./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1349885689 <...> DUID 00:04:7c:7c:42:18:3f:30:8d:b4:e2:57:c6:a5:0a:a4:65:8b forked to background, child pid 4660 [ 29.285802][ T4661] 8021q: adding VLAN 0 to HW filter on device bond0 [ 29.299343][ T4661] eql: remember to turn off Van-Jacobson compression on your slave devices Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.118' (ECDSA) to the list of known hosts. execve("./syz-executor1349885689", ["./syz-executor1349885689"], 0x7ffdfd5c9120 /* 10 vars */) = 0 brk(NULL) = 0x555556a02000 brk(0x555556a02c40) = 0x555556a02c40 arch_prctl(ARCH_SET_FS, 0x555556a02300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 readlink("/proc/self/exe", "/root/syz-executor1349885689", 4096) = 28 brk(0x555556a23c40) = 0x555556a23c40 brk(0x555556a24000) = 0x555556a24000 mprotect(0x7f417007c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 4993 attached , child_tidptr=0x555556a025d0) = 4993 [pid 4992] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4993] getpid() = 4993 [pid 4993] mkdir("./syzkaller.bK59KK", 0700 [pid 4992] <... clone resumed>, child_tidptr=0x555556a025d0) = 4994 [pid 4992] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a025d0) = 4995 [pid 4992] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4993] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 4994 attached ./strace-static-x86_64: Process 4995 attached [pid 4993] chmod("./syzkaller.bK59KK", 0777 [pid 4992] <... clone resumed>, child_tidptr=0x555556a025d0) = 4996 [pid 4992] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4993] <... chmod resumed>) = 0 [pid 4994] getpid( [pid 4995] getpid( [pid 4993] chdir("./syzkaller.bK59KK" [pid 4992] <... clone resumed>, child_tidptr=0x555556a025d0) = 4997 [pid 4992] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4995] <... getpid resumed>) = 4995 [pid 4994] <... getpid resumed>) = 4994 [pid 4993] <... chdir resumed>) = 0 [pid 4993] mkdir("./0", 0777 [pid 4994] mkdir("./syzkaller.tKVeuO", 0700 [pid 4992] <... clone resumed>, child_tidptr=0x555556a025d0) = 4998 [pid 4993] <... mkdir resumed>) = 0 [pid 4995] mkdir("./syzkaller.1eCL7V", 0700./strace-static-x86_64: Process 4998 attached [pid 4998] getpid( [pid 4994] <... mkdir resumed>) = 0 [pid 4998] <... getpid resumed>) = 4998 [pid 4998] mkdir("./syzkaller.w1U7i6", 0700 [pid 4995] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 4997 attached [pid 4994] chmod("./syzkaller.tKVeuO", 0777 [pid 4995] chmod("./syzkaller.1eCL7V", 0777./strace-static-x86_64: Process 4996 attached [pid 4993] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 4997] getpid() = 4997 [pid 4995] <... chmod resumed>) = 0 [pid 4997] mkdir("./syzkaller.l302g1", 0700 [pid 4994] <... chmod resumed>) = 0 [pid 4993] <... openat resumed>) = 3 [pid 4994] chdir("./syzkaller.tKVeuO" [pid 4995] chdir("./syzkaller.1eCL7V" [pid 4993] ioctl(3, LOOP_CLR_FD [pid 4995] <... chdir resumed>) = 0 [pid 4994] <... chdir resumed>) = 0 [pid 4993] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 4995] mkdir("./0", 0777 [pid 4994] mkdir("./0", 0777 [pid 4995] <... mkdir resumed>) = 0 [pid 4997] <... mkdir resumed>) = 0 [pid 4994] <... mkdir resumed>) = 0 [pid 4993] close(3 [pid 4995] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 4997] chmod("./syzkaller.l302g1", 0777 [pid 4998] <... mkdir resumed>) = 0 [pid 4998] chmod("./syzkaller.w1U7i6", 0777 [pid 4997] <... chmod resumed>) = 0 [pid 4996] getpid( [pid 4995] <... openat resumed>) = 3 [pid 4994] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 4993] <... close resumed>) = 0 [pid 4993] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4994] <... openat resumed>) = 3 [pid 4995] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4995] close(3) = 0 [pid 4995] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4993] <... clone resumed>, child_tidptr=0x555556a025d0) = 4999 [pid 4995] <... clone resumed>, child_tidptr=0x555556a025d0) = 5000 [pid 4994] <... clone resumed>, child_tidptr=0x555556a025d0) = 5001 ./strace-static-x86_64: Process 4999 attached ./strace-static-x86_64: Process 5000 attached [pid 4998] <... chmod resumed>) = 0 [pid 5000] chdir("./0" [pid 4999] chdir("./0" [pid 4998] chdir("./syzkaller.w1U7i6"./strace-static-x86_64: Process 5001 attached [pid 5000] <... chdir resumed>) = 0 [pid 4999] <... chdir resumed>) = 0 [pid 4998] <... chdir resumed>) = 0 [pid 5001] chdir("./0" [pid 4999] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5000] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 4998] mkdir("./0", 0777 [pid 4996] <... getpid resumed>) = 4996 [pid 4999] <... prctl resumed>) = 0 [pid 5000] <... prctl resumed>) = 0 [pid 4998] <... mkdir resumed>) = 0 [pid 5001] <... chdir resumed>) = 0 [pid 5000] setpgid(0, 0 [pid 4999] setpgid(0, 0 [pid 4998] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5000] <... setpgid resumed>) = 0 [pid 4999] <... setpgid resumed>) = 0 [pid 4998] <... openat resumed>) = 3 [pid 5000] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 4999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 4996] mkdir("./syzkaller.92784Y", 0700 [pid 5000] <... openat resumed>) = 3 [pid 5001] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5000] write(3, "1000", 4 [pid 4999] <... openat resumed>) = 3 [pid 4998] ioctl(3, LOOP_CLR_FD [pid 4997] chdir("./syzkaller.l302g1" [pid 4996] <... mkdir resumed>) = 0 [pid 5001] <... prctl resumed>) = 0 [pid 5000] <... write resumed>) = 4 [pid 4999] write(3, "1000", 4 [pid 4998] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 4997] <... chdir resumed>) = 0 [pid 4996] chmod("./syzkaller.92784Y", 0777 [pid 5001] setpgid(0, 0 [pid 5000] close(3 [pid 4999] <... write resumed>) = 4 [pid 4998] close(3 [pid 4997] mkdir("./0", 0777 [pid 4996] <... chmod resumed>) = 0 [pid 5001] <... setpgid resumed>) = 0 [pid 5000] <... close resumed>) = 0 [pid 4999] close(3 [pid 4998] <... close resumed>) = 0 [pid 4997] <... mkdir resumed>) = 0 [pid 4996] chdir("./syzkaller.92784Y" [pid 5001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5000] symlink("/dev/binderfs", "./binderfs" [pid 4999] <... close resumed>) = 0 [pid 4998] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4997] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 4996] <... chdir resumed>) = 0 [pid 5001] <... openat resumed>) = 3 [pid 5000] <... symlink resumed>) = 0 [pid 4999] symlink("/dev/binderfs", "./binderfs" [pid 4997] <... openat resumed>) = 3 [pid 4996] mkdir("./0", 0777 [pid 4997] ioctl(3, LOOP_CLR_FD [pid 4996] <... mkdir resumed>) = 0 [pid 5001] write(3, "1000", 4 [pid 4999] <... symlink resumed>) = 0 [pid 4997] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 4996] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5001] <... write resumed>) = 4 [pid 5000] memfd_create("syzkaller", 0 [pid 4999] memfd_create("syzkaller", 0 [pid 4998] <... clone resumed>, child_tidptr=0x555556a025d0) = 5003 [pid 4997] close(3 [pid 4996] <... openat resumed>) = 3 [pid 5001] close(3 [pid 4997] <... close resumed>) = 0 [pid 4996] ioctl(3, LOOP_CLR_FD [pid 4997] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4996] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 4996] close(3 [pid 4997] <... clone resumed>, child_tidptr=0x555556a025d0) = 5004 [pid 4996] <... close resumed>) = 0 [pid 4996] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a025d0) = 5005 ./strace-static-x86_64: Process 5005 attached ./strace-static-x86_64: Process 5004 attached [pid 5001] <... close resumed>) = 0 [pid 4999] <... memfd_create resumed>) = 3 [pid 5001] symlink("/dev/binderfs", "./binderfs" [pid 4999] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 5003 attached [pid 5005] chdir("./0" [pid 5001] <... symlink resumed>) = 0 [pid 5005] <... chdir resumed>) = 0 [pid 5004] chdir("./0" [pid 5001] memfd_create("syzkaller", 0 [pid 4999] <... mmap resumed>) = 0x7f4167bc0000 [pid 5005] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5004] <... chdir resumed>) = 0 [pid 5003] chdir("./0" [pid 5001] <... memfd_create resumed>) = 3 [pid 5005] <... prctl resumed>) = 0 [pid 5004] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5005] setpgid(0, 0 [pid 5004] <... prctl resumed>) = 0 [pid 5005] <... setpgid resumed>) = 0 [pid 5004] setpgid(0, 0 [pid 5005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5004] <... setpgid resumed>) = 0 [pid 5005] <... openat resumed>) = 3 [pid 5004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5001] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5005] write(3, "1000", 4 [pid 5004] <... openat resumed>) = 3 [pid 5003] <... chdir resumed>) = 0 [pid 5001] <... mmap resumed>) = 0x7f4167bc0000 [pid 5005] <... write resumed>) = 4 [pid 5004] write(3, "1000", 4 [pid 5005] close(3 [pid 5004] <... write resumed>) = 4 [pid 5005] <... close resumed>) = 0 [pid 5004] close(3 [pid 5005] symlink("/dev/binderfs", "./binderfs" [pid 5004] <... close resumed>) = 0 [pid 5005] <... symlink resumed>) = 0 [pid 5004] symlink("/dev/binderfs", "./binderfs" [pid 5005] memfd_create("syzkaller", 0 [pid 5004] <... symlink resumed>) = 0 [pid 5003] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5005] <... memfd_create resumed>) = 3 [pid 5004] memfd_create("syzkaller", 0 [pid 5003] <... prctl resumed>) = 0 [pid 5001] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 4999] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5004] <... memfd_create resumed>) = 3 [pid 5003] setpgid(0, 0 [pid 5005] <... mmap resumed>) = 0x7f4167bc0000 [pid 5004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5005] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5004] <... mmap resumed>) = 0x7f4167bc0000 [pid 5003] <... setpgid resumed>) = 0 [pid 5000] <... memfd_create resumed>) = 3 [pid 5001] <... write resumed>) = 1048576 [pid 5003] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5003] <... openat resumed>) = 3 [pid 5003] write(3, "1000", 4 [pid 5000] <... mmap resumed>) = 0x7f4167bc0000 [pid 5003] <... write resumed>) = 4 syzkaller login: [ 57.231860][ T5000] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=5000 'syz-executor134' [pid 5003] close(3 [pid 5004] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5003] <... close resumed>) = 0 [pid 5005] <... write resumed>) = 1048576 [pid 5003] symlink("/dev/binderfs", "./binderfs" [pid 5001] munmap(0x7f4167bc0000, 1048576 [pid 5000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 4999] <... write resumed>) = 1048576 [pid 5004] <... write resumed>) = 1048576 [pid 5003] <... symlink resumed>) = 0 [pid 5001] <... munmap resumed>) = 0 [pid 4999] munmap(0x7f4167bc0000, 1048576 [pid 5005] munmap(0x7f4167bc0000, 1048576 [pid 5004] munmap(0x7f4167bc0000, 1048576 [pid 5003] memfd_create("syzkaller", 0 [pid 5001] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 4999] <... munmap resumed>) = 0 [pid 5003] <... memfd_create resumed>) = 3 [pid 5001] <... openat resumed>) = 4 [pid 4999] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5001] ioctl(4, LOOP_SET_FD, 3 [pid 4999] <... openat resumed>) = 4 [pid 5005] <... munmap resumed>) = 0 [pid 5004] <... munmap resumed>) = 0 [pid 5003] <... mmap resumed>) = 0x7f4167bc0000 [pid 4999] ioctl(4, LOOP_SET_FD, 3 [pid 