? [pid 5245] <... futex resumed>) = ? [pid 5243] <... exit_group resumed>) = ? [pid 5241] <... exit_group resumed>) = ? [pid 5071] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5268] <... set_robust_list resumed>) = 0 [pid 5267] +++ exited with 0 +++ [pid 5265] +++ exited with 0 +++ [pid 5261] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5247] +++ exited with 0 +++ [pid 5245] +++ exited with 0 +++ [pid 5243] +++ exited with 0 +++ [pid 5241] +++ exited with 0 +++ [ 56.715319][ T5247] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 56.745294][ T5266] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [pid 5071] getdents64(4, [pid 5268] memfd_create("syzkaller", 0) = 3 [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5241, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5268] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5073] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5268] <... mmap resumed>) = 0x7f39209ce000 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5268] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5250] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5073] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5268] <... write resumed>) = 262144 [pid 5250] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... openat resumed>) = 3 [pid 5254] <... futex resumed>) = 0 [pid 5250] <... futex resumed>) = 1 [pid 5073] fstat(3, [pid 5071] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5243, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- [pid 5268] munmap(0x7f39209ce000, 262144 [pid 5266] <... fsconfig resumed>) = 0 [pid 5261] <... clone resumed>, parent_tid=[5270], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5270 [pid 5254] openat(AT_FDCWD, ".", O_RDONLY [pid 5250] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5071] getdents64(4, [pid 5268] <... munmap resumed>) = 0 [pid 5266] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... openat resumed>) = 5 [pid 5073] getdents64(3, [pid 5071] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 5270 attached [pid 5268] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5266] <... futex resumed>) = 0 [pid 5261] <... futex resumed>) = 0 [pid 5254] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5071] close(4 [pid 5270] set_robust_list(0x7f3928dee9e0, 24 [pid 5268] <... openat resumed>) = 4 [pid 5266] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5254] <... futex resumed>) = 1 [pid 5250] <... futex resumed>) = 0 [pid 5073] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5270] <... set_robust_list resumed>) = 0 [pid 5268] ioctl(4, LOOP_SET_FD, 3 [pid 5254] mkdirat(5, "./bus", 000 [pid 5250] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5071] <... close resumed>) = 0 [pid 5069] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5270] memfd_create("syzkaller", 0 [pid 5268] <... ioctl resumed>) = 0 [pid 5250] <... futex resumed>) = 0 [pid 5073] lstat("./4/binderfs", [pid 5071] rmdir("./4/file0" [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5270] <... memfd_create resumed>) = 3 [pid 5250] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5073] unlink("./4/binderfs" [pid 5270] <... mmap resumed>) = 0x7f39209ce000 [pid 5073] <... unlink resumed>) = 0 [pid 5071] <... rmdir resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5270] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5254] <... mkdirat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5073] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5071] getdents64(3, [pid 5270] <... write resumed>) = 262144 [pid 5254] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5270] munmap(0x7f39209ce000, 262144 [pid 5254] <... futex resumed>) = 1 [pid 5250] <... futex resumed>) = 0 [pid 5071] close(3 [pid 5069] fstat(3, [pid 5270] <... munmap resumed>) = 0 [ 56.772935][ T5266] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 56.790486][ T5268] loop2: detected capacity change from 0 to 512 [ 56.804694][ T5073] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [pid 5254] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] exit_group(0 [pid 5071] <... close resumed>) = 0 [pid 5270] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5266] <... futex resumed>) = ? [pid 5254] <... futex resumed>) = ? [pid 5250] <... exit_group resumed>) = ? [pid 5071] rmdir("./4" [pid 5069] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5270] <... openat resumed>) = 4 [pid 5270] ioctl(4, LOOP_SET_FD, 3 [pid 5268] close(3) = 0 [pid 5254] +++ exited with 0 +++ [pid 5071] <... rmdir resumed>) = 0 [pid 5069] getdents64(3, [pid 5268] mkdir("./file0", 0777) = 0 [pid 5266] +++ exited with 0 +++ [pid 5250] +++ exited with 0 +++ [pid 5071] mkdir("./5", 0777 [pid 5069] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5268] mount("/dev/loop2", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5071] <... mkdir resumed>) = 0 [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5250, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5071] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5069] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] restart_syscall(<... resuming interrupted clone ...> [pid 5071] <... openat resumed>) = 3 [pid 5072] <... restart_syscall resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5071] ioctl(3, LOOP_CLR_FD [pid 5069] lstat("./4/binderfs", [pid 5071] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5072] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5071] close(3 [pid 5069] unlink("./4/binderfs" [pid 5072] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5071] <... close resumed>) = 0 [pid 5270] <... ioctl resumed>) = 0 [pid 5270] close(3) = 0 [pid 5270] mkdir("./file0", 0777) = 0 [ 56.818551][ T5270] loop0: detected capacity change from 0 to 512 [pid 5270] mount("/dev/loop0", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5069] <... unlink resumed>) = 0 [pid 5072] <... openat resumed>) = 3 [pid 5072] fstat(3, [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5071] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5271 [pid 5072] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 ./strace-static-x86_64: Process 5271 attached [pid 5271] set_robust_list(0x55555612d5e0, 24) = 0 [pid 5271] chdir("./5") = 0 [pid 5271] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5271] setpgid(0, 0) = 0 [pid 5271] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5073] <... umount2 resumed>) = 0 [pid 5072] unlink("./5/binderfs" [pid 5073] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] <... unlink resumed>) = 0 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] lstat("./4/file0", [pid 5072] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5271] write(3, "1000", 4 [ 56.852234][ T5069] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.869386][ T5072] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 56.885200][ T5268] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [pid 5073] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5271] <... write resumed>) = 4 [pid 5073] <... openat resumed>) = 4 [pid 5069] <... umount2 resumed>) = 0 [pid 5271] close(3 [pid 5073] fstat(4, [pid 5271] <... close resumed>) = 0 [pid 5073] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5069] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5271] symlink("/dev/binderfs", "./binderfs" [pid 5073] getdents64(4, [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5271] <... symlink resumed>) = 0 [pid 5073] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5073] getdents64(4, [pid 5069] lstat("./4/file0", [pid 5073] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5069] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] close(4 [pid 5271] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... close resumed>) = 0 [pid 5069] umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5271] <... futex resumed>) = 0 [pid 5073] rmdir("./4/file0" [pid 5271] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] <... rmdir resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5271] <... mmap resumed>) = 0x7f3928dce000 [pid 5069] <... openat resumed>) = 4 [pid 5271] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5069] fstat(4, [pid 5073] getdents64(3, [pid 5069] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5271] <... mprotect resumed>) = 0 [pid 5073] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5069] getdents64(4, [pid 5271] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5073] close(3 [pid 5069] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5073] <... close resumed>) = 0 [pid 5073] rmdir("./4" [pid 5069] getdents64(4, 0x555556136660 /* 0 entries */, 32768) = 0 [pid 5271] <... clone resumed>, parent_tid=[5276], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5276 [pid 5073] <... rmdir resumed>) = 0 [pid 5072] <... umount2 resumed>) = 0 [pid 5069] close(4 [pid 5072] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5271] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] mkdir("./5", 0777 [pid 5069] <... close resumed>) = 0 [pid 5271] <... futex resumed>) = 0 [pid 5073] <... mkdir resumed>) = 0 [ 56.907050][ T5270] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 56.944876][ T5270] EXT4-fs (loop0): 1 truncate cleaned up [ 56.950762][ T5268] __quota_error: 94 callbacks suppressed [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5271] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5073] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5072] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] rmdir("./4/file0" [pid 5072] <... openat resumed>) = 4 [pid 5072] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(4, [pid 5069] <... rmdir resumed>) = 0 [pid 5073] <... openat resumed>) = 3 [pid 5072] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5069] getdents64(3, [pid 5073] ioctl(3, LOOP_CLR_FD [pid 5072] getdents64(4, [pid 5073] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5072] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5069] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5073] close(3 [pid 5069] close(3 [pid 5073] <... close resumed>) = 0 [pid 5072] close(4) = 0 [pid 5072] rmdir("./5/file0") = 0 [pid 5072] getdents64(3, 0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5072] close(3) = 0 [pid 5072] rmdir("./5") = 0 [pid 5072] mkdir("./6", 0777 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5072] <... mkdir resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5072] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5069] rmdir("./4"./strace-static-x86_64: Process 5276 attached [pid 5073] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5277 [pid 5072] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5069] <... rmdir resumed>) = 0 [pid 5276] set_robust_list(0x7f3928dee9e0, 24 [pid 5072] close(3 [pid 5069] mkdir("./5", 0777 [pid 5276] <... set_robust_list resumed>) = 0 [pid 5072] <... close resumed>) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5278 attached ./strace-static-x86_64: Process 5277 attached [pid 5276] memfd_create("syzkaller", 0 [pid 5069] <... mkdir resumed>) = 0 [ 56.950771][ T5268] Quota error (device loop2): write_blk: dquota write failed [ 56.983710][ T5270] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5278] set_robust_list(0x55555612d5e0, 24 [pid 5277] set_robust_list(0x55555612d5e0, 24 [pid 5276] <... memfd_create resumed>) = 3 [pid 5072] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5278 [pid 5069] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5278] <... set_robust_list resumed>) = 0 [pid 5277] <... set_robust_list resumed>) = 0 [pid 5276] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5277] chdir("./5" [pid 5276] <... mmap resumed>) = 0x7f39209ce000 [pid 5069] <... openat resumed>) = 3 [pid 5278] chdir("./6" [pid 5277] <... chdir resumed>) = 0 [pid 5277] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5277] setpgid(0, 0 [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5277] <... setpgid resumed>) = 0 [pid 5277] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5069] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5277] <... openat resumed>) = 3 [pid 5069] close(3 [pid 5278] <... chdir resumed>) = 0 [pid 5277] write(3, "1000", 4 [pid 5276] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5277] <... write resumed>) = 4 [pid 5069] <... close resumed>) = 0 [pid 5277] close(3 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5277] <... close resumed>) = 0 [pid 5277] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5277] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5279 [pid 5277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3928dce000 ./strace-static-x86_64: Process 5279 attached [pid 5277] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5279] set_robust_list(0x55555612d5e0, 24 [pid 5277] <... mprotect resumed>) = 0 [pid 5279] <... set_robust_list resumed>) = 0 [pid 5277] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5279] chdir("./5") = 0 [pid 5278] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5277] <... clone resumed>, parent_tid=[5280], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5280 [pid 5276] <... write resumed>) = 262144 [pid 5279] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5277] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] <... prctl resumed>) = 0 [pid 5277] <... futex resumed>) = 0 [pid 5279] setpgid(0, 0 [pid 5277] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5279] <... setpgid resumed>) = 0 [pid 5278] <... prctl resumed>) = 0 [pid 5276] munmap(0x7f39209ce000, 262144./strace-static-x86_64: Process 5280 attached [pid 5279] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5280] set_robust_list(0x7f3928dee9e0, 24 [pid 5279] <... openat resumed>) = 3 [pid 5280] <... set_robust_list resumed>) = 0 [pid 5279] write(3, "1000", 4 [pid 5280] memfd_create("syzkaller", 0 [pid 5279] <... write resumed>) = 4 [pid 5278] setpgid(0, 0 [pid 5276] <... munmap resumed>) = 0 [pid 5280] <... memfd_create resumed>) = 3 [pid 5279] close(3 [pid 5278] <... setpgid resumed>) = 0 [pid 5276] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5280] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5279] <... close resumed>) = 0 [pid 5280] <... mmap resumed>) = 0x7f39209ce000 [pid 5279] symlink("/dev/binderfs", "./binderfs" [pid 5278] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5276] <... openat resumed>) = 4 [pid 5280] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5279] <... symlink resumed>) = 0 [pid 5278] <... openat resumed>) = 3 [pid 5276] ioctl(4, LOOP_SET_FD, 3 [pid 5280] <... write resumed>) = 262144 [pid 5279] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] write(3, "1000", 4 [pid 5279] <... futex resumed>) = 0 [pid 5279] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3928dce000 [pid 5279] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5279] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5280] munmap(0x7f39209ce000, 262144 [pid 5279] <... clone resumed>, parent_tid=[5281], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5281 [pid 5280] <... munmap resumed>) = 0 [pid 5279] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5279] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5280] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5280] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5281 attached ) = 0 [pid 5278] <... write resumed>) = 4 [pid 5276] <... ioctl resumed>) = 0 [pid 5278] close(3) = 0 [pid 5281] set_robust_list(0x7f3928dee9e0, 24 [pid 5278] symlink("/dev/binderfs", "./binderfs" [pid 5276] close(3 [pid 5278] <... symlink resumed>) = 0 [pid 5278] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... set_robust_list resumed>) = 0 [pid 5276] <... close resumed>) = 0 [pid 5278] <... futex resumed>) = 0 [pid 5278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3928dce000 [ 57.010486][ T5268] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 57.030696][ T5270] ext4 filesystem being mounted at /root/syzkaller.13SvPn/5/file0 supports timestamps until 2038 (0x7fffffff) [ 