5005] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5004] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5003] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 4999] <... ioctl resumed>) = 0 [pid 5005] <... openat resumed>) = 4 [pid 5004] <... openat resumed>) = 4 [pid 5005] ioctl(4, LOOP_SET_FD, 3 [pid 5004] ioctl(4, LOOP_SET_FD, 3 [pid 5003] <... write resumed>) = 1048576 [pid 4999] close(3) = 0 [pid 4999] mkdir("./file2", 0777 [pid 5001] <... ioctl resumed>) = 0 [pid 5001] close(3) = 0 [pid 5001] mkdir("./file2", 0777) = 0 [pid 4999] <... mkdir resumed>) = 0 [pid 4999] mount("/dev/loop0", "./file2", "nilfs2", 0, "" [pid 5001] mount("/dev/loop1", "./file2", "nilfs2", 0, "" [pid 5005] <... ioctl resumed>) = 0 [pid 5004] <... ioctl resumed>) = 0 [pid 5000] <... write resumed>) = 1048576 [pid 5004] close(3 [pid 5000] munmap(0x7f4167bc0000, 1048576 [pid 5005] close(3) = 0 [pid 5004] <... close resumed>) = 0 [pid 5000] <... munmap resumed>) = 0 [pid 5004] mkdir("./file2", 0777 [pid 5005] mkdir("./file2", 0777 [pid 5000] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5000] ioctl(4, LOOP_SET_FD, 3 [ 57.319596][ T5001] loop1: detected capacity change from 0 to 2048 [ 57.334614][ T4999] loop0: detected capacity change from 0 to 2048 [ 57.351962][ T5005] loop3: detected capacity change from 0 to 2048 [ 57.358845][ T5004] loop4: detected capacity change from 0 to 2048 [pid 5003] munmap(0x7f4167bc0000, 1048576 [pid 5005] <... mkdir resumed>) = 0 [pid 5004] <... mkdir resumed>) = 0 [pid 5003] <... munmap resumed>) = 0 [pid 5005] mount("/dev/loop3", "./file2", "nilfs2", 0, "" [pid 5004] mount("/dev/loop4", "./file2", "nilfs2", 0, "" [pid 5000] <... ioctl resumed>) = 0 [pid 5003] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5003] ioctl(4, LOOP_SET_FD, 3 [pid 5000] close(3) = 0 [pid 5000] mkdir("./file2", 0777) = 0 [ 57.375706][ T5000] loop2: detected capacity change from 0 to 2048 [ 57.391660][ T5003] loop5: detected capacity change from 0 to 2048 [pid 5000] mount("/dev/loop2", "./file2", "nilfs2", 0, "" [pid 5003] <... ioctl resumed>) = 0 [pid 5003] close(3) = 0 [pid 5003] mkdir("./file2", 0777) = 0 [pid 5001] <... mount resumed>) = 0 [pid 5001] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 57.416910][ T5009] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 57.428588][ T5010] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 57.435850][ T5007] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 57.439432][ T5008] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5005] <... mount resumed>) = 0 [pid 5004] <... mount resumed>) = 0 [pid 5001] chdir("./file2" [pid 5000] <... mount resumed>) = 0 [pid 4999] <... mount resumed>) = 0 [pid 4999] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5003] mount("/dev/loop5", "./file2", "nilfs2", 0, "" [pid 5001] <... chdir resumed>) = 0 [pid 4999] <... openat resumed>) = 3 [pid 5001] ioctl(4, LOOP_CLR_FD [pid 4999] chdir("./file2" [pid 5001] <... ioctl resumed>) = 0 [pid 4999] <... chdir resumed>) = 0 [pid 5001] close(4 [pid 4999] ioctl(4, LOOP_CLR_FD [pid 5005] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5004] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5001] <... close resumed>) = 0 [pid 5000] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 4999] <... ioctl resumed>) = 0 [pid 5001] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 4999] close(4) = 0 [pid 4999] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5005] <... openat resumed>) = 3 [pid 5004] <... openat resumed>) = 3 [pid 5000] <... openat resumed>) = 3 [pid 4999] <... open resumed>) = 4 [pid 5005] chdir("./file2" [pid 5004] chdir("./file2" [pid 5003] <... mount resumed>) = 0 [pid 5000] chdir("./file2" [pid 4999] ftruncate(4, 0 [pid 5005] <... chdir resumed>) = 0 [pid 5004] <... chdir resumed>) = 0 [pid 5000] <... chdir resumed>) = 0 [pid 5005] ioctl(4, LOOP_CLR_FD [ 57.454477][ T5011] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 57.484374][ T27] audit: type=1800 audit(1686241698.698:2): pid=4999 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor134" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 57.495910][ T5012] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5000] ioctl(4, LOOP_CLR_FD [pid 5005] <... ioctl resumed>) = 0 [pid 5004] ioctl(4, LOOP_CLR_FD [pid 5003] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5001] <... open resumed>) = 4 [pid 5000] <... ioctl resumed>) = 0 [pid 5001] ftruncate(4, 0 [pid 5005] close(4 [pid 5004] <... ioctl resumed>) = 0 [pid 5003] <... openat resumed>) = 3 [pid 5000] close(4 [pid 5005] <... close resumed>) = 0 [pid 5004] close(4 [pid 5003] chdir("./file2" [pid 5000] <... close resumed>) = 0 [pid 5005] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5004] <... close resumed>) = 0 [pid 5003] <... chdir resumed>) = 0 [pid 5000] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5005] <... open resumed>) = 4 [pid 5004] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5003] ioctl(4, LOOP_CLR_FD [pid 5005] ftruncate(4, 0 [pid 5004] <... open resumed>) = 4 [pid 5003] <... ioctl resumed>) = 0 [ 57.518392][ T4999] NILFS (loop0): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 57.526659][ T27] audit: type=1800 audit(1686241698.738:3): pid=5001 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor134" name="file2" dev="loop1" ino=16 res=0 errno=0 [ 57.535052][ T4999] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=16) [pid 5000] <... open resumed>) = 4 [pid 5004] ftruncate(4, 0 [pid 5003] close(4 [ 57.559311][ T5001] NILFS (loop1): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 57.560708][ T5005] NILFS (loop3): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 57.583856][ T5004] NILFS (loop4): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 57.589950][ T27] audit: type=1800 audit(1686241698.778:4): pid=5005 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor134" name="file2" dev="loop3" ino=16 res=0 errno=0 [pid 5000] ftruncate(4, 0 [pid 5003] <... close resumed>) = 0 [pid 5003] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [ 57.596956][ T5000] NILFS (loop2): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 57.631705][ T5003] NILFS (loop5): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 57.644065][ T4999] Remounting filesystem read-only [ 57.645483][ T5001] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=16) [ 57.649269][ T4999] NILFS (loop0): error -5 truncating bmap (ino=16) [pid 5003] ftruncate(4, 0 [pid 4999] <... ftruncate resumed>) = 0 [ 57.661686][ T5004] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=16) [ 57.676275][ T5003] NILFS error (device loop5): nilfs_bmap_truncate: broken bmap (inode number=16) [ 57.679833][ T27] audit: type=1800 audit(1686241698.778:5): pid=5004 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor134" name="file2" dev="loop4" ino=16 res=0 errno=0 [ 57.694940][ T5000] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=16) [pid 4999] write(4, "0x0000000000000000", 18 [pid 5000] <... ftruncate resumed>) = 0 [ 57.715491][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=16 [ 57.722432][ T4999] NILFS (loop0): discard dirty block: blocknr=23, size=1024 [ 57.727004][ T5005] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=16) [ 57.730770][ T5004] Remounting filesystem read-only [ 57.739663][ T5000] Remounting filesystem read-only [ 57.744155][ T5001] Remounting filesystem read-only [ 57.749350][ T5000] NILFS (loop2): error -5 truncating bmap (ino=16) [ 57.754464][ T5003] Remounting filesystem read-only [pid 5000] write(4, "0x0000000000000000", 18 [pid 5003] <... ftruncate resumed>) = 0 [ 57.766956][ T5005] Remounting filesystem read-only [ 57.767926][ T5001] NILFS (loop1): error -5 truncating bmap (ino=16) [ 57.773192][ T5000] NILFS (loop2): discard dirty page: offset=0, ino=16 [ 57.780311][ T5003] NILFS (loop5): error -5 truncating bmap (ino=16) [ 57.785917][ T27] audit: type=1800 audit(1686241698.778:6): pid=5000 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor134" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 57.793558][ T5004] NILFS (loop4): error -5 truncating bmap (ino=16) [pid 5003] write(4, "0x0000000000000000", 18 [pid 5001] <... ftruncate resumed>) = 0 [pid 5001] write(4, "0x0000000000000000", 18 [pid 5004] <... ftruncate resumed>) = 0 [ 57.812083][ T5005] NILFS (loop3): error -5 truncating bmap (ino=16) [ 57.826109][ T5001] NILFS (loop1): discard dirty page: offset=0, ino=16 [ 57.826161][ T5003] NILFS (loop5): discard dirty page: offset=0, ino=16 [ 57.833956][ T5004] NILFS (loop4): discard dirty page: offset=0, ino=16 [ 57.840035][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.848123][ T5000] NILFS (loop2): discard dirty block: blocknr=23, size=1024 [ 57.855819][ T5003] NILFS (loop5): discard dirty block: blocknr=23, size=1024 [pid 5004] write(4, "0x0000000000000000", 18 [pid 5005] <... ftruncate resumed>) = 0 [ 57.864362][ T5001] NILFS (loop1): discard dirty block: blocknr=23, size=1024 [ 57.870485][ T5003] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.879352][ T5004] NILFS (loop4): discard dirty block: blocknr=23, size=1024 [ 57.894634][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.895897][ T5001] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.903748][ T5005] NILFS (loop3): discard dirty page: offset=0, ino=16 [ 57.914568][ T5000] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.928021][ T27] audit: type=1800 audit(1686241698.848:7): pid=5003 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor134" name="file2" dev="loop5" ino=16 res=0 errno=0 [ 57.928065][ T5003] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.949518][ T5001] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.957162][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.967302][ T5004] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.983626][ T5005] NILFS (loop3): discard dirty block: blocknr=23, size=1024 [ 57.983647][ T5005] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 57.992245][ T5001] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.008728][ T5005] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5005] write(4, "0x0000000000000000", 18 [pid 4999] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4999] fchdir(-1 [pid 5001] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5001] fchdir(-1) = -1 EBADF (Bad file descriptor) [pid 5001] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5001] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0) = -1 EBADF (Bad file descriptor) [pid 5001] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102) = -1 EINVAL (Invalid argument) [pid 5001] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5001] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5001] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5001] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 4999] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 5005] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4999] creat(NULL, 000 [pid 5004] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5004] fchdir(-1) = -1 EBADF (Bad file descriptor) [pid 5004] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5004] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0) = -1 