57.044928][ T5276] loop3: detected capacity change from 0 to 512 [ 57.050013][ T5280] loop5: detected capacity change from 0 to 512 [pid 5278] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5281] memfd_create("syzkaller", 0 [pid 5278] <... mprotect resumed>) = 0 [pid 5276] mkdir("./file0", 0777 [pid 5278] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5280] close(3 [pid 5278] <... clone resumed>, parent_tid=[5282], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5282 [pid 5280] <... close resumed>) = 0 [pid 5280] mkdir("./file0", 0777 [pid 5278] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5280] <... mkdir resumed>) = 0 [pid 5276] <... mkdir resumed>) = 0 [pid 5280] mount("/dev/loop5", "./file0", "ext4", MS_NODEV, ",errors=continue"./strace-static-x86_64: Process 5282 attached [pid 5281] <... memfd_create resumed>) = 3 [pid 5276] mount("/dev/loop3", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5270] <... mount resumed>) = 0 [pid 5270] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5282] set_robust_list(0x7f3928dee9e0, 24 [pid 5281] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5270] <... openat resumed>) = 3 [pid 5282] <... set_robust_list resumed>) = 0 [pid 5281] <... mmap resumed>) = 0x7f39209ce000 [pid 5270] chdir("./file0") = 0 [pid 5270] ioctl(4, LOOP_CLR_FD) = 0 [pid 5270] close(4) = 0 [pid 5270] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5270] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] <... futex resumed>) = 0 [pid 5261] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] <... futex resumed>) = 0 [ 57.063802][ T5268] EXT4-fs (loop2): 1 truncate cleaned up [ 57.079734][ T5268] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: writeback. [pid 5261] <... futex resumed>) = 1 [pid 5282] memfd_create("syzkaller", 0 [pid 5281] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5270] fspick(AT_FDCWD, ".", 0 [pid 5261] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] <... fspick resumed>) = 4 [pid 5282] <... memfd_create resumed>) = 3 [pid 5270] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5270] <... futex resumed>) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5270] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... mmap resumed>) = 0x7f39209ce000 [pid 5270] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5261] <... futex resumed>) = 0 [pid 5270] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5261] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] <... fsconfig resumed>) = 0 [pid 5270] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5281] <... write resumed>) = 262144 [pid 5270] <... futex resumed>) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5282] <... write resumed>) = 262144 [pid 5281] munmap(0x7f39209ce000, 262144 [pid 5282] munmap(0x7f39209ce000, 262144 [pid 5281] <... munmap resumed>) = 0 [pid 5282] <... munmap resumed>) = 0 [pid 5281] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5270] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5281] <... openat resumed>) = 4 [pid 5282] <... openat resumed>) = 4 [ 57.101000][ T5280] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 57.123881][ T5276] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 57.138796][ T5276] Quota error (device loop3): write_blk: dquota write failed [ 57.143988][ T5281] loop1: detected capacity change from 0 to 512 [ 57.146401][ T5276] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [pid 5281] ioctl(4, LOOP_SET_FD, 3 [pid 5282] ioctl(4, LOOP_SET_FD, 3 [pid 5270] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5268] <... mount resumed>) = 0 [pid 5261] <... futex resumed>) = 0 [pid 5270] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5268] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5261] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] <... openat resumed>) = 3 [pid 5268] chdir("./file0") = 0 [pid 5268] ioctl(4, LOOP_CLR_FD) = 0 [pid 5268] close(4) = 0 [pid 5268] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5264] <... futex resumed>) = 0 [pid 5268] fspick(AT_FDCWD, ".", 0 [pid 5264] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... fspick resumed>) = 4 [pid 5264] <... futex resumed>) = 0 [pid 5268] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] <... futex resumed>) = 0 [pid 5264] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5268] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5264] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... fsconfig resumed>) = 0 [pid 5264] <... futex resumed>) = 0 [pid 5268] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] <... futex resumed>) = 0 [pid 5264] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5268] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5264] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5264] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5281] <... ioctl resumed>) = 0 [pid 5281] close(3) = 0 [pid 5281] mkdir("./file0", 0777) = 0 [ 57.163798][ T5268] ext4 filesystem being mounted at /root/syzkaller.Lw0I6A/5/file0 supports timestamps until 2038 (0x7fffffff) [ 57.164324][ T5276] EXT4-fs (loop3): 1 truncate cleaned up [ 57.184758][ T5270] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 57.195802][ T5282] loop4: detected capacity change from 0 to 512 [ 57.205229][ T5280] Quota error (device loop5): write_blk: dquota write failed [pid 5281] mount("/dev/loop1", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5282] <... ioctl resumed>) = 0 [pid 5264] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5261] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5264] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] <... futex resumed>) = 0 [pid 5261] <... futex resumed>) = 0 [pid 5264] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5261] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5264] <... mmap resumed>) = 0x7f39209ed000 [pid 5261] <... mmap resumed>) = 0x7f39209ed000 [pid 5264] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5261] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5264] <... mprotect resumed>) = 0 [pid 5261] <... mprotect resumed>) = 0 [pid 5264] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5261] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5288], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5288 [pid 5261] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5261] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... clone resumed>, parent_tid=[5287], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5287 [pid 5264] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5264] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] close(3 [pid 5276] <... mount resumed>) = 0 [pid 5276] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5276] chdir("./file0") = 0 [pid 5276] ioctl(4, LOOP_CLR_FD) = 0 [pid 5276] close(4 [pid 5282] <... close resumed>) = 0 [pid 5276] <... close resumed>) = 0 [pid 5276] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] <... futex resumed>) = 0 [pid 5271] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5271] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] mkdir("./file0", 0777 [pid 5276] <... futex resumed>) = 1 [pid 5276] fspick(AT_FDCWD, ".", 0) = 4 [pid 5276] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5271] <... futex resumed>) = 0 [pid 5276] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5271] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... fsconfig resumed>) = 0 [pid 5271] <... futex resumed>) = 0 [pid 5276] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... futex resumed>) = 0 [pid 5271] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5276] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5271] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5288 attached ./strace-static-x86_64: Process 5287 attached [pid 5282] <... mkdir resumed>) = 0 [pid 5271] <... futex resumed>) = 0 [pid 5270] <... fsconfig resumed>) = 0 [ 57.214236][ T5280] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 57.214335][ T5268] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 57.224772][ T5276] ext4 filesystem being mounted at /root/syzkaller.m4jObD/5/file0 supports timestamps until 2038 (0x7fffffff) [ 57.241057][ T5280] EXT4-fs (loop5): 1 truncate cleaned up [pid 5271] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] set_robust_list(0x7f3920a0d9e0, 24 [pid 5287] set_robust_list(0x7f3920a0d9e0, 24 [pid 5282] mount("/dev/loop4", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5270] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5288] <... set_robust_list resumed>) = 0 [pid 5270] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5288] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5287] <... set_robust_list resumed>) = 0 [pid 5268] <... fsconfig resumed>) = 0 [pid 5268] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5264] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5261] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5264] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] <... futex resumed>) = 0 [pid 5264] <... futex resumed>) = 1 [pid 5261] <... futex resumed>) = 1 [pid 5268] openat(AT_FDCWD, ".", O_RDONLY [pid 5264] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5268] <... openat resumed>) = 5 [pid 5268] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5264] <... futex resumed>) = 0 [pid 5268] mkdirat(5, "./bus", 000 [pid 5264] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5264] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] <... mount resumed>) = 0 [pid 5280] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5280] chdir("./file0") = 0 [pid 5280] ioctl(4, LOOP_CLR_FD) = 0 [ 57.282639][ T5288] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 57.291903][ T5280] ext4 filesystem being mounted at /root/syzkaller.336SfN/5/file0 supports timestamps until 2038 (0x7fffffff) [ 57.302861][ T5281] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 57.318371][ T5287] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [pid 5280] close(4) = 0 [pid 5280] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] <... futex resumed>) = 1 [pid 5280] fspick(AT_FDCWD, ".", 0) = 4 [pid 5280] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] <... futex resumed>) = 1 [pid 5280] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 5280] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] <... futex resumed>) = 1 [pid 5280] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5270] <... futex resumed>) = 0 [pid 5271] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5270] openat(AT_FDCWD, ".", O_RDONLY [pid 5268] <... mkdirat resumed>) = -1 EROFS (Read-only file system) [pid 5271] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] <... futex resumed>) = 0 [pid 5268] <... futex resumed>) = 1 [pid 5264] <... futex resumed>) = 0 [pid 5271] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5268] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5271] <... mmap resumed>) = 0x7f39209ed000 [pid 5271] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5271] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5293], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5293 [pid 5271] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5271] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... fsconfig resumed>) = 0 [pid 5270] <... openat resumed>) = 5 [pid 5276] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 0 [pid 5270] <... futex resumed>) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5276] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5270] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5261] <... futex resumed>) = 0 [pid 5270] mkdirat(5, "./bus", 000 [pid 5261] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] <... mkdirat resumed>) = 0 [pid 5270] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5261] <... futex resumed>) = 0 [pid 5270] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5293 attached [pid 5293] set_robust_list(0x7f3920a0d9e0, 24) = 0 [ 57.330147][ T5276] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 57.342958][ T5281] Quota error (device loop1): write_blk: dquota write failed [ 57.351387][ T5281] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 57.371786][ T5280] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5293] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5277] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5271] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5277] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... futex resumed>) = 0 [pid 5276] <... futex resumed>) = 0 [pid 5271] <... futex resumed>) = 1 [pid 5277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5276] openat(AT_FDCWD, ".", O_RDONLY [pid 5271] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] <... mmap resumed>) = 0x7f39209ed000 [pid 5276] <... openat resumed>) = 5 [pid 5277] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5276] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... mprotect resumed>) = 0 [pid 5276] <... futex resumed>) = 1 [pid 5271] <... futex resumed>) = 0 [pid 5277] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5276] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5271] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5271] <... futex resumed>) = 0 [pid 5277] <... clone resumed>, parent_tid=[5296], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5296 [pid 5276] mkdirat(5, "./bus", 000 [pid 5271] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5277] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... mkdirat resumed>) = -1 EROFS (Read-only file system) [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5287] <... fsconfig resumed>) = 0 [pid 5276] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5271] <... futex resumed>) = 0 [pid 5287] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] exit_group(0 [pid 5268] <... futex resumed>) = ? [pid 5264] <... exit_group resumed>) = ? [pid 5268] +++ exited with 0 +++ [pid 5287] <... futex resumed>) = ? [pid 5287] +++ exited with 0 +++ [pid 5264] +++ exited with 0 +++ [ 57.372100][ T5293] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 57.382493][ T5282] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 57.406332][ T5287] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 57.406830][ T5281] EXT4-fs (loop1): 1 truncate cleaned up [pid 5276] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5296 attached [pid 5288] <... fsconfig resumed>) = 0 [pid 5280] <... fsconfig resumed>) = 0 [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5264, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5296] set_robust_list(0x7f3920a0d9e0, 24 [pid 5288] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5296] <... set_robust_list resumed>) = 0 [pid 5288] <... futex resumed>) = 0 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5261] exit_group(0 [pid 5070] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5270] <... futex resumed>) = ? [pid 5261] <... exit_group resumed>) = ? [pid 5070] <... openat resumed>) = 3 [pid 5270] +++ exited with 0 +++ [pid 5070] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(3, 0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5296] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5280] <... futex resumed>) = 0 [pid 5070] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] unlink("./5/binderfs") = 0 [pid 5070] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5281] <... mount resumed>) = 0 [pid 5281] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5277] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5288] +++ exited with 0 +++ [pid 5280] openat(AT_FDCWD, ".", O_RDONLY [pid 5277] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] +++ exited with 0 +++ [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5281] <... openat resumed>) = 3 [pid 5281] chdir("./file0") = 0 [pid 5281] ioctl(4, LOOP_CLR_FD) = 0 [pid 5281] close(4 [pid 5280] <... openat resumed>) = 5 [ 57.424446][ T5288] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 57.437447][ T5281] ext4 filesystem being mounted at /root/syzkaller.Umn7fv/5/file0 supports timestamps until 2038 (0x7fffffff) [ 57.450962][ T5282] Quota error (device loop4): write_blk: dquota write failed [ 57.460271][ T5296] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 57.471979][ T5293] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5293] <... fsconfig resumed>) = 0 [pid 5281] <... close resumed>) = 0 [pid 5280] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5261, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5293] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... futex resumed>) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5271] exit_group(0 [pid 5068] restart_syscall(<... resuming interrupted clone ...> [pid 5293] <... futex resumed>) = ? [pid 5280] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = ? [pid 5271] <... exit_group resumed>) = ? [pid 5068] <... restart_syscall resumed>) = 0 [pid 5293] +++ exited with 0 +++ [pid 5280] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5277] <... futex resumed>) = 0 [pid 5276] +++ exited with 0 +++ [pid 5280] mkdirat(5, "./bus", 000 [pid 5277] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5068] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5068] getdents64(3, 0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5068] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] lstat("./5/binderfs", [pid 5271] +++ exited with 0 +++ [pid 5068] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5281] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] unlink("./5/binderfs" [pid 5281] <... futex resumed>) = 1 [pid 5279] <... futex resumed>) = 0 [pid 5071] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5271, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5280] <... mkdirat resumed>) = 0 [pid 5281] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5279] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] restart_syscall(<... resuming interrupted clone ...> [pid 5068] <... unlink resumed>) = 0 [pid 5281] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5279] <... futex resumed>) = 0 [pid 5071] <... restart_syscall resumed>) = 0 [pid 5281] fspick(AT_FDCWD, ".", 0 [pid 5279] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5281] <... fspick resumed>) = 4 [pid 5281] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5281] <... futex resumed>) = 1 [pid 5279] <... futex resumed>) = 0 [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5281] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5279] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5281] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5279] <... futex resumed>) = 0 [pid 5071] <... openat resumed>) = 3 [pid 5070] <... umount2 resumed>) = 0 [pid 5281] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5280] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] fstat(3, [pid 5281] <... fsconfig resumed>) = 0 [pid 5071] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5281] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] getdents64(3, [pid 5281] <... futex resumed>) = 1 [pid 5279] <... futex resumed>) = 0 [pid 5071] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5281] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5279] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5281] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5279] <... futex resumed>) = 0 [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5281] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5279] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 57.484135][ T5282] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 57.518304][ T5296] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5071] lstat("./5/binderfs", [pid 5296] <... fsconfig resumed>) = 0 [pid 5280] <... futex resumed>) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5071] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5070] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5071] unlink("./5/binderfs") = 0 [pid 5071] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5280] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5296] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... mount resumed>) = 0 [pid 5070] lstat("./5/file0", [pid 5068] <... umount2 resumed>) = 0 [pid 5068] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5068] lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5068] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5296] <... futex resumed>) = 0 [pid 5277] exit_group(0 [pid 5296] exit_group(0 [pid 5277] <... exit_group resumed>) = ? [pid 5070] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5280] <... futex resumed>) = ? [pid 5296] <... exit_group resumed>) = ? [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5280] +++ exited with 0 +++ [pid 5068] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5068] fstat(4, [pid 5296] +++ exited with 0 +++ [pid 5277] +++ exited with 0 +++ [pid 5070] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5068] getdents64(4, [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5277, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5068] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5073] restart_syscall(<... resuming interrupted clone ...> [pid 5068] getdents64(4, [pid 5073] <... restart_syscall resumed>) = 0 [pid 5068] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5068] close(4) = 0 [pid 5073] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] rmdir("./5/file0" [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... rmdir resumed>) = 0 [pid 5073] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5070] <... openat resumed>) = 4 [pid 5068] getdents64(3, [pid 5073] <... openat resumed>) = 3 [pid 5068] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5073] fstat(3, [pid 5068] close(3 [pid 5279] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5073] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] fstat(4, [pid 5068] <... close resumed>) = 0 [pid 5279] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] getdents64(3, [pid 5068] rmdir("./5" [pid 5281] <... fsconfig resumed>) = 0 [pid 5282] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5279] <... futex resumed>) = 0 [pid 5073] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5071] <... umount2 resumed>) = 0 [pid 5070] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5281] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5073] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] mkdir("./6", 0777 [pid 5282] <... openat resumed>) = 3 [pid 5281] <... futex resumed>) = 0 [pid 5279] <... mmap resumed>) = 0x7f39209ed000 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5071] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] getdents64(4, [pid 5068] <... mkdir resumed>) = 0 [pid 5281] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5279] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5073] lstat("./5/binderfs", [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5279] <... mprotect resumed>) = 0 [pid 5073] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... openat resumed>) = 3 [pid 5282] chdir("./file0" [pid 5279] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5073] unlink("./5/binderfs" [pid 5071] lstat("./5/file0", [pid 5070] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5282] <... chdir resumed>) = 0 [pid 5073] <... unlink resumed>) = 0 [pid 5071] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, [pid 5068] <... ioctl resumed>) = -1 ENXIO (No such device or address) ./strace-static-x86_64: Process 5299 attached [pid 5282] ioctl(4, LOOP_CLR_FD [pid 5279] <... clone resumed>, parent_tid=[5299], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5299 [ 57.530599][ T5281] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 57.541155][ T5282] EXT4-fs (loop4): 1 truncate cleaned up [ 57.548145][ T5282] ext4 filesystem being mounted at /root/syzkaller.OeA2WI/6/file0 supports timestamps until 2038 (0x7fffffff) [pid 5073] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5071] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5068] close(3 [pid 5282] <... ioctl resumed>) = 0 [pid 5279] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] close(4 [pid 5068] <... close resumed>) = 0 [pid 5279] <... futex resumed>) = 0 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5282] close(4 [pid 5279] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5070] <... close resumed>) = 0 [pid 5299] set_robust_list(0x7f3920a0d9e0, 24 [pid 5282] <... close resumed>) = 0 [pid 5068] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5300 [pid 5299] <... set_robust_list resumed>) = 0 [pid 5299] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5282] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... openat resumed>) = 4 [pid 5070] rmdir("./5/file0" [pid 5282] <... futex resumed>) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5071] fstat(4, [pid 5282] fspick(AT_FDCWD, ".", 0 [pid 5278] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] <... rmdir resumed>) = 0 [pid 5282] <... fspick resumed>) = 4 [pid 5278] <... futex resumed>) = 0 [pid 5071] getdents64(4, [pid 5070] getdents64(3, [pid 5282] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5070] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5282] <... futex resumed>) = 0 [pid 5278] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5071] getdents64(4, [pid 5282] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5278] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... umount2 resumed>) = 0 [pid 5070] close(3 [pid 5282] <... fsconfig resumed>) = 0 [pid 5278] <... futex resumed>) = 0 [pid 5073] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5071] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5070] <... close resumed>) = 0 [pid 5282] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5071] close(4 [pid 5070] rmdir("./5" [pid 5282] <... futex resumed>) = 0 [pid 5278] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5073] lstat("./5/file0", [pid 5071] <... close resumed>) = 0 [pid 5282] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5278] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5071] rmdir("./5/file0" [pid 5070] <... rmdir resumed>) = 0 [pid 5278] <... futex resumed>) = 0 [pid 5073] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5073] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5278] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... openat resumed>) = 4 [pid 5073] fstat(4, [pid 5071] <... rmdir resumed>) = 0 [pid 5070] mkdir("./6", 0777 [pid 5073] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5071] getdents64(3, [pid 5073] getdents64(4, 0x555556136660 /* 2 entries */, 32768) = 48 [pid 5071] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5070] <... mkdir resumed>) = 0 [pid 5073] getdents64(4, 0x555556136660 /* 0 entries */, 32768) = 0 [pid 5071] close(3 [pid 5070] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5073] close(4 [pid 5071] <... close resumed>) = 0 [pid 5073] <... close resumed>) = 0 [pid 5071] rmdir("./5" [pid 5070] <... openat resumed>) = 3 [pid 5073] rmdir("./5/file0") = 0 [pid 5071] <... rmdir resumed>) = 0 [pid 5070] ioctl(3, LOOP_CLR_FD [pid 5073] getdents64(3, [pid 5071] mkdir("./6", 0777 [pid 5070] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5073] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5073] close(3 [pid 5071] <... mkdir resumed>) = 0 [pid 5070] close(3 [pid 5073] <... close resumed>) = 0 [pid 5071] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5070] <... close resumed>) = 0 [pid 5073] rmdir("./5" [pid 5071] <... openat resumed>) = 3 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5073] <... rmdir resumed>) = 0 [ 57.604776][ T5299] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 57.642517][ T5282] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5073] mkdir("./6", 0777) = 0 [pid 5071] ioctl(3, LOOP_CLR_FD [pid 5073] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 5073] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5073] close(3) = 0 [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555612d5d0) = 5303 ./strace-static-x86_64: Process 5302 attached ./strace-static-x86_64: Process 5300 attached [pid 5282] <... fsconfig resumed>) = 0 [pid 5279] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5071] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5070] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5302 [pid 5302] set_robust_list(0x55555612d5e0, 24 [pid 5300] set_robust_list(0x55555612d5e0, 24 [pid 5282] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] close(3 [pid 5281] <... futex resumed>) = 0 [pid 5279] <... futex resumed>) = 1 ./strace-static-x86_64: Process 5303 attached [pid 5281] openat(AT_FDCWD, ".", O_RDONLY [pid 5279] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5303] set_robust_list(0x55555612d5e0, 24 [pid 5302] <... set_robust_list resumed>) = 0 [pid 5300] <... set_robust_list resumed>) = 0 [pid 5282] <... futex resumed>) = 1 [pid 5281] <... openat resumed>) = 5 [pid 5278] <... futex resumed>) = 0 [pid 5071] <... close resumed>) = 0 [pid 5303] <... set_robust_list resumed>) = 0 [pid 5302] chdir("./6" [pid 5300] chdir("./6" [pid 5282] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5303] chdir("./6" [pid 5302] <... chdir resumed>) = 0 [pid 5300] <... chdir resumed>) = 0 [pid 5282] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5281] <... futex resumed>) = 1 [pid 5279] <... futex resumed>) = 0 [pid 5278] <... futex resumed>) = 0 [pid 5303] <... chdir resumed>) = 0 [pid 5302] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5300] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5282] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5281] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5279] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5303] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5302] <... prctl resumed>) = 0 [pid 5300] <... prctl resumed>) = 0 [pid 5281] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5279] <... futex resumed>) = 0 [pid 5303] <... prctl resumed>) = 0 [pid 5281] mkdirat(5, "./bus", 000 [pid 5279] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5303] setpgid(0, 0 [pid 5281] <... mkdirat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5303] <... setpgid resumed>) = 0 [pid 5281] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5281] <... futex resumed>) = 1 [pid 5279] <... futex resumed>) = 0 [pid 5303] <... openat resumed>) = 3 [pid 5281] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] write(3, "1000", 4) = 4 [pid 5303] close(3) = 0 [pid 5303] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5303] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3928dce000 [pid 5302] setpgid(0, 0 [pid 5300] setpgid(0, 0 [pid 5071] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5304 [pid 5303] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5302] <... setpgid resumed>) = 0 [pid 5300] <... setpgid resumed>) = 0 [pid 5303] <... mprotect resumed>) = 0 [pid 5302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5303] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5302] <... openat resumed>) = 3 [pid 5302] write(3, "1000", 4 [pid 5300] <... openat resumed>) = 3 [pid 5303] <... clone resumed>, parent_tid=[5305], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5305 [pid 5302] <... write resumed>) = 4 [pid 5300] write(3, "1000", 4 [pid 5303] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] close(3 [pid 5300] <... write resumed>) = 4 [pid 5303] <... futex resumed>) = 0 [pid 5303] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5302] <... close resumed>) = 0 [pid 5300] close(3 [pid 5302] symlink("/dev/binderfs", "./binderfs" [pid 5300] <... close resumed>) = 0 [pid 5299] <... fsconfig resumed>) = 0 [pid 5299] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... symlink resumed>) = 0 [pid 5300] symlink("/dev/binderfs", "./binderfs" [pid 5299] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5305 attached [pid 5302] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] <... symlink