EBADF (Bad file descriptor) [pid 5004] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102) = -1 EINVAL (Invalid argument) [ 58.008750][ T5005] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.018920][ T5004] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.026865][ T5000] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.037076][ T5004] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.044688][ T5003] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5004] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5004] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5005] fchdir(-1 [pid 5004] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 4999] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5005] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 5004] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5003] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5000] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4999] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0 [pid 5005] creat(NULL, 000 [pid 5003] fchdir(-1 [pid 4999] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5005] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5003] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 4999] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102 [pid 5005] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0 [pid 5003] creat(NULL, 000 [pid 4999] <... openat resumed>) = -1 EINVAL (Invalid argument) [pid 5005] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5003] <... creat resumed>) = -1 EFAULT (Bad address) [pid 4999] openat(AT_FDCWD, NULL, O_RDWR [pid 5005] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102 [pid 5003] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0 [pid 4999] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5005] <... openat resumed>) = -1 EINVAL (Invalid argument) [pid 5003] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4999] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5005] openat(AT_FDCWD, NULL, O_RDWR [pid 5003] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102 [pid 4999] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5005] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5003] <... openat resumed>) = -1 EINVAL (Invalid argument) [pid 4999] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 5005] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5003] openat(AT_FDCWD, NULL, O_RDWR [pid 4999] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5005] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5003] <... openat resumed>) = -1 EFAULT (Bad address) [pid 4999] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 5005] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 5003] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5005] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5003] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5005] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 5003] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5004] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [ 58.064163][ T5000] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.074651][ T5001] NILFS (loop1): discard dirty page: offset=0, ino=16 [ 58.078600][ T4999] NILFS (loop0): discard dirty page: offset=0, ino=16 [ 58.081950][ T5001] NILFS (loop1): discard dirty block: blocknr=23, size=1024 [ 58.089768][ T5005] NILFS (loop3): discard dirty page: offset=0, ino=16 [ 58.096234][ T5001] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.103764][ T5003] NILFS (loop5): discard dirty page: offset=0, ino=16 [pid 5003] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 5000] fchdir(-1 [pid 5001] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5000] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 5000] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5000] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0) = -1 EBADF (Bad file descriptor) [pid 5000] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102) = -1 EINVAL (Invalid argument) [pid 5000] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5000] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5000] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [ 58.111779][ T5001] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.127011][ T5001] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.127610][ T5005] NILFS (loop3): discard dirty block: blocknr=23, size=1024 [ 58.136681][ T4999] NILFS (loop0): discard dirty block: blocknr=23, size=1024 [ 58.143619][ T5004] NILFS (loop4): discard dirty page: offset=0, ino=16 [ 58.150739][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5000] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 5001] exit_group(0) = ? [ 58.166914][ T5000] NILFS (loop2): discard dirty page: offset=0, ino=16 [ 58.167024][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.174175][ T5000] NILFS (loop2): discard dirty block: blocknr=23, size=1024 [ 58.183268][ T4999] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.190514][ T5003] NILFS (loop5): discard dirty block: blocknr=23, size=1024 [ 58.201316][ T5005] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5001] +++ exited with 0 +++ [pid 4999] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4999] exit_group(0) = ? [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5001, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- [pid 5005] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4999] +++ exited with 0 +++ [ 58.206929][ T5004] NILFS (loop4): discard dirty block: blocknr=23, size=1024 [ 58.215712][ T5005] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.223337][ T5000] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.231759][ T5005] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.241453][ T5004] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.250860][ T5003] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4994] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5005] exit_group(0 [pid 4994] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5005] <... exit_group resumed>) = ? [pid 4994] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4993] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4999, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- [pid 5005] +++ exited with 0 +++ [pid 5003] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4994] <... openat resumed>) = 3 [pid 4996] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5005, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 4996] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4996] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4996] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4996] getdents64(3, 0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4996] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4996] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4996] unlink("./0/binderfs") = 0 [pid 4996] umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5003] exit_group(0 [pid 5000] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4993] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5000] exit_group(0 [pid 4994] getdents64(3, [pid 4993] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5003] <... exit_group resumed>) = ? [pid 5000] <... exit_group resumed>) = ? [pid 4994] <... getdents64 resumed>0x555556a03620 /* 4 entries */, 32768) = 112 [ 58.259323][ T5000] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.267645][ T5003] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.285307][ T5003] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.286283][ T5004] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.296088][ T5000] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4993] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5003] +++ exited with 0 +++ [pid 5000] +++ exited with 0 +++ [pid 4994] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4993] <... openat resumed>) = 3 [pid 5004] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4995] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5000, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- [pid 4994] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4993] fstat(3, [pid 4998] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5003, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- [pid 4994] lstat("./0/binderfs", [pid 4993] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4998] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4994] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4993] getdents64(3, [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4995] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4994] unlink("./0/binderfs" [pid 4993] <... getdents64 resumed>0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4998] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4995] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4994] <... unlink resumed>) = 0 [pid 4993] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4998] <... openat resumed>) = 3 [pid 4995] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4994] umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4993] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4998] fstat(3, [pid 4995] <... openat resumed>) = 3 [pid 4993] lstat("./0/binderfs", [pid 4998] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] fstat(3, [pid 4993] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4998] getdents64(3, [pid 4995] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4993] unlink("./0/binderfs" [pid 4998] <... getdents64 resumed>0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4995] getdents64(3, [pid 4993] <... unlink resumed>) = 0 [pid 4998] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4995] <... getdents64 resumed>0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4993] umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4995] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4998] lstat("./0/binderfs", [pid 4995] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4998] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4995] lstat("./0/binderfs", [pid 4998] unlink("./0/binderfs" [pid 4995] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4998] <... unlink resumed>) = 0 [pid 4995] unlink("./0/binderfs" [pid 5004] exit_group(0 [pid 4998] umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4995] <... unlink resumed>) = 0 [ 58.314261][ T5004] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.325774][ T4996] NILFS (loop3): discard dirty page: offset=4096, ino=6 [ 58.336893][ T4996] NILFS (loop3): discard dirty block: blocknr=39, size=1024 [ 58.337032][ T4994] NILFS (loop1): discard dirty page: offset=4096, ino=6 [ 58.337051][ T4994] NILFS (loop1): discard dirty block: blocknr=39, size=1024 [ 58.344746][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4995] umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5004] <... exit_group resumed>) = ? [pid 5004] +++ exited with 0 +++ [ 58.353186][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.360167][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.367659][ T4993] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 