resumed>) = 0 [pid 5299] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5279] exit_group(0 [pid 5305] set_robust_list(0x7f3928dee9e0, 24 [pid 5302] <... futex resumed>) = 0 [pid 5300] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = ? [pid 5281] <... futex resumed>) = ? [pid 5279] <... exit_group resumed>) = ? [pid 5305] <... set_robust_list resumed>) = 0 [pid 5302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5300] <... futex resumed>) = 0 [pid 5299] +++ exited with 0 +++ [pid 5281] +++ exited with 0 +++ [pid 5279] +++ exited with 0 +++ [pid 5305] memfd_create("syzkaller", 0 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5279, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- [pid 5305] <... memfd_create resumed>) = 3 [pid 5305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5305] <... mmap resumed>) = 0x7f39209ce000 [pid 5302] <... mmap resumed>) = 0x7f3928dce000 [pid 5069] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5305] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5302] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5300] <... mmap resumed>) = 0x7f3928dce000 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5305] <... write resumed>) = 262144 [pid 5302] <... mprotect resumed>) = 0 [pid 5300] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5069] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5302] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5300] <... mprotect resumed>) = 0 [pid 5069] <... openat resumed>) = 3 [pid 5305] munmap(0x7f39209ce000, 262144 [pid 5069] fstat(3, [pid 5305] <... munmap resumed>) = 0 [pid 5302] <... clone resumed>, parent_tid=[5306], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5306 [pid 5300] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5069] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5305] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5302] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] getdents64(3, [pid 5305] <... openat resumed>) = 4 [pid 5302] <... futex resumed>) = 0 [pid 5069] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 5306 attached ./strace-static-x86_64: Process 5304 attached [pid 5305] ioctl(4, LOOP_SET_FD, 3 [pid 5302] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5300] <... clone resumed>, parent_tid=[5307], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5307 [ 57.647232][ T5299] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 57.681883][ T5282] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [pid 5069] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5307 attached [pid 5306] set_robust_list(0x7f3928dee9e0, 24 [pid 5304] set_robust_list(0x55555612d5e0, 24 [pid 5300] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5307] set_robust_list(0x7f3928dee9e0, 24 [pid 5306] <... set_robust_list resumed>) = 0 [pid 5304] <... set_robust_list resumed>) = 0 [pid 5300] <... futex resumed>) = 0 [pid 5069] lstat("./5/binderfs", [pid 5307] <... set_robust_list resumed>) = 0 [pid 5306] memfd_create("syzkaller", 0 [pid 5304] chdir("./6" [pid 5300] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5069] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5307] memfd_create("syzkaller", 0 [pid 5306] <... memfd_create resumed>) = 3 [pid 5304] <... chdir resumed>) = 0 [pid 5069] unlink("./5/binderfs" [pid 5307] <... memfd_create resumed>) = 3 [pid 5306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5304] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5069] <... unlink resumed>) = 0 [pid 5307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5306] <... mmap resumed>) = 0x7f39209ce000 [pid 5304] <... prctl resumed>) = 0 [pid 5069] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5307] <... mmap resumed>) = 0x7f39209ce000 [pid 5306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5304] setpgid(0, 0 [pid 5307] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5306] <... write resumed>) = 262144 [pid 5304] <... setpgid resumed>) = 0 [pid 5278] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5307] <... write resumed>) = 262144 [pid 5306] munmap(0x7f39209ce000, 262144 [pid 5304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5278] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5307] munmap(0x7f39209ce000, 262144 [pid 5306] <... munmap resumed>) = 0 [pid 5305] <... ioctl resumed>) = 0 [pid 5304] <... openat resumed>) = 3 [pid 5278] <... futex resumed>) = 0 [pid 5307] <... munmap resumed>) = 0 [pid 5306] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5305] close(3 [pid 5307] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5306] <... openat resumed>) = 4 [pid 5305] <... close resumed>) = 0 [pid 5307] <... openat resumed>) = 4 [pid 5306] ioctl(4, LOOP_SET_FD, 3 [ 57.717259][ T5305] loop5: detected capacity change from 0 to 512 [ 57.749791][ T5282] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 57.752535][ T5306] loop2: detected capacity change from 0 to 512 [pid 5305] mkdir("./file0", 0777 [pid 5307] ioctl(4, LOOP_SET_FD, 3 [pid 5305] <... mkdir resumed>) = 0 [pid 5304] write(3, "1000", 4 [pid 5278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5305] mount("/dev/loop5", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5304] <... write resumed>) = 4 [pid 5282] <... fsconfig resumed>) = 0 [pid 5278] <... mmap resumed>) = 0x7f39209ed000 [pid 5304] close(3 [pid 5278] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5304] <... close resumed>) = 0 [pid 5307] <... ioctl resumed>) = 0 [pid 5307] close(3) = 0 [pid 5307] mkdir("./file0", 0777 [pid 5304] symlink("/dev/binderfs", "./binderfs" [pid 5278] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5304] <... symlink resumed>) = 0 [pid 5304] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... clone resumed>, parent_tid=[5309], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5309 [pid 5304] <... futex resumed>) = 0 [pid 5278] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5307] <... mkdir resumed>) = 0 [pid 5307] mount("/dev/loop0", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5304] <... mmap resumed>) = 0x7f3928dce000 [pid 5304] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5304] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5311], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5311 [pid 5304] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5309 attached ) = 0 [pid 5282] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... umount2 resumed>) = 0 [pid 5309] set_robust_list(0x7f3920a0d9e0, 24 [pid 5304] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5282] <... futex resumed>) = 0 [pid 5069] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5309] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 5311 attached [pid 5309] openat(AT_FDCWD, ".", O_RDONLY [pid 5282] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5311] set_robust_list(0x7f3928dee9e0, 24) = 0 [pid 5311] memfd_create("syzkaller", 0) = 3 [pid 5309] <... openat resumed>) = 5 [pid 5069] lstat("./5/file0", [pid 5311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5309] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... mmap resumed>) = 0x7f39209ce000 [pid 5309] <... futex resumed>) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5069] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 57.767900][ T5307] loop0: detected capacity change from 0 to 512 [pid 5311] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5309] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5306] <... ioctl resumed>) = 0 [pid 5278] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5306] close(3 [pid 5282] <... futex resumed>) = 0 [pid 5278] <... futex resumed>) = 1 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5306] <... close resumed>) = 0 [pid 5282] mkdirat(5, "./bus", 000 [pid 5278] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5069] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5306] mkdir("./file0", 0777 [pid 5069] <... openat resumed>) = 4 [pid 5306] <... mkdir resumed>) = 0 [pid 5282] <... mkdirat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5069] fstat(4, [pid 5306] mount("/dev/loop2", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5069] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5069] getdents64(4, 0x555556136660 /* 2 entries */, 32768) = 48 [pid 5282] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [ 57.817653][ T5305] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 57.834683][ T5307] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 57.853208][ T5307] EXT4-fs (loop0): 1 truncate cleaned up [ 57.861025][ T5305] EXT4-fs (loop5): 1 truncate cleaned up [pid 5069] getdents64(4, [pid 5311] <... write resumed>) = 262144 [pid 5282] <... futex resumed>) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5069] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5069] close(4) = 0 [pid 5069] rmdir("./5/file0") = 0 [pid 5069] getdents64(3, 0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5069] close(3) = 0 [pid 5069] rmdir("./5") = 0 [pid 5069] mkdir("./6", 0777) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5069] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5311] munmap(0x7f39209ce000, 262144 [pid 5282] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] exit_group(0 [pid 5311] <... munmap resumed>) = 0 [pid 5309] <... futex resumed>) = ? [pid 5282] <... futex resumed>) = ? [pid 5278] <... exit_group resumed>) = ? [pid 5311] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5309] +++ exited with 0 +++ [pid 5282] +++ exited with 0 +++ [pid 5278] +++ exited with 0 +++ [pid 5311] <... openat resumed>) = 4 [pid 5311] ioctl(4, LOOP_SET_FD, 3 [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5278, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- [pid 5307] <... mount resumed>) = 0 [pid 5305] <... mount resumed>) = 0 [pid 5069] close(3 [pid 5307] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5305] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5072] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... close resumed>) = 0 [pid 5307] <... openat resumed>) = 3 [pid 5305] <... openat resumed>) = 3 [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5307] chdir("./file0" [pid 5305] chdir("./file0" [pid 5307] <... chdir resumed>) = 0 [pid 5305] <... chdir resumed>) = 0 [pid 5069] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5317 [pid 5311] <... ioctl resumed>) = 0 [pid 5307] ioctl(4, LOOP_CLR_FD [pid 5305] ioctl(4, LOOP_CLR_FD [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5072] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 5317 attached [ 57.868760][ T5305] ext4 filesystem being mounted at /root/syzkaller.336SfN/6/file0 supports timestamps until 2038 (0x7fffffff) [ 57.881009][ T5307] ext4 filesystem being mounted at /root/syzkaller.13SvPn/6/file0 supports timestamps until 2038 (0x7fffffff) [ 57.886176][ T5311] loop3: detected capacity change from 0 to 512 [ 57.904501][ T5306] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [pid 5311] close(3 [pid 5307] <... ioctl resumed>) = 0 [pid 5305] <... ioctl resumed>) = 0 [pid 5072] <... openat resumed>) = 3 [pid 5317] set_robust_list(0x55555612d5e0, 24 [pid 5311] <... close resumed>) = 0 [pid 5307] close(4 [pid 5305] close(4 [pid 5317] <... set_robust_list resumed>) = 0 [pid 5311] mkdir("./file0", 0777 [pid 5307] <... close resumed>) = 0 [pid 5305] <... close resumed>) = 0 [pid 5317] chdir("./6" [pid 5311] <... mkdir resumed>) = 0 [pid 5307] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] fstat(3, [pid 5317] <... chdir resumed>) = 0 [pid 5311] mount("/dev/loop3", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5307] <... futex resumed>) = 1 [pid 5305] <... futex resumed>) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5300] <... futex resumed>) = 0 [pid 5317] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5307] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5305] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5300] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... prctl resumed>) = 0 [pid 5307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5300] <... futex resumed>) = 0 [pid 5317] setpgid(0, 0 [pid 5307] fspick(AT_FDCWD, ".", 0 [pid 5300] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5317] <... setpgid resumed>) = 0 [pid 5307] <... fspick resumed>) = 4 [pid 5317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5307] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... openat resumed>) = 3 [pid 5307] <... futex resumed>) = 1 [pid 5300] <... futex resumed>) = 0 [pid 5072] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5317] write(3, "1000", 4 [pid 5307] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] getdents64(3, [pid 5317] <... write resumed>) = 4 [pid 5307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5305] <... futex resumed>) = 0 [pid 5303] <... futex resumed>) = 1 [pid 5300] <... futex resumed>) = 0 [pid 5072] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5317] close(3 [pid 5307] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5305] fspick(AT_FDCWD, ".", 0 [pid 5303] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5317] <... close resumed>) = 0 [pid 5307] <... fsconfig resumed>) = 0 [pid 5305] <... fspick resumed>) = 4 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5317] symlink("/dev/binderfs", "./binderfs" [ 57.922557][ T5306] EXT4-fs (loop2): 1 truncate cleaned up [ 57.933820][ T5306] ext4 filesystem being mounted at /root/syzkaller.Lw0I6A/6/file0 supports timestamps until 2038 (0x7fffffff) [pid 5307] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] <... mount resumed>) = 0 [pid 5305] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] lstat("./6/binderfs", [pid 5317] <... symlink resumed>) = 0 [pid 5307] <... futex resumed>) = 1 [pid 5306] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5305] <... futex resumed>) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5300] <... futex resumed>) = 0 [pid 5072] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5306] <... openat resumed>) = 3 [pid 5072] unlink("./6/binderfs" [pid 5306] chdir("./file0" [pid 5072] <... unlink resumed>) = 0 [pid 5306] <... chdir resumed>) = 0 [pid 5072] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5306] ioctl(4, LOOP_CLR_FD) = 0 [pid 5306] close(4) = 0 [pid 5306] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5306] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5300] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5302] <... futex resumed>) = 0 [pid 5317] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5300] <... futex resumed>) = 0 [pid 5302] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... futex resumed>) = 0 [pid 5307] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5305] <... fsconfig resumed>) = 0 [pid 5303] <... futex resumed>) = 0 [pid 5300] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] <... futex resumed>) = 1 [pid 5306] <... futex resumed>) = 0 [ 57.961955][ T5311] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [pid 5306] fspick(AT_FDCWD, ".", 0 [pid 5303] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] <... fspick resumed>) = 4 [pid 5305] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5306] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... futex resumed>) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5306] <... futex resumed>) = 0 [pid 5305] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5303] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... mmap resumed>) = 0x7f3928dce000 [pid 5306] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5303] <... futex resumed>) = 0 [pid 5302] <... futex resumed>) = 0 [pid 5303] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] <... fsconfig resumed>) = 0 [pid 5302] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5306] <... futex resumed>) = 1 [pid 5302] <... futex resumed>) = 0 [pid 5302] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5317] <... mprotect resumed>) = 0 [pid 5302] <... futex resumed>) = 0 [pid 