58.376702][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.385924][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.395020][ T4996] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [pid 4997] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5004, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- [ 58.402179][ T4998] NILFS (loop5): discard dirty page: offset=4096, ino=6 [ 58.413133][ T4996] NILFS (loop3): discard dirty page: offset=0, ino=3 [ 58.419441][ T4993] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 58.426586][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.449543][ T4995] NILFS (loop2): discard dirty page: offset=4096, ino=6 [ 58.450000][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.456883][ T4995] NILFS (loop2): discard dirty block: blocknr=39, size=1024 [pid 4997] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 58.466893][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.473090][ T4998] NILFS (loop5): discard dirty block: blocknr=39, size=1024 [ 58.482830][ T4994] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer [ 58.489255][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.498736][ T4996] NILFS (loop3): discard dirty block: blocknr=44, size=1024 [ 58.514115][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4997] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 58.514136][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.514150][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.514383][ T4995] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer [ 58.525565][ T4994] NILFS (loop1): discard dirty page: offset=0, ino=3 [ 58.540722][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4997] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4996] <... umount2 resumed>) = 0 [pid 4994] <... umount2 resumed>) = 0 [pid 4997] getdents64(3, [ 58.540742][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.540757][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.540964][ T4998] NILFS (loop5): disposed unprocessed dirty file(s) when detaching log writer [ 58.550683][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.556486][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.574121][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4994] umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4997] <... getdents64 resumed>0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4994] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4994] lstat("./0/file2", [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4994] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] lstat("./0/binderfs", [pid 4994] umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4997] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] unlink("./0/binderfs" [pid 4994] openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4997] <... unlink resumed>) = 0 [pid 4994] <... openat resumed>) = 4 [pid 4997] umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 4996] umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4994] getdents64(4, [pid 4996] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4994] <... getdents64 resumed>0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 4996] lstat("./0/file2", [pid 4994] close(4 [pid 4996] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] <... close resumed>) = 0 [pid 4996] umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4994] rmdir("./0/file2" [pid 4996] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4994] <... rmdir resumed>) = 0 [pid 4996] openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4994] getdents64(3, [pid 4996] <... openat resumed>) = 4 [pid 4994] <... getdents64 resumed>0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4996] fstat(4, [pid 4994] close(3 [pid 4996] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] <... close resumed>) = 0 [pid 4996] getdents64(4, [pid 4994] rmdir("./0" [pid 4996] <... getdents64 resumed>0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 4994] <... rmdir resumed>) = 0 [pid 4996] getdents64(4, [pid 4994] mkdir("./1", 0777 [pid 4996] <... getdents64 resumed>0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 4994] <... mkdir resumed>) = 0 [pid 4996] close(4 [pid 4994] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 4996] <... close resumed>) = 0 [pid 4994] <... openat resumed>) = 3 [pid 4996] rmdir("./0/file2" [pid 4994] ioctl(3, LOOP_CLR_FD [pid 4996] <... rmdir resumed>) = 0 [pid 4994] <... ioctl resumed>) = -1 ENXIO (No such device or address) [ 58.574143][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.574158][ T4994] NILFS (loop1): discard dirty block: blocknr=44, size=1024 [ 58.574172][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.653472][ T4997] NILFS (loop4): discard dirty page: offset=4096, ino=6 [ 58.653759][ T4995] NILFS (loop2): discard dirty page: offset=0, ino=3 [pid 4996] getdents64(3, [pid 4994] close(3 [pid 4996] <... getdents64 resumed>0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4994] <... close resumed>) = 0 [pid 4996] close(3 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4996] <... close resumed>) = 0 [pid 4996] rmdir("./0") = 0 [pid 4996] mkdir("./1", 0777) = 0 [pid 4994] <... clone resumed>, child_tidptr=0x555556a025d0) = 5013 [pid 4996] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 4996] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4996] close(3) = 0 [pid 4996] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5014 attached , child_tidptr=0x555556a025d0) = 5014 ./strace-static-x86_64: Process 5013 attached [pid 5014] chdir("./1" [pid 5013] chdir("./1") = 0 [pid 5014] <... chdir resumed>) = 0 [pid 5014] prctl(PR_SET_PDEATHSIG, SIGKILL [ 58.660424][ T4997] NILFS (loop4): discard dirty block: blocknr=39, size=1024 [ 58.668315][ T4998] NILFS (loop5): discard dirty page: offset=0, ino=3 [ 58.681414][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.691364][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.701348][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.710539][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5013] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5014] <... prctl resumed>) = 0 [pid 5013] <... prctl resumed>) = 0 [pid 5014] setpgid(0, 0 [pid 5013] setpgid(0, 0 [pid 5014] <... setpgid resumed>) = 0 [pid 5013] <... setpgid resumed>) = 0 [ 58.718645][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.719583][ T4995] NILFS (loop2): discard dirty block: blocknr=44, size=1024 [ 58.731304][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.736142][ T4998] NILFS (loop5): discard dirty block: blocknr=44, size=1024 [ 58.746599][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.752112][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5013] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5014] <... openat resumed>) = 3 [pid 5013] <... openat resumed>) = 3 [pid 5013] write(3, "1000", 4 [pid 5014] write(3, "1000", 4 [pid 5013] <... write resumed>) = 4 [pid 5014] <... write resumed>) = 4 [pid 5013] close(3 [pid 5014] close(3 [pid 5013] <... close resumed>) = 0 [pid 5014] <... close resumed>) = 0 [pid 5013] symlink("/dev/binderfs", "./binderfs" [pid 5014] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5013] <... symlink resumed>) = 0 [pid 5014] memfd_create("syzkaller", 0 [pid 5013] memfd_create("syzkaller", 0 [pid 5014] <... memfd_create resumed>) = 3 [pid 5014] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5013] <... memfd_create resumed>) = 3 [pid 5014] <... mmap resumed>) = 0x7f4167bc0000 [pid 5013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 4998] <... umount2 resumed>) = 0 [pid 4995] <... umount2 resumed>) = 0 [pid 5013] <... mmap resumed>) = 0x7f4167bc0000 [pid 4998] umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4995] umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5013] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4995] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4998] lstat("./0/file2", [pid 4995] lstat("./0/file2", [pid 4998] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5014] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 4998] umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4995] umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4995] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4998] openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4995] openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4998] <... openat resumed>) = 4 [pid 4995] <... openat resumed>) = 4 [pid 4998] fstat(4, [pid 4995] fstat(4, [pid 4998] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4998] getdents64(4, [pid 4995] getdents64(4, [pid 4998] <... getdents64 resumed>0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 4995] <... getdents64 resumed>0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 4998] getdents64(4, [pid 4995] getdents64(4, [pid 4998] <... getdents64 resumed>0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 4995] <... getdents64 resumed>0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 4998] close(4) = 0 [pid 4995] close(4 [ 58.762814][ T4997] NILFS (loop4): disposed unprocessed dirty file(s) when detaching log writer [ 58.778651][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.801180][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4998] rmdir("./0/file2" [pid 4995] <... close resumed>) = 0 [pid 5014] <... write resumed>) = 1048576 [pid 5013] <... write resumed>) = 1048576 [pid 4998] <... rmdir resumed>) = 0 [pid 4998] getdents64(3, [pid 4995] rmdir("./0/file2" [pid 5014] munmap(0x7f4167bc0000, 1048576 [pid 5013] munmap(0x7f4167bc0000, 1048576 [pid 4998] <... getdents64 resumed>0x555556a03620 /* 0 entries */, 32768) = 0 [pid 5014] <... munmap resumed>) = 0 [pid 5013] <... munmap resumed>) = 0 [pid 4998] close(3 [pid 4995] <... rmdir resumed>) = 0 [pid 5014] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5013] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 4998] <... close resumed>) = 0 [pid 4995] getdents64(3, [pid 5014] <... openat resumed>) = 4 [pid 5013] <... openat resumed>) = 4 [pid 4998] rmdir("./0" [pid 4995] <... getdents64 resumed>0x555556a03620 /* 0 entries */, 32768) = 0 [pid 5014] ioctl(4, LOOP_SET_FD, 3 [pid 5013] ioctl(4, LOOP_SET_FD, 3 [pid 4998] <... rmdir resumed>) = 0 [ 58.842439][ T4993] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 58.857388][ T4993] NILFS (loop0): discard dirty page: offset=0, ino=3 [ 58.865494][ T4997] NILFS (loop4): discard dirty page: offset=0, ino=3 [ 58.873363][ T5014] loop3: detected capacity change from 0 to 2048 [ 58.877041][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4995] close(3 [pid 4998] mkdir("./1", 0777 [pid 4995] <... close resumed>) = 0 [pid 5014] <... ioctl resumed>) = 0 [pid 5013] <... ioctl resumed>) = 0 [pid 4998] <... mkdir resumed>) = 0 [pid 4995] rmdir("./0" [pid 5014] close(3 [pid 5013] close(3 [pid 4998] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 4995] <... rmdir resumed>) = 0 [ 58.879875][ T5013] loop1: detected capacity change from 0 to 2048 [ 58.889547][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.895705][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.905580][ T4993] NILFS (loop0): discard dirty block: blocknr=44, size=1024 [ 58.914290][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.921771][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5014] <... close resumed>) = 0 [pid 5013] <... close resumed>) = 0 [pid 5014] mkdir("./file2", 0777 [pid 5013] mkdir("./file2", 0777 [pid 4998] <... openat resumed>) = 3 [pid 4995] mkdir("./1", 0777 [pid 5014] <... mkdir resumed>) = 0 [pid 5013] <... mkdir resumed>) = 0 [pid 4998] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4995] <... mkdir resumed>) = 0 [pid 5013] mount("/dev/loop1", "./file2", "nilfs2", 0, "" [pid 5014] mount("/dev/loop3", "./file2", "nilfs2", 0, "" [pid 4998] close(3 [pid 4995] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 4998] <... close resumed>) = 0 [pid 4995] <... openat resumed>) = 3 [pid 4998] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4995] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4995] close(3) = 0 [pid 4998] <... clone resumed>, child_tidptr=0x555556a025d0) = 5015 [pid 4995] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a025d0) = 5016 [pid 4997] <... umount2 resumed>) = 0 [pid 5013] <... mount resumed>) = 0 ./strace-static-x86_64: Process 5016 attached [pid 5016] chdir("./1") = 0 [pid 5016] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 ./strace-static-x86_64: Process 5015 attached [pid 5013] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [ 58.930121][ T4997] NILFS (loop4): discard dirty block: blocknr=44, size=1024 [ 58.946189][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 58.978411][ T5017] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 4997] umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] setpgid(0, 0 [pid 5015] chdir("./1" [pid 5014] <... mount resumed>) = 0 [pid 5013] <... openat resumed>) = 3 [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... setpgid resumed>) = 0 [pid 5015] <... chdir resumed>) = 0 [pid 5014] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5013] chdir("./file2" [pid 4997] lstat("./0/file2", [pid 4993] <... umount2 resumed>) = 0 [pid 5016] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5015] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5014] <... openat resumed>) = 3 [pid 5013] <... chdir resumed>) = 0 [pid 4997] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5015] <... prctl resumed>) = 0 [pid 5014] chdir("./file2" [pid 5013] ioctl(4, LOOP_CLR_FD [pid 5016] <... openat resumed>) = 3 [pid 5015] setpgid(0, 0 [pid 5014] <... chdir resumed>) = 0 [pid 5013] <... ioctl resumed>) = 0 [pid 4997] umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] write(3, "1000", 4 [pid 5015] <... setpgid resumed>) = 0 [pid 5014] ioctl(4, LOOP_CLR_FD [pid 5013] close(4 [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4993] umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... write resumed>) = 4 [pid 5015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5014] <... ioctl resumed>) = 0 [pid 5013] <... close resumed>) = 0 [pid 4997] openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] close(3 [pid 4993] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... close resumed>) = 0 [ 59.000120][ T5018] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5015] <... openat resumed>) = 3 [pid 5014] close(4 [pid 5013] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 4997] <... openat resumed>) = 4 [pid 5016] symlink("/dev/binderfs", "./binderfs" [pid 5015] write(3, "1000", 4 [pid 5014] <... close resumed>) = 0 [pid 4993] lstat("./0/file2", [pid 5016] <... symlink resumed>) = 0 [pid 5015] <... write resumed>) = 4 [pid 5014] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5013] <... open resumed>) = 4 [pid 4997] fstat(4, [pid 4993] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5016] memfd_create("syzkaller", 0 [pid 5015] close(3 [pid 5014] <... open resumed>) = 4 [pid 5013] ftruncate(4, 0 [pid 4997] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4993] umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... memfd_create resumed>) = 3 [pid 5015] <... close resumed>) = 0 [pid 5014] ftruncate(4, 0 [pid 4997] getdents64(4, [pid 4993] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 4993] openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5016] <... mmap resumed>) = 0x7f4167bc0000 [pid 4993] <... openat resumed>) = 4 [pid 4993] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4993] getdents64(4, 0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 5015] symlink("/dev/binderfs", "./binderfs" [pid 4997] <... getdents64 resumed>0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 4993] getdents64(4, [pid 5015] <... symlink resumed>) = 0 [pid 4997] getdents64(4, [pid 4993] <... getdents64 resumed>0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 4993] close(4) = 0 [pid 5016] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 4993] rmdir("./0/file2") = 0 [pid 4993] getdents64(3, [pid 5016] <... write resumed>) = 1048576 [pid 5015] memfd_create("syzkaller", 0 [pid 4997] <... getdents64 resumed>0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 4993] <... getdents64 resumed>0x555556a03620 /* 0 entries */, 32768) = 0 [pid 5015] <... memfd_create resumed>) = 3 [pid 4997] close(4 [pid 4993] close(3 [pid 5015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 4997] <... close resumed>) = 0 [pid 4993] <... close resumed>) = 0 [pid 5015] <... mmap resumed>) = 0x7f4167bc0000 [pid 4997] rmdir("./0/file2" [pid 4993] rmdir("./0") = 0 [pid 4993] mkdir("./1", 0777) = 0 [pid 4993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4993] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4993] close(3 [pid 5015] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 4993] <... close resumed>) = 0 [pid 4997] <... rmdir resumed>) = 0 [pid 4997] getdents64(3, [pid 4993] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4997] <... getdents64 resumed>0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4997] close(3 [pid 4993] <... clone resumed>, child_tidptr=0x555556a025d0) = 5021 [pid 4997] <... close resumed>) = 0 [ 59.035722][ T27] audit: type=1800 audit(1686241700.258:8): pid=5013 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor134" name="file2" dev="loop1" ino=16 res=0 errno=0 [ 59.065090][ T5013] NILFS (loop1): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 59.078273][ T5014] NILFS (loop3): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [pid 4997] rmdir("./0") = 0 [pid 4997] mkdir("./1", 0777./strace-static-x86_64: Process 5021 attached [pid 5021] chdir("./1") = 0 [pid 5021] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5021] setpgid(0, 0) = 0 [pid 5021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5021] write(3, "1000", 4) = 4 [pid 5016] munmap(0x7f4167bc0000, 1048576 [pid 5021] close(3) = 0 [pid 5021] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4997] <... mkdir resumed>) = 0 [pid 5021] memfd_create("syzkaller", 0 [pid 5016] <... munmap resumed>) = 0 [pid 4997] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5021] <... memfd_create resumed>) = 3 [pid 5016] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 4997] <... openat resumed>) = 3 [pid 5021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5016] <... openat resumed>) = 4 [pid 4997] ioctl(3, LOOP_CLR_FD [pid 5021] <... mmap resumed>) = 0x7f4167bc0000 [pid 5016] ioctl(4, LOOP_SET_FD, 3 [pid 4997] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5021] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5015] <... write resumed>) = 1048576 [pid 4997] close(3 [pid 5016] <... ioctl resumed>) = 0 [pid 5016] close(3) = 0 [pid 5016] mkdir("./file2", 0777) = 0 [ 59.106558][ T5013] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=16) [ 59.115907][ T5014] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=16) [ 59.132932][ T5016] loop2: detected capacity change from 0 to 2048 [pid 5016] mount("/dev/loop2", "./file2", "nilfs2", 0, "" [pid 5015] munmap(0x7f4167bc0000, 1048576 [pid 4997] <... close resumed>) = 0 [pid 5015] <... munmap resumed>) = 0 [pid 4997] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5015] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 4997] <... clone resumed>, child_tidptr=0x555556a025d0) = 5022 [pid 5015] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5022 attached ) = 0 [ 59.142664][ T27] audit: type=1800 audit(1686241700.278:9): pid=5014 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor134" name="file2" dev="loop3" ino=16 res=0 errno=0 [ 59.161699][ T5013] Remounting filesystem read-only [ 59.174666][ T5014] Remounting filesystem read-only [ 59.182529][ T5015] loop5: detected capacity change from 0 to 2048 [ 59.183386][ T5013] NILFS (loop1): error -5 truncating bmap (ino=16) [ 59.193594][ T5014] NILFS (loop3): error -5 truncating bmap (ino=16) [pid 5022] chdir("./1" [pid 5021] <... write resumed>) = 1048576 [pid 5015] close(3 [pid 5014] <... ftruncate resumed>) = 0 [pid 5013] <... ftruncate resumed>) = 0 [pid 5022] <... chdir resumed>) = 0 [pid 5021] munmap(0x7f4167bc0000, 1048576 [pid 5015] <... close resumed>) = 0 [pid 5014] write(4, "0x0000000000000000", 18 [pid 5022] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5021] <... munmap resumed>) = 0 [pid 5015] mkdir("./file2", 0777 [pid 5022] <... prctl resumed>) = 0 [pid 5021] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5015] <... mkdir resumed>) = 0 [pid 5022] setpgid(0, 0 [pid 5021] <... openat resumed>) = 4 [pid 5015] mount("/dev/loop5", "./file2", "nilfs2", 0, "" [pid 5022] <... setpgid resumed>) = 0 [pid 5021] ioctl(4, LOOP_SET_FD, 3 [pid 5013] write(4, "0x0000000000000000", 18 [pid 5022] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5022] write(3, "1000", 4) = 4 [pid 5022] close(3) = 0 [pid 5022] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5022] memfd_create("syzkaller", 0) = 3 [pid 5022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4167bc0000 [pid 5022] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5021] <... ioctl resumed>) = 0 [pid 5016] <... mount resumed>) = 0 [pid 5015] <... mount resumed>) = 0 [pid 5021] close(3) = 0 [pid 5022] <... write resumed>) = 1048576 [pid 5021] mkdir("./file2", 0777) = 0 [pid 5021] mount("/dev/loop0", "./file2", "nilfs2", 0, "" [pid 5016] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5015] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5016] <... openat resumed>) = 3 [pid 5015] <... openat resumed>) = 3 [ 59.197821][ T5023] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 59.211088][ T5021] loop0: detected capacity change from 0 to 2048 [ 59.212945][ T5014] NILFS (loop3): discard dirty page: offset=0, ino=16 [ 59.231410][ T5013] NILFS (loop1): discard dirty page: offset=0, ino=16 [ 59.233174][ T5024] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5016] chdir("./file2" [pid 5015] chdir("./file2" [pid 5022] munmap(0x7f4167bc0000, 1048576) = 0 [pid 5022] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5022] ioctl(4, LOOP_SET_FD, 3 [pid 5016] <... chdir resumed>) = 0 [pid 5015] <... chdir resumed>) = 0 [pid 5016] ioctl(4, LOOP_CLR_FD [pid 5015] ioctl(4, LOOP_CLR_FD [pid 5016] <... ioctl resumed>) = 0 [pid 5015] <... ioctl resumed>) = 0 [pid 5016] close(4 [pid 5015] close(4) = 0 [pid 5016] <... close