5302] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5317] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5320 attached [pid 5320] set_robust_list(0x7f3928dee9e0, 24) = 0 [pid 5320] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] <... clone resumed>, parent_tid=[5320], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5320 [pid 5317] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... fsconfig resumed>) = 0 [pid 5305] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] <... fsconfig resumed>) = 0 [pid 5307] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5307] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5300] <... futex resumed>) = 0 [pid 5320] <... futex resumed>) = 0 [pid 5317] <... futex resumed>) = 1 [pid 5320] memfd_create("syzkaller", 0 [pid 5317] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5320] <... memfd_create resumed>) = 3 [pid 5320] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f39209ce000 [pid 5320] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [ 57.997052][ T5307] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 58.012169][ T5305] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 58.025274][ T5311] EXT4-fs (loop3): 1 truncate cleaned up [ 58.031249][ T5306] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5300] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... futex resumed>) = 0 [pid 5302] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5300] <... futex resumed>) = 1 [pid 5303] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] <... futex resumed>) = 0 [pid 5303] <... futex resumed>) = 1 [pid 5302] <... futex resumed>) = 0 [pid 5305] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5303] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5320] <... write resumed>) = 262144 [pid 5311] <... mount resumed>) = 0 [pid 5307] <... futex resumed>) = 0 [pid 5306] <... fsconfig resumed>) = 0 [pid 5302] <... mmap resumed>) = 0x7f39209ed000 [pid 5072] <... umount2 resumed>) = 0 [pid 5302] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5320] munmap(0x7f39209ce000, 262144 [pid 5311] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5307] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5306] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... mprotect resumed>) = 0 [pid 5072] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5302] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5320] <... munmap resumed>) = 0 [pid 5302] <... clone resumed>, parent_tid=[5321], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5321 [pid 5311] <... openat resumed>) = 3 [pid 5302] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5321 attached [pid 5321] set_robust_list(0x7f3920a0d9e0, 24) = 0 [pid 5321] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5320] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5311] chdir("./file0" [pid 5306] <... futex resumed>) = 0 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5320] <... openat resumed>) = 4 [pid 5311] <... chdir resumed>) = 0 [pid 5306] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 58.051553][ T5311] ext4 filesystem being mounted at /root/syzkaller.m4jObD/6/file0 supports timestamps until 2038 (0x7fffffff) [ 58.060339][ T5305] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 58.077337][ T5307] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 58.078427][ T5321] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [pid 5072] lstat("./6/file0", [pid 5320] ioctl(4, LOOP_SET_FD, 3 [pid 5311] ioctl(4, LOOP_CLR_FD [pid 5072] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5320] <... ioctl resumed>) = 0 [pid 5311] <... ioctl resumed>) = 0 [pid 5072] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5320] close(3 [pid 5311] close(4 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5320] <... close resumed>) = 0 [pid 5311] <... close resumed>) = 0 [pid 5072] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5311] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... openat resumed>) = 4 [pid 5311] <... futex resumed>) = 1 [pid 5072] fstat(4, [pid 5311] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5304] <... futex resumed>) = 0 [pid 5300] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5072] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5304] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5304] <... futex resumed>) = 1 [pid 5300] <... futex resumed>) = 0 [pid 5072] getdents64(4, [pid 5320] mkdir("./file0", 0777 [pid 5311] fspick(AT_FDCWD, ".", 0 [pid 5304] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5072] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5320] <... mkdir resumed>) = 0 [pid 5311] <... fspick resumed>) = 4 [pid 5300] <... mmap resumed>) = 0x7f39209ed000 [ 58.092321][ T5320] loop1: detected capacity change from 0 to 512 [pid 5072] getdents64(4, [pid 5320] mount("/dev/loop1", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5311] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5072] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5311] <... futex resumed>) = 1 [pid 5304] <... futex resumed>) = 0 [pid 5300] <... mprotect resumed>) = 0 [pid 5072] close(4 [pid 5311] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5304] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... close resumed>) = 0 [pid 5311] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5304] <... futex resumed>) = 0 [pid 5072] rmdir("./6/file0" [pid 5311] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5304] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5072] <... rmdir resumed>) = 0 [pid 5311] <... fsconfig resumed>) = 0 [pid 5303] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5072] getdents64(3, [pid 5311] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5311] <... futex resumed>) = 1 [pid 5304] <... futex resumed>) = 0 [pid 5072] close(3 [pid 5311] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5304] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... close resumed>) = 0 [pid 5311] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5304] <... futex resumed>) = 0 [pid 5072] rmdir("./6" [pid 5311] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5304] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5072] <... rmdir resumed>) = 0 [pid 5072] mkdir("./7", 0777) = 0 [pid 5072] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5072] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5072] close(3) = 0 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555612d5d0) = 5325 [pid 5302] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5303] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... futex resumed>) = 0 [pid 5306] <... futex resumed>) = 0 [pid 5302] <... futex resumed>) = 1 [pid 5300] <... clone resumed>, parent_tid=[5326], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5326 [pid 5306] openat(AT_FDCWD, ".", O_RDONLY [pid 5303] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5302] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] <... openat resumed>) = 5 [pid 5306] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5306] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] <... mmap resumed>) = 0x7f39209ed000 [pid 5302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5300] <... futex resumed>) = 0 [pid 5303] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5302] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5326 attached ./strace-static-x86_64: Process 5325 attached [pid 5321] <... fsconfig resumed>) = 0 [pid 5306] <... futex resumed>) = 0 [pid 5305] <... fsconfig resumed>) = 0 [pid 5303] <... mprotect resumed>) = 0 [pid 5302] <... futex resumed>) = 1 [pid 5326] set_robust_list(0x7f3920a0d9e0, 24 [pid 5325] set_robust_list(0x55555612d5e0, 24 [pid 5321] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... fsconfig resumed>) = 0 [pid 5307] <... fsconfig resumed>) = 0 [pid 5306] mkdirat(5, "./bus", 000 [ 58.123817][ T5305] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 58.135764][ T5321] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 58.147360][ T5311] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 58.150227][ T5307] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5305] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5302] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5326] <... set_robust_list resumed>) = 0 [pid 5325] <... set_robust_list resumed>) = 0 [pid 5321] <... futex resumed>) = 0 [pid 5311] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... futex resumed>) = 0 [pid 5326] openat(AT_FDCWD, ".", O_RDONLY [pid 5325] chdir("./7" [pid 5321] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] <... futex resumed>) = 1 [pid 5305] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] <... clone resumed>, parent_tid=[5327], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5327 [pid 5326] <... openat resumed>) = 5 [pid 5325] <... chdir resumed>) = 0 [pid 5311] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5327 attached [pid 5326] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5307] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] <... mkdirat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5304] <... futex resumed>) = 0 [pid 5303] <... futex resumed>) = 0 [pid 5327] set_robust_list(0x7f3920a0d9e0, 24 [pid 5326] <... futex resumed>) = 1 [pid 5325] <... prctl resumed>) = 0 [pid 5303] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... futex resumed>) = 0 [pid 5327] <... set_robust_list resumed>) = 0 [pid 5326] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] setpgid(0, 0 [pid 5307] <... futex resumed>) = 0 [pid 5304] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] <... setpgid resumed>) = 0 [pid 5300] <... futex resumed>) = 0 [pid 5325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5300] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5325] <... openat resumed>) = 3 [pid 5325] write(3, "1000", 4) = 4 [pid 5325] close(3) = 0 [pid 5325] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5325] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3928dce000 [pid 5325] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5325] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5330], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5330 [pid 5325] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5325] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5306] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5302] <... futex resumed>) = 0 [pid 5306] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5302] exit_group(0 [pid 5321] <... futex resumed>) = ? [pid 5306] <... futex resumed>) = ? [pid 5302] <... exit_group resumed>) = ? [pid 5321] +++ exited with 0 +++ [pid 5306] +++ exited with 0 +++ [pid 5302] +++ exited with 0 +++ [pid 5327] openat(AT_FDCWD, ".", O_RDONLY./strace-static-x86_64: Process 5330 attached ) = 5 [pid 5311] <... futex resumed>) = 0 [pid 5307] mkdirat(5, "./bus", 000 [pid 5304] <... futex resumed>) = 1 [pid 5330] set_robust_list(0x7f3928dee9e0, 24 [pid 5327] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [ 58.178001][ T5306] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 58.198573][ T5320] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [pid 5311] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5304] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5302, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5330] <... set_robust_list resumed>) = 0 [pid 5327] <... futex resumed>) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5070] restart_syscall(<... resuming interrupted clone ...> [pid 5330] memfd_create("syzkaller", 0 [pid 5327] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... restart_syscall resumed>) = 0 [pid 5330] <... memfd_create resumed>) = 3 [pid 5305] <... futex resumed>) = 0 [pid 5303] <... futex resumed>) = 1 [pid 5330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5305] mkdirat(5, "./bus", 000 [pid 5303] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... mmap resumed>) = 0x7f39209ce000 [pid 5070] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5330] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5330] <... write resumed>) = 262144 [pid 5300] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5070] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5330] munmap(0x7f39209ce000, 262144 [pid 5070] <... openat resumed>) = 3 [pid 5330] <... munmap resumed>) = 0 [pid 5070] fstat(3, [pid 5330] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5070] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5330] <... openat resumed>) = 4 [ 58.215130][ T5307] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 58.217209][ T5311] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 58.240059][ T5320] EXT4-fs (loop1): 1 truncate cleaned up [ 58.245806][ T5320] ext4 filesystem being mounted at /root/syzkaller.Umn7fv/6/file0 supports timestamps until 2038 (0x7fffffff) [ 58.259028][ T5305] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [pid 5070] getdents64(3, [pid 5330] ioctl(4, LOOP_SET_FD, 3 [pid 5070] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5307] <... mkdirat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5305] <... mkdirat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5320] <... mount resumed>) = 0 [pid 5070] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5330] <... ioctl resumed>) = 0 [pid 5320] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5307] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] exit_group(0 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5330] close(3 [pid 5326] <... futex resumed>) = ? [pid 5320] <... openat resumed>) = 3 [pid 5307] <... futex resumed>) = ? [pid 5305] <... futex resumed>) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5300] <... exit_group resumed>) = ? [pid 5070] lstat("./6/binderfs", [pid 5330] <... close resumed>) = 0 [pid 5326] +++ exited with 0 +++ [pid 5320] chdir("./file0" [pid 5307] +++ exited with 0 +++ [pid 5305] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] exit_group(0 [pid 5330] mkdir("./file0", 0777 [pid 5327] <... futex resumed>) = ? [pid 5320] <... chdir resumed>) = 0 [pid 5305] <... futex resumed>) = ? [pid 5303] <... exit_group resumed>) = ? [pid 5330] <... mkdir resumed>) = 0 [pid 5327] +++ exited with 0 +++ [pid 5320] ioctl(4, LOOP_CLR_FD [pid 5305] +++ exited with 0 +++ [pid 5303] +++ exited with 0 +++ [pid 5300] +++ exited with 0 +++ [pid 5070] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5330] mount("/dev/loop4", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5320] <... ioctl resumed>) = 0 [pid 5320] close(4 [pid 5070] unlink("./6/binderfs" [pid 5304] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5068] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5300, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5320] <... close resumed>) = 0 [pid 5073] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5303, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5320] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [ 58.262695][ T5330] loop4: detected capacity change from 0 to 512 [ 58.290740][ T5311] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5311] <... fsconfig resumed>) = 0 [pid 5304] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5070] <... unlink resumed>) = 0 [pid 5320] <... futex resumed>) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5311] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... futex resumed>) = 0 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5070] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5311] <... futex resumed>) = 0 [pid 5304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5073] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5311] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5304] <... mmap resumed>) = 0x7f39209ed000 [pid 5073] <... openat resumed>) = 3 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5304] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5073] fstat(3, [pid 5068] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5304] <... mprotect resumed>) = 0 [pid 