resumed>) = 0 [pid 5016] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5015] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5022] <... ioctl resumed>) = 0 [pid 5022] close(3) = 0 [pid 5022] mkdir("./file2", 0777) = 0 [ 59.250723][ T5014] NILFS (loop3): discard dirty block: blocknr=23, size=1024 [ 59.252502][ T5013] NILFS (loop1): discard dirty block: blocknr=23, size=1024 [ 59.259028][ T5014] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.271881][ T5022] loop4: detected capacity change from 0 to 2048 [ 59.283722][ T5014] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.292661][ T5014] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.300689][ T5013] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.310841][ T27] audit: type=1800 audit(1686241700.518:10): pid=5016 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor134" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 59.312046][ T5013] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5022] mount("/dev/loop4", "./file2", "nilfs2", 0, "" [pid 5016] <... open resumed>) = 4 [pid 5015] <... open resumed>) = 4 [pid 5014] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5021] <... mount resumed>) = 0 [pid 5016] ftruncate(4, 0 [pid 5015] ftruncate(4, 0 [pid 5014] fchdir(-1 [pid 5021] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5014] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 5014] creat(NULL, 000 [pid 5021] <... openat resumed>) = 3 [pid 5014] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5013] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5013] fchdir(-1) = -1 EBADF (Bad file descriptor) [pid 5013] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5013] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0) = -1 EBADF (Bad file descriptor) [pid 5013] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102) = -1 EINVAL (Invalid argument) [pid 5013] openat(AT_FDCWD, NULL, O_RDWR [pid 5021] chdir("./file2" [pid 5014] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0 [pid 5021] <... chdir resumed>) = 0 [pid 5014] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5021] ioctl(4, LOOP_CLR_FD [ 59.332833][ T27] audit: type=1800 audit(1686241700.518:11): pid=5015 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor134" name="file2" dev="loop5" ino=16 res=0 errno=0 [ 59.345492][ T5025] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 59.361951][ T5013] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.386310][ T5016] NILFS (loop2): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 59.397519][ T5015] NILFS (loop5): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [pid 5014] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102 [pid 5022] <... mount resumed>) = 0 [pid 5021] <... ioctl resumed>) = 0 [pid 5014] <... openat resumed>) = -1 EINVAL (Invalid argument) [pid 5013] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5013] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5013] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5013] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 5021] close(4 [pid 5014] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5021] <... close resumed>) = 0 [pid 5022] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5021] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5014] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5014] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 5021] <... open resumed>) = 4 [pid 5014] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5022] <... openat resumed>) = 3 [pid 5021] ftruncate(4, 0 [pid 5014] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [ 59.398525][ T5026] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 59.409748][ T5015] NILFS error (device loop5): nilfs_bmap_truncate: broken bmap (inode number=16) [ 59.429749][ T5013] NILFS (loop1): discard dirty page: offset=0, ino=16 [ 59.438702][ T5016] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=16) [ 59.450143][ T5013] NILFS (loop1): discard dirty block: blocknr=23, size=1024 [pid 5022] chdir("./file2") = 0 [pid 5022] ioctl(4, LOOP_CLR_FD) = 0 [pid 5022] close(4) = 0 [pid 5022] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [ 59.450418][ T5021] NILFS (loop0): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 59.459389][ T5013] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.468934][ T5014] NILFS (loop3): discard dirty page: offset=0, ino=16 [ 59.480091][ T5015] Remounting filesystem read-only [ 59.489982][ T5016] Remounting filesystem read-only [ 59.496391][ T5016] NILFS (loop2): error -5 truncating bmap (ino=16) [pid 5022] ftruncate(4, 0 [pid 5016] <... ftruncate resumed>) = 0 [pid 5016] write(4, "0x0000000000000000", 18 [pid 5015] <... ftruncate resumed>) = 0 [ 59.504708][ T5015] NILFS (loop5): error -5 truncating bmap (ino=16) [ 59.512525][ T5022] NILFS (loop4): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 59.513367][ T5013] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.525342][ T5014] NILFS (loop3): discard dirty block: blocknr=23, size=1024 [ 59.534532][ T5013] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.544893][ T5021] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=16) [pid 5015] write(4, "0x0000000000000000", 18) = -1 EROFS (Read-only file system) [pid 5015] fchdir(-1) = -1 EBADF (Bad file descriptor) [pid 5015] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5015] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0) = -1 EBADF (Bad file descriptor) [pid 5015] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102) = -1 EINVAL (Invalid argument) [pid 5015] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5015] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5015] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5015] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 5013] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5013] exit_group(0) = ? [pid 5013] +++ exited with 0 +++ [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5013, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 4994] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./1/binderfs") = 0 [ 59.548665][ T5016] NILFS (loop2): discard dirty page: offset=0, ino=16 [ 59.557746][ T5022] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=16) [ 59.564292][ T5015] NILFS (loop5): discard dirty page: offset=0, ino=16 [ 59.564311][ T5015] NILFS (loop5): discard dirty block: blocknr=23, size=1024 [ 59.564325][ T5015] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.564341][ T5015] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.564355][ T5015] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.579318][ T5016] NILFS (loop2): discard dirty block: blocknr=23, size=1024 [ 59.593600][ T5014] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.596741][ T5015] NILFS (loop5): discard dirty page: offset=0, ino=16 [ 59.605682][ T5014] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.631688][ T5015] NILFS (loop5): discard dirty block: blocknr=23, size=1024 [ 59.638121][ T5022] Remounting filesystem read-only [pid 4994] umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5022] <... ftruncate resumed>) = 0 [pid 5021] <... ftruncate resumed>) = 0 [pid 5022] write(4, "0x0000000000000000", 18 [ 59.654472][ T4994] NILFS (loop1): discard dirty page: offset=4096, ino=6 [ 59.658699][ T5021] Remounting filesystem read-only [ 59.666176][ T5016] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.671050][ T5021] NILFS (loop0): error -5 truncating bmap (ino=16) [ 59.686535][ T5022] NILFS (loop4): error -5 truncating bmap (ino=16) [ 59.694242][ T5014] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.695018][ T4994] NILFS (loop1): discard dirty block: blocknr=39, size=1024 [ 59.695206][ T5022] NILFS (loop4): discard dirty page: offset=0, ino=16 [ 59.705314][ T5015] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.719469][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.727089][ T5021] NILFS (loop0): discard dirty page: offset=0, ino=16 [ 59.737394][ T5015] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.743039][ T5022] NILFS (loop4): discard dirty block: blocknr=23, size=1024 [pid 5021] write(4, "0x0000000000000000", 18 [pid 5015] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5015] exit_group(0) = ? [pid 5015] +++ exited with 0 +++ [pid 4998] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5015, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 4998] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4998] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4998] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4998] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4998] getdents64(3, 0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4998] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4998] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4998] unlink("./1/binderfs") = 0 [pid 4998] umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5014] <... write resumed>) = -1 EROFS (Read-only file system) [ 59.753024][ T5015] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.759238][ T5016] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.769441][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.777291][ T5021] NILFS (loop0): discard dirty block: blocknr=23, size=1024 [ 59.796787][ T5022] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5014] exit_group(0) = ? [pid 5014] +++ exited with 0 +++ [pid 4996] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5014, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 4996] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4996] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4996] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4996] getdents64(3, 0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4996] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4996] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4996] unlink("./1/binderfs") = 0 [ 59.797638][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.806410][ T5016] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.815061][ T4998] NILFS (loop5): discard dirty page: offset=4096, ino=6 [ 59.823694][ T5022] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.840687][ T4994] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer [ 59.841626][ T5021] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4996] umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5016] <... write resumed>) = -1 EROFS (Read-only file system) [ 59.854589][ T4998] NILFS (loop5): discard dirty block: blocknr=39, size=1024 [ 59.859861][ T5022] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.869007][ T4994] NILFS (loop1): discard dirty page: offset=0, ino=3 [ 59.875551][ T5021] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.882393][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.891196][ T5021] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5016] fchdir(-1 [pid 5022] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5021] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5016] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 5022] fchdir(-1 [pid 5021] fchdir(-1 [pid 5016] creat(NULL, 000 [pid 5022] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 