5073] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5068] <... openat resumed>) = 3 [pid 5304] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5073] getdents64(3, [pid 5068] fstat(3, [pid 5320] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5317] <... futex resumed>) = 0 [pid 5320] fspick(AT_FDCWD, ".", 0 [pid 5317] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] <... fspick resumed>) = 4 [pid 5320] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5320] <... futex resumed>) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5068] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5320] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5317] <... futex resumed>) = 0 [pid 5320] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5317] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] <... fsconfig resumed>) = 0 [pid 5304] <... clone resumed>, parent_tid=[5334], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5334 [pid 5073] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] getdents64(3, [pid 5320] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5320] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5320] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5317] <... futex resumed>) = 0 [pid 5304] <... futex resumed>) = 0 [pid 5073] lstat("./6/binderfs", [pid 5068] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5320] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5317] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 5334 attached [pid 5334] set_robust_list(0x7f3920a0d9e0, 24 [pid 5068] lstat("./6/binderfs", [pid 5073] unlink("./6/binderfs" [pid 5334] <... set_robust_list resumed>) = 0 [pid 5068] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5334] openat(AT_FDCWD, ".", O_RDONLY) = 5 [pid 5073] <... unlink resumed>) = 0 [pid 5068] unlink("./6/binderfs" [pid 5334] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5334] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5304] <... futex resumed>) = 0 [pid 5073] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] <... unlink resumed>) = 0 [pid 5304] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5304] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5311] <... futex resumed>) = 0 [ 58.331923][ T5330] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 58.353089][ T5330] EXT4-fs (loop4): 1 truncate cleaned up [ 58.364623][ T5320] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5311] mkdirat(5, "./bus", 000 [pid 5330] <... mount resumed>) = 0 [pid 5330] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5330] chdir("./file0") = 0 [pid 5330] ioctl(4, LOOP_CLR_FD) = 0 [pid 5330] close(4) = 0 [pid 5330] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5330] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] <... futex resumed>) = 0 [pid 5325] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... futex resumed>) = 0 [pid 5325] <... futex resumed>) = 1 [pid 5330] fspick(AT_FDCWD, ".", 0 [pid 5325] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... fspick resumed>) = 4 [pid 5330] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5317] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... futex resumed>) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5317] <... futex resumed>) = 0 [pid 5325] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5325] <... futex resumed>) = 0 [pid 5330] <... fsconfig resumed>) = 0 [pid 5325] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5330] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... mmap resumed>) = 0x7f39209ed000 [pid 5330] <... futex resumed>) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5317] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5330] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... mprotect resumed>) = 0 [pid 5330] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5325] <... futex resumed>) = 0 [pid 5317] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5330] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5325] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5317] <... clone resumed>, parent_tid=[5335], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5335 [pid 5317] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... umount2 resumed>) = 0 [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5070] lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5304] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 58.365215][ T5330] ext4 filesystem being mounted at /root/syzkaller.OeA2WI/7/file0 supports timestamps until 2038 (0x7fffffff) [ 58.388930][ T5311] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [pid 5070] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5320] <... fsconfig resumed>) = 0 [pid 5070] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5320] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5320] <... futex resumed>) = 0 [pid 5070] <... openat resumed>) = 4 [pid 5320] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5070] getdents64(4, 0x555556136660 /* 2 entries */, 32768) = 48 [pid 5070] getdents64(4, 0x555556136660 /* 0 entries */, 32768) = 0 [pid 5070] close(4) = 0 [pid 5070] rmdir("./6/file0") = 0 [pid 5070] getdents64(3, 0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5070] close(3) = 0 [pid 5070] rmdir("./6") = 0 [pid 5070] mkdir("./7", 0777) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5070] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5070] close(3) = 0 [pid 5070] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555612d5d0) = 5336 [pid 5073] <... umount2 resumed>) = 0 [pid 5073] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5335 attached ) = -1 EINVAL (Invalid argument) [pid 5068] <... umount2 resumed>) = 0 [pid 5335] set_robust_list(0x7f3920a0d9e0, 24 [pid 5073] lstat("./6/file0", [pid 5335] <... set_robust_list resumed>) = 0 [pid 5068] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 5336 attached [pid 5335] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5073] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5336] set_robust_list(0x55555612d5e0, 24) = 0 [pid 5336] chdir("./7") = 0 [pid 5336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5336] setpgid(0, 0) = 0 [pid 5336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5317] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5336] <... openat resumed>) = 3 [pid 5317] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] write(3, "1000", 4 [pid 5320] <... futex resumed>) = 0 [pid 5317] <... futex resumed>) = 1 [pid 5336] <... write resumed>) = 4 [pid 5320] openat(AT_FDCWD, ".", O_RDONLY [pid 5317] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] close(3 [pid 5320] <... openat resumed>) = 5 [pid 5336] <... close resumed>) = 0 [pid 5320] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] symlink("/dev/binderfs", "./binderfs" [pid 5320] <... futex resumed>) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5336] <... symlink resumed>) = 0 [pid 5325] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5320] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5317] <... futex resumed>) = 0 [pid 5073] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] lstat("./6/file0", [pid 5336] <... futex resumed>) = 0 [pid 5330] <... fsconfig resumed>) = 0 [pid 5325] <... futex resumed>) = 0 [pid 5320] mkdirat(5, "./bus", 000 [pid 5317] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5330] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5320] <... mkdirat resumed>) = 0 [pid 5073] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5336] <... mmap resumed>) = 0x7f3928dce000 [pid 5330] <... futex resumed>) = 0 [pid 5325] <... mmap resumed>) = 0x7f39209ed000 [pid 5320] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... openat resumed>) = 4 [pid 5068] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5336] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5330] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5320] <... futex resumed>) = 1 [pid 5317] <... futex resumed>) = 0 [ 58.437094][ T5330] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 58.465900][ T5335] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [pid 5073] fstat(4, [pid 5068] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5336] <... mprotect resumed>) = 0 [pid 5325] <... mprotect resumed>) = 0 [pid 5320] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5336] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5338], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5338 [pid 5336] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] getdents64(4, [pid 5068] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5336] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5073] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5325] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5311] <... mkdirat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5073] getdents64(4, [pid 5068] <... openat resumed>) = 4 ./strace-static-x86_64: Process 5339 attached ./strace-static-x86_64: Process 5338 attached [pid 5335] <... fsconfig resumed>) = 0 [pid 5311] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5068] fstat(4, [pid 5339] set_robust_list(0x7f3920a0d9e0, 24 [pid 5338] set_robust_list(0x7f3928dee9e0, 24 [pid 5335] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5325] <... clone resumed>, parent_tid=[5339], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5339 [pid 5311] <... futex resumed>) = 0 [pid 5304] exit_group(0 [pid 5073] close(4 [pid 5068] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5339] <... set_robust_list resumed>) = 0 [pid 5338] <... set_robust_list resumed>) = 0 [pid 5335] <... futex resumed>) = 0 [pid 5334] <... futex resumed>) = ? [pid 5325] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... exit_group resumed>) = ? [pid 5073] <... close resumed>) = 0 [pid 5068] getdents64(4, [pid 5339] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5338] memfd_create("syzkaller", 0 [pid 5335] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5334] +++ exited with 0 +++ [pid 5325] <... futex resumed>) = 0 [pid 5317] exit_group(0 [pid 5311] +++ exited with 0 +++ [pid 5338] <... memfd_create resumed>) = 3 [pid 5335] <... futex resumed>) = ? [pid 5325] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5320] <... futex resumed>) = ? [pid 5317] <... exit_group resumed>) = ? [pid 5304] +++ exited with 0 +++ [pid 5073] rmdir("./6/file0" [pid 5068] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5320] +++ exited with 0 +++ [pid 5338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f39209ce000 [pid 5338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5338] munmap(0x7f39209ce000, 262144) = 0 [pid 5338] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5335] +++ exited with 0 +++ [pid 5317] +++ exited with 0 +++ [pid 5338] ioctl(4, LOOP_SET_FD, 3 [pid 5073] <... rmdir resumed>) = 0 [pid 5071] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5304, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5073] getdents64(3, [pid 5068] getdents64(4, [pid 5073] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5069] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5317, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5073] close(3 [pid 5068] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5073] <... close resumed>) = 0 [pid 5069] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] close(4) = 0 [pid 5073] rmdir("./6" [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5068] rmdir("./6/file0" [pid 5073] <... rmdir resumed>) = 0 [pid 5338] <... ioctl resumed>) = 0 [pid 5071] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] mkdir("./7", 0777 [pid 5069] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] <... rmdir resumed>) = 0 [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... openat resumed>) = 3 [pid 5073] <... mkdir resumed>) = 0 [pid 5069] fstat(3, [pid 5073] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5071] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5068] getdents64(3, [pid 5073] <... openat resumed>) = 3 [pid 5071] <... openat resumed>) = 3 [pid 5069] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5071] fstat(3, [pid 5068] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5069] getdents64(3, [pid 5071] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5068] close(3 [pid 5069] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5071] getdents64(3, [pid 5068] <... close resumed>) = 0 [pid 5073] ioctl(3, LOOP_CLR_FD [pid 5069] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5071] <... getdents64 resumed>0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5068] rmdir("./6" [pid 5338] close(3 [pid 5073] close(3 [pid 5071] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5338] <... close resumed>) = 0 [pid 5068] <... rmdir resumed>) = 0 [pid 5338] mkdir("./file0", 0777 [pid 5069] lstat("./6/binderfs", [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5338] <... mkdir resumed>) = 0 [pid 5073] <... close resumed>) = 0 [pid 5071] lstat("./6/binderfs", [pid 5069] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 58.506300][ T5335] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 58.530863][ T5339] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [ 58.542868][ T5338] loop2: detected capacity change from 0 to 512 [pid 5068] mkdir("./7", 0777 [pid 5338] mount("/dev/loop2", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5073] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5071] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5069] unlink("./6/binderfs" [pid 5068] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 5341 attached [pid 5339] <... fsconfig resumed>) = 0 [pid 5341] set_robust_list(0x55555612d5e0, 24) = 0 [pid 5339] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5341] chdir("./7") = 0 [pid 5339] <... futex resumed>) = 1 [pid 5341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5339] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] setpgid(0, 0) = 0 [pid 5341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5341] write(3, "1000", 4) = 4 [pid 5341] close(3) = 0 [pid 5341] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5341] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3928dce000 [pid 5341] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5071] unlink("./6/binderfs" [pid 5341] <... mprotect resumed>) = 0 [pid 5325] <... futex resumed>) = 0 [pid 5069] <... unlink resumed>) = 0 [pid 5341] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5325] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... unlink resumed>) = 0 [pid 5330] <... futex resumed>) = 0 [pid 5325] <... futex resumed>) = 1 [pid 5073] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5341 [pid 5071] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5068] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5341] <... clone resumed>, parent_tid=[5342], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5342 [pid 5330] openat(AT_FDCWD, ".", O_RDONLY [pid 5325] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5341] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5330] <... openat resumed>) = 5 [pid 5068] <... openat resumed>) = 3 [pid 5330] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5068] ioctl(3, LOOP_CLR_FD [pid 5325] <... futex resumed>) = 0 [pid 5330] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5325] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5330] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5325] <... futex resumed>) = 0 [pid 5330] mkdirat(5, "./bus", 000 [pid 5325] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] close(3./strace-static-x86_64: Process 5342 attached [pid 5342] set_robust_list(0x7f3928dee9e0, 24) = 0 [pid 5330] <... mkdirat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 5068] <... close resumed>) = 0 [pid 5330] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5330] <... futex resumed>) = 1 [pid 5325] <... futex resumed>) = 0 [pid 5325] exit_group(0) = ? [pid 5339] <... futex resumed>) = ? [pid 5339] +++ exited with 0 +++ [pid 