5021] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 5016] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5022] creat(NULL, 000 [pid 5021] creat(NULL, 000 [pid 5016] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0 [pid 5022] <... creat resumed>) = -1 EFAULT (Bad address) [ 59.899727][ T4996] NILFS (loop3): discard dirty page: offset=4096, ino=6 [ 59.908504][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.916433][ T4996] NILFS (loop3): discard dirty block: blocknr=39, size=1024 [ 59.925217][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.933176][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.941288][ T4994] NILFS (loop1): discard dirty block: blocknr=44, size=1024 [pid 5022] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0 [pid 5021] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5016] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5022] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5021] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0 [pid 5016] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102 [pid 5022] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102 [pid 5021] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5016] <... openat resumed>) = -1 EINVAL (Invalid argument) [pid 5022] <... openat resumed>) = -1 EINVAL (Invalid argument) [pid 5021] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102 [pid 5016] openat(AT_FDCWD, NULL, O_RDWR [pid 5022] openat(AT_FDCWD, NULL, O_RDWR [pid 5021] <... openat resumed>) = -1 EINVAL (Invalid argument) [pid 5016] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5022] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5021] openat(AT_FDCWD, NULL, O_RDWR [pid 5016] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 4994] <... umount2 resumed>) = 0 [pid 5022] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5021] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5016] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5022] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [ 59.957903][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.958355][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.968152][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.985826][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 59.996376][ T4998] NILFS (loop5): disposed unprocessed dirty file(s) when detaching log writer [pid 5021] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5022] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 5021] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5016] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 4994] umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5022] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5021] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 5016] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4994] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5022] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 5021] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5016] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [ 60.006693][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.015300][ T4998] NILFS (loop5): discard dirty page: offset=0, ino=3 [ 60.017461][ T4996] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 60.023284][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.033053][ T4996] NILFS (loop3): discard dirty page: offset=0, ino=3 [ 60.040695][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4994] lstat("./1/file2", [pid 5021] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 4994] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 60.047740][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.057461][ T5016] NILFS (loop2): discard dirty page: offset=0, ino=16 [ 60.065630][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.081240][ T4996] NILFS (loop3): discard dirty block: blocknr=44, size=1024 [ 60.081484][ T5022] NILFS (loop4): discard dirty page: offset=0, ino=16 [ 60.089528][ T5016] NILFS (loop2): discard dirty block: blocknr=23, size=1024 [ 60.096051][ T5021] NILFS (loop0): discard dirty page: offset=0, ino=16 [pid 4994] openat(AT_FDCWD, "./1/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 60.103590][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.110188][ T5021] NILFS (loop0): discard dirty block: blocknr=23, size=1024 [ 60.119189][ T4998] NILFS (loop5): discard dirty block: blocknr=44, size=1024 [ 60.126479][ T5022] NILFS (loop4): discard dirty block: blocknr=23, size=1024 [ 60.133852][ T5016] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.149372][ T5022] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4994] getdents64(4, [pid 4996] <... umount2 resumed>) = 0 [pid 4996] umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4996] lstat("./1/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4996] umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4996] openat(AT_FDCWD, "./1/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4996] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4996] getdents64(4, 0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 4996] getdents64(4, 0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 4996] close(4) = 0 [pid 4996] rmdir("./1/file2" [pid 4994] <... getdents64 resumed>0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 4996] <... rmdir resumed>) = 0 [pid 4996] getdents64(3, 0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4996] close(3) = 0 [pid 4996] rmdir("./1") = 0 [pid 4996] mkdir("./2", 0777 [pid 4994] getdents64(4, 0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 4996] <... mkdir resumed>) = 0 [pid 4996] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 4996] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4996] close(3) = 0 [pid 4996] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a025d0) = 5027 ./strace-static-x86_64: Process 5027 attached [pid 5027] chdir("./2") = 0 [pid 5027] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 4994] close(4 [pid 5027] <... prctl resumed>) = 0 [pid 5027] setpgid(0, 0) = 0 [pid 5027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5027] write(3, "1000", 4) = 4 [pid 5027] close(3) = 0 [pid 5027] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5027] memfd_create("syzkaller", 0) = 3 [pid 5027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4167bc0000 [pid 4994] <... close resumed>) = 0 [ 60.151841][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.158959][ T5021] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.183006][ T5016] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.187894][ T5022] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4994] rmdir("./1/file2") = 0 [pid 4994] getdents64(3, [pid 5016] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5016] exit_group(0 [pid 4994] <... getdents64 resumed>0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4994] close(3 [pid 5016] <... exit_group resumed>) = ? [pid 4994] <... close resumed>) = 0 [pid 4994] rmdir("./1") = 0 [pid 4998] <... umount2 resumed>) = 0 [pid 5016] +++ exited with 0 +++ [pid 4995] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5016, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 4995] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5022] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5021] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4998] umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4995] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4994] mkdir("./2", 0777 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4995] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5021] exit_group(0 [pid 4998] lstat("./1/file2", [pid 4995] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4994] <... mkdir resumed>) = 0 [pid 5022] exit_group(0 [pid 5021] <... exit_group resumed>) = ? [pid 4998] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] <... openat resumed>) = 3 [pid 4998] umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4995] fstat(3, [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4995] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4998] openat(AT_FDCWD, "./1/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4995] getdents64(3, [pid 4998] <... openat resumed>) = 4 [pid 4995] <... getdents64 resumed>0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4998] fstat(4, [pid 4995] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4998] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5022] <... exit_group resumed>) = ? [pid 5021] +++ exited with 0 +++ [pid 4998] getdents64(4, [pid 4995] lstat("./1/binderfs", [pid 4994] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 4998] <... getdents64 resumed>0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 4995] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4998] getdents64(4, [pid 4995] unlink("./1/binderfs" [pid 4994] <... openat resumed>) = 3 [pid 4998] <... getdents64 resumed>0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 4995] <... unlink resumed>) = 0 [pid 4994] ioctl(3, LOOP_CLR_FD [pid 4993] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5021, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- [pid 4998] close(4 [pid 4995] umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4994] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 4998] <... close resumed>) = 0 [pid 4994] close(3 [pid 4993] restart_syscall(<... resuming interrupted clone ...> [pid 4998] rmdir("./1/file2") = 0 [pid 4994] <... close resumed>) = 0 [pid 4993] <... restart_syscall resumed>) = 0 [pid 4998] getdents64(3, 0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4998] close(3) = 0 [pid 4998] rmdir("./1") = 0 [pid 4998] mkdir("./2", 0777) = 0 [pid 5027] <... write resumed>) = 1048576 [pid 4998] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5022] +++ exited with 0 +++ [pid 4998] <... openat resumed>) = 3 [pid 4998] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4997] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5022, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 4998] close(3 [pid 4997] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4998] <... close resumed>) = 0 [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4998] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4997] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4998] <... clone resumed>, child_tidptr=0x555556a025d0) = 5029 [pid 4997] fstat(3, [pid 4994] <... clone resumed>, child_tidptr=0x555556a025d0) = 5028 [pid 4993] umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4997] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] getdents64(3, [pid 4993] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] <... getdents64 resumed>0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4997] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4993] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] lstat("./1/binderfs", [pid 4993] <... openat resumed>) = 3 [pid 4997] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4997] unlink("./1/binderfs" [pid 4993] fstat(3, ./strace-static-x86_64: Process 5028 attached [pid 5027] munmap(0x7f4167bc0000, 1048576 [pid 4997] <... unlink