5068] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5343 [pid 5330] +++ exited with 0 +++ [pid 5325] +++ exited with 0 +++ [pid 5072] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5325, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5072] umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 58.574052][ T5339] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5072] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5072] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5072] getdents64(3, 0x55555612e620 /* 4 entries */, 32768) = 112 [pid 5072] umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5072] lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5072] unlink("./7/binderfs" [pid 5342] memfd_create("syzkaller", 0 [pid 5072] <... unlink resumed>) = 0 [pid 5072] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5342] <... memfd_create resumed>) = 3 [pid 5342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f39209ce000 [pid 5342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 5342] munmap(0x7f39209ce000, 262144 [pid 5071] <... umount2 resumed>) = 0 [pid 5342] <... munmap resumed>) = 0 [pid 5069] <... umount2 resumed>) = 0 [pid 5342] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5342] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5343 attached [pid 5072] <... umount2 resumed>) = 0 [pid 5071] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5343] set_robust_list(0x55555612d5e0, 24 [pid 5072] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5342] <... ioctl resumed>) = 0 [pid 5342] close(3) = 0 [pid 5342] mkdir("./file0", 0777 [pid 5343] <... set_robust_list resumed>) = 0 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5071] lstat("./6/file0", [pid 5069] lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5071] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5343] chdir("./7" [pid 5072] lstat("./7/file0", [pid 5071] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5072] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5071] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5343] <... chdir resumed>) = 0 [pid 5069] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5343] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5072] umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5071] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5343] <... prctl resumed>) = 0 [pid 5072] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5071] <... openat resumed>) = 4 [ 58.635403][ T5342] loop5: detected capacity change from 0 to 512 [pid 5069] <... openat resumed>) = 4 [pid 5343] setpgid(0, 0 [pid 5072] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5069] fstat(4, [pid 5072] <... openat resumed>) = 4 [pid 5071] fstat(4, [pid 5343] <... setpgid resumed>) = 0 [pid 5071] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5069] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5072] fstat(4, [pid 5069] getdents64(4, [pid 5071] getdents64(4, [pid 5343] <... openat resumed>) = 3 [pid 5342] <... mkdir resumed>) = 0 [pid 5072] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5071] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5069] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5343] write(3, "1000", 4 [pid 5342] mount("/dev/loop5", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5072] getdents64(4, [pid 5071] getdents64(4, [pid 5069] getdents64(4, [pid 5343] <... write resumed>) = 4 [pid 5072] <... getdents64 resumed>0x555556136660 /* 2 entries */, 32768) = 48 [pid 5071] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5069] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5343] close(3 [pid 5072] getdents64(4, [pid 5071] close(4 [pid 5069] close(4 [pid 5343] <... close resumed>) = 0 [pid 5072] <... getdents64 resumed>0x555556136660 /* 0 entries */, 32768) = 0 [pid 5071] <... close resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5343] symlink("/dev/binderfs", "./binderfs" [pid 5072] close(4 [pid 5071] rmdir("./6/file0" [pid 5069] rmdir("./6/file0" [pid 5343] <... symlink resumed>) = 0 [pid 5072] <... close resumed>) = 0 [pid 5071] <... rmdir resumed>) = 0 [pid 5069] <... rmdir resumed>) = 0 [pid 5343] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] rmdir("./7/file0" [pid 5071] getdents64(3, [pid 5069] getdents64(3, [pid 5343] <... futex resumed>) = 0 [pid 5072] <... rmdir resumed>) = 0 [pid 5071] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5069] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5072] getdents64(3, [pid 5071] close(3 [pid 5069] close(3 [pid 5343] <... mmap resumed>) = 0x7f3928dce000 [pid 5072] <... getdents64 resumed>0x55555612e620 /* 0 entries */, 32768) = 0 [pid 5071] <... close resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5343] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5072] close(3 [pid 5071] rmdir("./6" [pid 5069] rmdir("./6" [pid 5343] <... mprotect resumed>) = 0 [pid 5072] <... close resumed>) = 0 [pid 5071] <... rmdir resumed>) = 0 [pid 5069] <... rmdir resumed>) = 0 [pid 5343] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5072] rmdir("./7" [pid 5071] mkdir("./7", 0777 [pid 5069] mkdir("./7", 0777 [pid 5072] <... rmdir resumed>) = 0 [pid 5071] <... mkdir resumed>) = 0 [pid 5069] <... mkdir resumed>) = 0 [pid 5343] <... clone resumed>, parent_tid=[5349], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5349 [pid 5072] mkdir("./8", 0777 [pid 5071] openat(AT_FDCWD, "/dev/loop3", O_RDWR [ 58.675076][ T5338] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 58.698436][ T5338] EXT4-fs (loop2): 1 truncate cleaned up [ 58.705705][ T5338] ext4 filesystem being mounted at /root/syzkaller.Lw0I6A/7/file0 supports timestamps until 2038 (0x7fffffff) [pid 5069] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5343] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... mkdir resumed>) = 0 [pid 5071] <... openat resumed>) = 3 [pid 5069] <... openat resumed>) = 3 ./strace-static-x86_64: Process 5349 attached [pid 5343] <... futex resumed>) = 0 [pid 5338] <... mount resumed>) = 0 [pid 5072] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5071] ioctl(3, LOOP_CLR_FD [pid 5069] ioctl(3, LOOP_CLR_FD [pid 5349] set_robust_list(0x7f3928dee9e0, 24 [pid 5343] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5338] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5072] <... openat resumed>) = 3 [pid 5071] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5069] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5072] ioctl(3, LOOP_CLR_FD [pid 5071] close(3 [pid 5069] close(3 [pid 5349] <... set_robust_list resumed>) = 0 [pid 5338] <... openat resumed>) = 3 [pid 5072] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5071] <... close resumed>) = 0 [pid 5069] <... close resumed>) = 0 [pid 5349] memfd_create("syzkaller", 0 [pid 5342] <... mount resumed>) = 0 [pid 5338] chdir("./file0" [pid 5072] close(3 [pid 5071] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5069] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5349] <... memfd_create resumed>) = 3 [pid 5342] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5338] <... chdir resumed>) = 0 [pid 5072] <... close resumed>) = 0 [pid 5349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5342] <... openat resumed>) = 3 [pid 5338] ioctl(4, LOOP_CLR_FD [pid 5349] <... mmap resumed>) = 0x7f39209ce000 [pid 5342] chdir("./file0" [pid 5338] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 5351 attached ./strace-static-x86_64: Process 5350 attached [pid 5349] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5342] <... chdir resumed>) = 0 [pid 5338] close(4 [pid 5072] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5071] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5350 [pid 5351] set_robust_list(0x55555612d5e0, 24 [pid 5350] set_robust_list(0x55555612d5e0, 24 [pid 5349] <... write resumed>) = 262144 [pid 5342] ioctl(4, LOOP_CLR_FD [pid 5338] <... close resumed>) = 0 [pid 5349] munmap(0x7f39209ce000, 262144 [pid 5342] <... ioctl resumed>) = 0 [pid 5338] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] <... munmap resumed>) = 0 [pid 5342] close(4 [pid 5338] <... futex resumed>) = 1 [pid 5336] <... futex resumed>) = 0 [pid 5069] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5351 [pid 5351] <... set_robust_list resumed>) = 0 [pid 5350] <... set_robust_list resumed>) = 0 [pid 5349] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5342] <... close resumed>) = 0 [pid 5338] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5336] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... clone resumed>, child_tidptr=0x55555612d5d0) = 5352 [pid 5349] <... openat resumed>) = 4 [pid 5342] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5336] <... futex resumed>) = 0 [pid 5351] chdir("./7" [pid 5350] chdir("./7" [pid 5349] ioctl(4, LOOP_SET_FD, 3 [pid 5342] <... futex resumed>) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5338] fspick(AT_FDCWD, ".", 0 [pid 5336] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... chdir resumed>) = 0 [pid 5350] <... chdir resumed>) = 0 [pid 5349] <... ioctl resumed>) = 0 [pid 5342] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] <... fspick resumed>) = 4 [pid 5351] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5350] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5341] <... futex resumed>) = 0 [pid 5338] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... prctl resumed>) = 0 [pid 5350] <... prctl resumed>) = 0 [pid 5342] fspick(AT_FDCWD, ".", 0 [pid 5341] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] setpgid(0, 0 [pid 5342] <... fspick resumed>) = 4 [pid 5338] <... futex resumed>) = 1 [pid 5351] setpgid(0, 0 [pid 5336] <... futex resumed>) = 0 [pid 5350] <... setpgid resumed>) = 0 [pid 5342] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5342] <... futex resumed>) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5336] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... setpgid resumed>) = 0 [pid 5350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5342] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5336] <... futex resumed>) = 0 [pid 5351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5341] <... futex resumed>) = 0 [pid 5338] <... fsconfig resumed>) = 0 [pid 5336] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5350] <... openat resumed>) = 3 [pid 5342] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5341] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] <... fsconfig resumed>) = 0 [pid 5342] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5342] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... openat resumed>) = 3 [pid 5350] write(3, "1000", 4 [pid 5342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 58.722236][ T5342] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 58.738706][ T5342] EXT4-fs (loop5): 1 truncate cleaned up [ 58.745250][ T5342] ext4 filesystem being mounted at /root/syzkaller.336SfN/7/file0 supports timestamps until 2038 (0x7fffffff) [ 58.770908][ T5349] loop0: detected capacity change from 0 to 512 [pid 5341] <... futex resumed>) = 0 [pid 5338] <... futex resumed>) = 1 [pid 5336] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5352 attached [pid 5351] write(3, "1000", 4 [pid 5350] <... write resumed>) = 4 [pid 5342] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5341] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5336] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... write resumed>) = 4 [pid 5350] close(3 [pid 5336] <... futex resumed>) = 0 [pid 5338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5336] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5349] close(3) = 0 [pid 5349] mkdir("./file0", 0777) = 0 [pid 5349] mount("/dev/loop0", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5352] set_robust_list(0x55555612d5e0, 24) = 0 [pid 5352] chdir("./8") = 0 [pid 5352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5352] setpgid(0, 0) = 0 [pid 5352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5352] write(3, "1000", 4) = 4 [pid 5352] close(3) = 0 [pid 5352] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5352] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3928dce000 [pid 5352] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5352] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5350] <... close resumed>) = 0 [pid 5351] close(3 [pid 5350] symlink("/dev/binderfs", "./binderfs" [pid 5351] <... close resumed>) = 0 [pid 5351] symlink("/dev/binderfs", "./binderfs" [pid 5350] <... symlink resumed>) = 0 [pid 5350] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] <... symlink resumed>) = 0 [pid 5350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5351] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] <... mmap resumed>) = 0x7f3928dce000 [pid 5351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5350] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE [pid 5351] <... mmap resumed>) = 0x7f3928dce000 [pid 5350] <... mprotect resumed>) = 0 [pid 5351] mprotect(0x7f3928dcf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5352] <... clone resumed>, parent_tid=[5353], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5353 [pid 5351] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5350] clone(child_stack=0x7f3928dee3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5352] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] <... clone resumed>, parent_tid=[5355], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5355 [pid 5352] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5351] <... clone resumed>, parent_tid=[5356], tls=0x7f3928dee700, child_tidptr=0x7f3928dee9d0) = 5356 ./strace-static-x86_64: Process 5355 attached [pid 5350] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5351] <... futex resumed>) = 0 [pid 5350] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5351] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5356 attached [pid 5355] set_robust_list(0x7f3928dee9e0, 24 [pid 5341] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5336] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) ./strace-static-x86_64: Process 5353 attached [pid 5356] set_robust_list(0x7f3928dee9e0, 24 [pid 5355] <... set_robust_list resumed>) = 0 [pid 5341] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... set_robust_list resumed>) = 0 [pid 5355] memfd_create("syzkaller", 0 [pid 5353] set_robust_list(0x7f3928dee9e0, 24 [pid 5342] <... fsconfig resumed>) = 0 [pid 5341] <... futex resumed>) = 0 [pid 5338] <... fsconfig resumed>) = 0 [pid 5336] <... futex resumed>) = 0 [pid 5356] memfd_create("syzkaller", 0 [ 58.791706][ T5342] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 58.810214][ T5338] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5355] <... memfd_create resumed>) = 3 [pid 5353] <... set_robust_list resumed>) = 0 [pid 5342] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5338] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5356] <... memfd_create resumed>) = 3 [pid 5353] memfd_create("syzkaller", 0 [pid 5336] <... mmap resumed>) = 0x7f39209ed000 [pid 5356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5353] <... memfd_create resumed>) = 3 [pid 5336] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5356] <... mmap resumed>) = 0x7f39209ce000 [pid 5353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5336] <... mprotect resumed>) = 0 [pid 5356] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5353] <... mmap resumed>) = 0x7f39209ce000 [pid 5336] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5356] <... write resumed>) = 262144 [pid 5355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5353] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5342] <... futex resumed>) = 0 [pid 5341] <... mmap resumed>) = 0x7f39209ed000 [pid 5338] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5358 attached [pid 5355] <... mmap resumed>) = 0x7f39209ce000 [ 58.843676][ T5349] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 58.880987][ T5349] EXT4-fs (loop0): 1 truncate cleaned up [pid 5342] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] mprotect(0x7f39209ee000, 131072, PROT_READ|PROT_WRITE [pid 5338] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5336] <... clone resumed>, parent_tid=[5358], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5358 [pid 5358] set_robust_list(0x7f3920a0d9e0, 24 [pid 5356] munmap(0x7f39209ce000, 262144 [pid 5355] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 5353] <... write resumed>) = 262144 [pid 5341] <... mprotect resumed>) = 0 [pid 5336] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5358] <... set_robust_list resumed>) = 0 [pid 5336] <... futex resumed>) = 0 [pid 5358] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5336] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5355] <... write resumed>) = 262144 [pid 5341] clone(child_stack=0x7f3920a0d3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 5356] <... munmap resumed>) = 0 [pid 5355] munmap(0x7f39209ce000, 262144 [pid 5353] munmap(0x7f39209ce000, 262144 [pid 5356] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5355] <... munmap resumed>) = 0 [pid 5353] <... munmap resumed>) = 0 [pid 5341] <... clone resumed>, parent_tid=[5359], tls=0x7f3920a0d700, child_tidptr=0x7f3920a0d9d0) = 5359 ./strace-static-x86_64: Process 5359 attached [pid 5356] <... openat resumed>) = 4 [pid 5355] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5353] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5349] <... mount resumed>) = 0 [pid 5341] futex(0x7f3928ec77b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] set_robust_list(0x7f3920a0d9e0, 24 [pid 5356] ioctl(4, LOOP_SET_FD, 3 [pid 5349] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 5359] <... set_robust_list resumed>) = 0 [pid 5355] <... openat resumed>) = 4 [pid 5349] <... openat resumed>) = 3 [pid 5359] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5349] chdir("./file0" [pid 5356] <... ioctl resumed>) = 0 [pid 5355] ioctl(4, LOOP_SET_FD, 3 [pid 5353] <... openat resumed>) = 4 [pid 5341] <... futex resumed>) = 0 [pid 5356] close(3 [pid 5349] <... chdir resumed>) = 0 [pid 5349] ioctl(4, LOOP_CLR_FD) = 0 [pid 5349] close(4) = 0 [pid 5349] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 58.882834][ T5358] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 58.888884][ T5349] ext4 filesystem being mounted at /root/syzkaller.13SvPn/7/file0 supports timestamps until 2038 (0x7fffffff) [ 58.910630][ T5356] loop1: detected capacity change from 0 to 512 [ 58.910914][ T5359] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 58.920882][ T5355] loop3: detected capacity change from 0 to 512 [ 58.930254][ T5353] loop4: detected capacity change from 0 to 512 [pid 5349] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] ioctl(4, LOOP_SET_FD, 3 [pid 5343] <... futex resumed>) = 0 [pid 5353] <... ioctl resumed>) = 0 [pid 5343] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... close resumed>) = 0 [pid 5349] <... futex resumed>) = 0 [pid 5343] <... futex resumed>) = 1 [pid 5341] futex(0x7f3928ec77bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5356] mkdir("./file0", 0777 [pid 5349] fspick(AT_FDCWD, ".", 0 [pid 5343] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] <... fspick resumed>) = 4 [pid 5349] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5343] <... futex resumed>) = 0 [pid 5349] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5343] <... futex resumed>) = 0 [pid 5349] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 5343] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] <... fsconfig resumed>) = 0 [pid 5353] close(3) = 0 [pid 5353] mkdir("./file0", 0777 [pid 5349] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5349] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5343] <... futex resumed>) = 0 [pid 5343] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] <... futex resumed>) = 0 [pid 5343] <... futex resumed>) = 1 [pid 5356] <... mkdir resumed>) = 0 [pid 5349] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 5343] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5353] <... mkdir resumed>) = 0 [pid 5353] mount("/dev/loop4", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5336] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5336] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5336] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] openat(AT_FDCWD, ".", O_RDONLY [pid 5355] <... ioctl resumed>) = 0 [pid 5338] <... openat resumed>) = 5 [pid 5338] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5336] <... futex resumed>) = 0 [pid 5338] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5355] close(3) = 0 [pid 5355] mkdir("./file0", 0777) = 0 [pid 5355] mount("/dev/loop3", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5356] mount("/dev/loop1", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 5336] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5336] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5338] mkdirat(5, "./bus", 000 [pid 5349] <... fsconfig resumed>) = 0 [pid 5359] <... fsconfig resumed>) = 0 [pid 5359] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5349] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5349] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5358] <... fsconfig resumed>) = 0 [pid 5358] futex(0x7f3928ec77bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] futex(0x7f3928ec77b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] <... futex resumed>) = 0 [ 58.948504][ T5349] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 58.964574][ T5358] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 58.965224][ T5338] ------------[ cut here ]------------ [ 58.974782][ T5359] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [pid 5341] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = 0 [pid 5341] <... futex resumed>) = 1 [pid 5342] openat(AT_FDCWD, ".", O_RDONLY [pid 5341] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] <... openat resumed>) = 5 [pid 5342] futex(0x7f3928ec77ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5342] futex(0x7f3928ec77a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5341] <... futex resumed>) = 0 [pid 5342] mkdirat(5, "./bus", 000 [pid 5341] futex(0x7f3928ec77ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... futex resumed>) = 0 [ 58.990559][ T5338] WARNING: CPU: 0 PID: 5338 at fs/ext4/xattr.c:2141 ext4_xattr_block_set+0x2ef2/0x3680 [ 59.000328][ T5338] Modules linked in: [ 59.004264][ T5338] CPU: 0 PID: 5338 Comm: syz-executor395 Not tainted 6.2.0-syzkaller-13467-g0988a0ea7919 #0 [ 59.014278][ T5349] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 59.014421][ T5338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 59.030144][ T5342] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [pid 5343] futex(0x7f3928ec77a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] <... futex resumed>) = 0 [pid 5343] <... futex resumed>) = 1 [pid 5349] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [ 59.033769][ T5338] RIP: 0010:ext4_xattr_block_set+0x2ef2/0x3680 [ 59.054089][ T5338] Code: b3 3d ff 48 8b 7c 24 50 4c 89 ee e8 88 2f c1 ff 45 31 ed e9 86 f4 ff ff e8 1b b3 3d ff 45 31 ed e9 79 f4 ff ff e8 0e b3 3d ff <0f> 0b e9 5d f2 ff ff e8 02 b3 3d ff 0f 0b 43 80 3c 26 00 0f 85 6f [ 59.073810][ T5338] RSP: 0018:ffffc90004a0f4a0 EFLAGS: 00010293 [ 59.080014][ T5338] RAX: ffffffff824f0a52 RBX: 1ffff92000941f11 RCX: ffff888029c61d40 [ 59.088039][ T5338] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 59.088150][ T5349] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000. Quota mode: writeback. [ 59.096080][ T5338] RBP: ffffc90004a0f6d0 R08: ffffffff8213bec0 R09: ffffed100e12d2ae [ 59.114137][ T5338] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 59.122339][ T5338] R13: 0000000000000000 R14: 0000000000000000 R15: ffffc90004a0f860 [ 59.124164][ T5366] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 59.130381][ T5338] FS: 00007f3928dee700(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 59.130403][ T5338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 59.130418][ T5338] CR2: 00007f3920a0d000 CR3: 000000001c94d000 CR4: 00000000003506f0 [ 59.130434][ T5338] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 59.176374][ T5338] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 59.184451][ T5338] Call Trace: [ 59.187823][ T5338] [ 59.188817][ T5356] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 59.190850][ T5338] ? ext4_xattr_block_find+0x520/0x520 [ 59.190886][ T5338] ? ext4_reserve_inode_write+0x2b7/0x360 [ 59.190914][ T5338] ? ext4_mark_iloc_dirty+0x1de0/0x1de0 [ 59.212356][ T5356] EXT4-fs (loop1): 1 truncate cleaned up [ 59.216653][ T5338] ? ext4_mkdir+0x425/0xce0 [ 59.216683][ T5338] ? ext4_xattr_block_find+0xda/0x520 [ 59.216703][ T5338] ? __x64_sys_mkdirat+0x89/0xa0 [ 59.216722][ T5338] ? ext4_xattr_ibody_set+0xfd/0x330 [ 59.225320][ T5356] ext4 filesystem being mounted at /root/syzkaller.Umn7fv/7/file0 supports timestamps until 2038 (0x7fffffff) [ 59.227978][ T5338] ext4_xattr_set_handle+0xcd4/0x15c0 [ 59.228034][ T5338] ? ext4_xattr_set_entry+0x3bf0/0x3bf0 [ 59.271024][ T5338] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 59.277090][ T5338] ext4_initxattrs+0xa3/0x110 [ 59.281894][ T5338] security_inode_init_security+0x2df/0x3f0 [ 59.285828][ T5355] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 59.287820][ T5338] ? ext4_init_security+0x40/0x40 [ 59.287856][ T5338] ? security_dentry_create_files_as+0xc0/0xc0 [ 59.306818][ T5355] EXT4-fs (loop3): 1 truncate cleaned up [ 59.313259][ T5338] ? ext4_init_acl+0x387/0x400 [ 59.313304][ T5338] ? _raw_spin_unlock+0x28/0x40 [ 59.320975][ T5355] ext4 filesystem being mounted at /root/syzkaller.m4jObD/7/file0 supports timestamps until 2038 (0x7fffffff) [ 59.323718][ T5338] ? insert_inode_locked+0x3b7/0x410 [ 59.345604][ T5338] ? ext4_has_metadata_csum+0x12f/0x1c0 [ 59.351257][ T5338] __ext4_new_inode+0x347e/0x43d0 [ 59.356350][ T5338] ? ext4_has_group_desc_csum+0x1e0/0x1e0 [ 59.362181][ T5338] ? smk_access+0x477/0x4b0 [ 59.366732][ T5338] ? smk_tskacc+0x2ff/0x360 [ 59.371348][ T5338] ext4_mkdir+0x425/0xce0 [ 59.375833][ T5338] ? ext4_symlink+0xb30/0xb30 [ 59.380608][ T5338] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 59.385746][ T5338] ? security_inode_mkdir+0xb8/0x100 [ 59.391128][ T5338] vfs_mkdir+0x29d/0x450 [ 59.395412][ T5338] do_mkdirat+0x264/0x520 [ 59.397878][ T5353] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3789: comm syz-executor395: Allocating blocks 41-42 which overlap fs metadata [ 59.399807][ T5338] ? vfs_mkdir+0x450/0x450 [ 59.418326][ T5338] ? getname_flags+0x1f0/0x4e0 [ 59.420901][ T5353] EXT4-fs (loop4): 1 truncate cleaned up [ 59.423168][ T5338] __x64_sys_mkdirat+0x89/0xa0 [ 59.430638][ T5353] ext4 filesystem being mounted at /root/syzkaller.OeA2WI/8/file0 supports timestamps until 2038 (0x7fffffff) [ 59.433583][ T5338] do_syscall_64+0x41/0xc0 [ 59.449792][ T5338] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 59.455766][ T5338] RIP: 0033:0x7f3928e426d9 [ 59.460286][ T5338] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 59.480001][ T5338] RSP: 002b:00007f3928dee2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 59.488455][ T5338] RAX: ffffffffffffffda RBX: 00007f3928ec77a0 RCX: 00007f3928e426d9 [ 59.496731][ T5338] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000005 [ 59.504796][ T5338] RBP: 00007f3928e94590 R08: 0000000000000000 R09: 0000000000000000 [ 59.512862][ T5338] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3928e940c0 [ 59.520967][ T5338] R13: 3d6469677365722c R14: 0030656c69662f2e R15: 00007f3928ec77a8 [ 59.529004][ T5338] [ 59.532119][ T5338] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 59.539410][ T5338] CPU: 0 PID: 5338 Comm: syz-executor395 Not tainted 6.2.0-syzkaller-13467-g0988a0ea7919 #0 [ 59.549580][ T5338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 [ 59.559785][ T5338] Call Trace: [ 59.563205][ T5338] [ 59.566285][ T5338] dump_stack_lvl+0x1e7/0x2d0 [ 59.571038][ T5338] ? nf_tcp_handle_invalid+0x650/0x650 [ 59.576632][ T5338] ? vsnprintf+0x17f/0x1d80 [ 59.581207][ T5338] ? panic+0x770/0x770 [ 59.585303][ T5338] ? vscnprintf+0x5d/0x80 [ 59.589657][ T5338] panic+0x31c/0x770 [ 59.593596][ T5338] ? __warn+0x16c/0x610 [ 59.597780][ T5338] ? memcpy_page_flushcache+0x100/0x100 [ 59.603384][ T5338] __warn+0x434/0x610 [ 59.607401][ T5338] ? ext4_xattr_block_set+0x2ef2/0x3680 [ 59.612983][ T5338] report_bug+0x2b3/0x500 [ 59.617514][ T5338] ? ext4_xattr_block_set+0x2ef2/0x3680 [ 59.623103][ T5338] handle_bug+0x3d/0x70 [ 59.627292][ T5338] exc_invalid_op+0x1a/0x50 [ 59.631828][ T5338] asm_exc_invalid_op+0x1a/0x20 [ 59.636800][ T5338] RIP: 0010:ext4_xattr_block_set+0x2ef2/0x3680 [ 59.643003][ T5338] Code: b3 3d ff 48 8b 7c 24 50 4c 89 ee e8 88 2f c1 ff 45 31 ed e9 86 f4 ff ff e8 1b b3 3d ff 45 31 ed e9 79 f4 ff ff e8 0e b3 3d ff <0f> 0b e9 5d f2 ff ff e8 02 b3 3d ff 0f 0b 43 80 3c 26 00 0f 85 6f [ 59.662754][ T5338] RSP: 0018:ffffc90004a0f4a0 EFLAGS: 00010293 [ 59.668866][ T5338] RAX: ffffffff824f0a52 RBX: 1ffff92000941f11 RCX: ffff888029c61d40 [ 59.676964][ T5338] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000001 [ 59.684996][ T5338] RBP: ffffc90004a0f6d0 R08: ffffffff8213bec0 R09: ffffed100e12d2ae [ 59.692993][ T5338] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 59.701078][ T5338] R13: 0000000000000000 R14: 0000000000000000 R15: ffffc90004a0f860 [ 59.709070][ T5338] ? dquot_initialize_needed+0x170/0x320 [ 59.714715][ T5338] ? ext4_xattr_block_set+0x2ef2/0x3680 [ 59.720331][ T5338] ? ext4_xattr_block_find+0x520/0x520 [ 59.725826][ T5338] ? ext4_reserve_inode_write+0x2b7/0x360 [ 59.731583][ T5338] ? ext4_mark_iloc_dirty+0x1de0/0x1de0 [ 59.737154][ T5338] ? ext4_mkdir+0x425/0xce0 [ 59.741686][ T5338] ? ext4_xattr_block_find+0xda/0x520 [ 59.747083][ T5338] ? __x64_sys_mkdirat+0x89/0xa0 [ 59.752042][ T5338] ? ext4_xattr_ibody_set+0xfd/0x330 [ 59.757353][ T5338] ext4_xattr_set_handle+0xcd4/0x15c0 [ 59.762758][ T5338] ? ext4_xattr_set_entry+0x3bf0/0x3bf0 [ 59.768347][ T5338] ? __bpf_trace_rcu_stall_warning+0x10/0x10 [ 59.774400][ T5338] ext4_initxattrs+0xa3/0x110 [ 59.779109][ T5338] security_inode_init_security+0x2df/0x3f0 [ 59.785035][ T5338] ? ext4_init_security+0x40/0x40 [ 59.790127][ T5338] ? security_dentry_create_files_as+0xc0/0xc0 [ 59.796290][ T5338] ? ext4_init_acl+0x387/0x400 [ 59.801067][ T5338] ? _raw_spin_unlock+0x28/0x40 [ 59.805916][ T5338] ? insert_inode_locked+0x3b7/0x410 [ 59.811194][ T5338] ? ext4_has_metadata_csum+0x12f/0x1c0 [ 59.816735][ T5338] __ext4_new_inode+0x347e/0x43d0 [ 59.821777][ T5338] ? ext4_has_group_desc_csum+0x1e0/0x1e0 [ 59.827506][ T5338] ? smk_access+0x477/0x4b0 [ 59.832056][ T5338] ? smk_tskacc+0x2ff/0x360 [ 59.836599][ T5338] ext4_mkdir+0x425/0xce0 [ 59.840974][ T5338] ? ext4_symlink+0xb30/0xb30 [ 59.845682][ T5338] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 59.850819][ T5338] ? security_inode_mkdir+0xb8/0x100 [ 59.856133][ T5338] vfs_mkdir+0x29d/0x450 [ 59.860410][ T5338] do_mkdirat+0x264/0x520 [ 59.864783][ T5338] ? vfs_mkdir+0x450/0x450 [ 59.869233][ T5338] ? getname_flags+0x1f0/0x4e0 [ 59.874033][ T5338] __x64_sys_mkdirat+0x89/0xa0 [ 59.878920][ T5338] do_syscall_64+0x41/0xc0 [ 59.883367][ T5338] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 59.889283][ T5338] RIP: 0033:0x7f3928e426d9 [ 59.893716][ T5338] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 59.913603][ T5338] RSP: 002b:00007f3928dee2f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 59.922029][ T5338] RAX: ffffffffffffffda RBX: 00007f3928ec77a0 RCX: 00007f3928e426d9 [ 59.930020][ T5338] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000005 [ 59.938018][ T5338] RBP: 00007f3928e94590 R08: 0000000000000000 R09: 0000000000000000 [ 59.946010][ T5338] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3928e940c0 [ 59.954013][ T5338] R13: 3d6469677365722c R14: 0030656c69662f2e R15: 00007f3928ec77a8 [ 59.962037][ T5338] [ 59.965259][ T5338] Kernel Offset: disabled [ 59.969856][ T5338] Rebooting in 86400 seconds..