resumed>) = 0 [pid 4993] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5028] chdir("./2" [pid 5027] <... munmap resumed>) = 0 [ 60.214385][ T5021] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.221321][ T5016] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.224899][ T5022] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.253354][ T5021] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4997] umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4993] getdents64(3, ./strace-static-x86_64: Process 5029 attached [pid 5028] <... chdir resumed>) = 0 [pid 5029] chdir("./2" [pid 5028] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5027] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 4993] <... getdents64 resumed>0x555556a03620 /* 4 entries */, 32768) = 112 [pid 5029] <... chdir resumed>) = 0 [pid 5028] <... prctl resumed>) = 0 [pid 5027] <... openat resumed>) = 4 [pid 5029] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5028] setpgid(0, 0 [pid 5027] ioctl(4, LOOP_SET_FD, 3 [pid 5029] <... prctl resumed>) = 0 [pid 5028] <... setpgid resumed>) = 0 [pid 5029] setpgid(0, 0 [pid 5028] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5029] <... setpgid resumed>) = 0 [pid 5028] <... openat resumed>) = 3 [pid 5029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5028] write(3, "1000", 4 [pid 5029] <... openat resumed>) = 3 [pid 5028] <... write resumed>) = 4 [pid 5029] write(3, "1000", 4 [pid 5028] close(3 [pid 5029] <... write resumed>) = 4 [pid 5028] <... close resumed>) = 0 [pid 5029] close(3 [pid 5028] symlink("/dev/binderfs", "./binderfs" [pid 5029] <... close resumed>) = 0 [pid 5028] <... symlink resumed>) = 0 [pid 5029] symlink("/dev/binderfs", "./binderfs" [pid 5028] memfd_create("syzkaller", 0 [pid 5029] <... symlink resumed>) = 0 [pid 5028] <... memfd_create resumed>) = 3 [pid 5029] memfd_create("syzkaller", 0 [pid 5028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5029] <... memfd_create resumed>) = 3 [pid 5028] <... mmap resumed>) = 0x7f4167bc0000 [pid 5029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5028] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5029] <... mmap resumed>) = 0x7f4167bc0000 [ 60.293623][ T4995] NILFS (loop2): discard dirty page: offset=4096, ino=6 [ 60.295339][ T5027] loop3: detected capacity change from 0 to 2048 [ 60.300607][ T4995] NILFS (loop2): discard dirty block: blocknr=39, size=1024 [ 60.300626][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.323933][ T4997] NILFS (loop4): discard dirty page: offset=4096, ino=6 [ 60.330932][ T4997] NILFS (loop4): discard dirty block: blocknr=39, size=1024 [pid 4993] umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5029] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 4993] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4993] lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4993] unlink("./1/binderfs") = 0 [pid 5027] <... ioctl resumed>) = 0 [pid 5027] close(3) = 0 [pid 4993] umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5027] mkdir("./file2", 0777) = 0 [ 60.336730][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.349029][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.361308][ T4995] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer [ 60.369503][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.372893][ T4995] NILFS (loop2): discard dirty page: offset=0, ino=3 [ 60.386048][ T4993] NILFS (loop0): discard dirty page: offset=4096, ino=6 [pid 5027] mount("/dev/loop3", "./file2", "nilfs2", 0, "" [pid 5028] <... write resumed>) = 1048576 [pid 5029] <... write resumed>) = 1048576 [pid 5028] munmap(0x7f4167bc0000, 1048576 [pid 5029] munmap(0x7f4167bc0000, 1048576) = 0 [pid 5028] <... munmap resumed>) = 0 [pid 5028] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5029] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5028] ioctl(4, LOOP_SET_FD, 3 [pid 5029] <... openat resumed>) = 4 [pid 5029] ioctl(4, LOOP_SET_FD, 3 [pid 5028] <... ioctl resumed>) = 0 [pid 5028] close(3) = 0 [pid 5028] mkdir("./file2", 0777) = 0 [pid 5028] mount("/dev/loop1", "./file2", "nilfs2", 0, "" [pid 5029] <... ioctl resumed>) = 0 [pid 5029] close(3) = 0 [pid 5029] mkdir("./file2", 0777) = 0 [ 60.387949][ T5028] loop1: detected capacity change from 0 to 2048 [ 60.400853][ T4993] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 60.402989][ T5029] loop5: detected capacity change from 0 to 2048 [ 60.409555][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.418834][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.424498][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.437192][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.442294][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.453619][ T4997] NILFS (loop4): disposed unprocessed dirty file(s) when detaching log writer [ 60.459961][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.472088][ T5030] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5029] mount("/dev/loop5", "./file2", "nilfs2", 0, "" [pid 5027] <... mount resumed>) = 0 [pid 5027] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5027] chdir("./file2") = 0 [pid 5027] ioctl(4, LOOP_CLR_FD) = 0 [pid 5027] close(4) = 0 [ 60.477965][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.491238][ T4997] NILFS (loop4): discard dirty page: offset=0, ino=3 [ 60.497619][ T4995] NILFS (loop2): discard dirty block: blocknr=44, size=1024 [ 60.504287][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.511064][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.532215][ T4993] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [pid 5027] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 4995] <... umount2 resumed>) = 0 [pid 5027] <... open resumed>) = 4 [pid 4995] umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5027] ftruncate(4, 0 [pid 4995] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 60.536745][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.541707][ T5032] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 60.550773][ T4997] NILFS (loop4): discard dirty block: blocknr=44, size=1024 [ 60.566124][ T5031] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 60.569037][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4997] <... umount2 resumed>) = 0 [pid 4995] lstat("./1/file2", [pid 4997] umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4995] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5029] <... mount resumed>) = 0 [pid 4997] lstat("./1/file2", [pid 4995] umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5029] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 4997] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4995] openat(AT_FDCWD, "./1/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5029] chdir("./file2" [pid 4995] <... openat resumed>) = 4 [pid 4997] openat(AT_FDCWD, "./1/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5029] <... chdir resumed>) = 0 [pid 5028] <... mount resumed>) = 0 [pid 4997] <... openat resumed>) = 4 [pid 4995] fstat(4, [pid 5029] ioctl(4, LOOP_CLR_FD [pid 5028] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5029] <... ioctl resumed>) = 0 [pid 5028] <... openat resumed>) = 3 [pid 5029] close(4 [pid 5028] chdir("./file2" [pid 5029] <... close resumed>) = 0 [pid 5028] <... chdir resumed>) = 0 [pid 5029] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5028] ioctl(4, LOOP_CLR_FD) = 0 [pid 5028] close(4) = 0 [ 60.579565][ T5027] NILFS (loop3): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 60.594959][ T4993] NILFS (loop0): discard dirty page: offset=0, ino=3 [ 60.601810][ T5027] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=16) [ 60.617624][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.629215][ T5027] Remounting filesystem read-only [ 60.632129][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5028] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 4997] fstat(4, [pid 4995] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5029] <... open resumed>) = 4 [pid 5028] <... open resumed>) = 4 [pid 5029] ftruncate(4, 0 [pid 5028] ftruncate(4, 0 [pid 4997] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(4, [pid 5027] <... ftruncate resumed>) = 0 [pid 5027] write(4, "0x0000000000000000", 18 [pid 4997] getdents64(4, [pid 4995] <... getdents64 resumed>0x555556a0b660 /* 2 entries */, 32768) = 48 [ 60.644120][ T5027] NILFS (loop3): error -5 truncating bmap (ino=16) [ 60.651386][ T4993] NILFS (loop0): discard dirty block: blocknr=44, size=1024 [ 60.664883][ T5028] NILFS (loop1): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 60.676387][ T5029] NILFS (loop5): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [pid 4997] <... getdents64 resumed>0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 4995] getdents64(4, [pid 4993] <... umount2 resumed>) = 0 [pid 4997] getdents64(4, [pid 4995] <... getdents64 resumed>0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 4993] umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4997] <... getdents64 resumed>0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 4995] close(4 [pid 4993] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] close(4 [pid 4995] <... close resumed>) = 0 [pid 4997] <... close resumed>) = 0 [pid 4993] lstat("./1/file2", [pid 4997] rmdir("./1/file2" [pid 4995] rmdir("./1/file2" [pid 4993] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] <... rmdir resumed>) = 0 [pid 4995] <... rmdir resumed>) = 0 [pid 4997] getdents64(3, [pid 4993] umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4995] getdents64(3, [pid 4997] <... getdents64 resumed>0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4993] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4995] <... getdents64 resumed>0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4997] close(3 [pid 4993] openat(AT_FDCWD, "./1/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4995] close(3 [pid 4997] <... close resumed>) = 0 [pid 5028] <... ftruncate resumed>) = 0 [pid 4997] rmdir("./1" [pid 4995] <... close resumed>) = 0 [pid 4993] <... openat resumed>) = 4 [ 60.676506][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.695542][ T5029] NILFS error (device loop5): nilfs_bmap_truncate: broken bmap (inode number=16) [ 60.701979][ T5028] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=16) [ 60.706841][ T5027] NILFS (loop3): discard dirty page: offset=0, ino=16 [ 60.715574][ T5028] Remounting filesystem read-only [ 60.728078][ T5028] NILFS (loop1): error -5 truncating bmap (ino=16) [pid 5028] write(4, "0x0000000000000000", 18 [pid 4997] <... rmdir resumed>) = 0 [pid 4995] rmdir("./1" [pid 4993] fstat(4, [pid 4997] mkdir("./2", 0777 [pid 4995] <... rmdir resumed>) = 0 [pid 4993] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] <... mkdir resumed>) = 0 [ 60.743784][ T5028] NILFS (loop1): discard dirty page: offset=0, ino=16 [ 60.743938][ T5027] NILFS (loop3): discard dirty block: blocknr=23, size=1024 [ 60.750597][ T5028] NILFS (loop1): discard dirty block: blocknr=23, size=1024 [ 60.757952][ T5027] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.774159][ T5027] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.785564][ T5029] Remounting filesystem read-only [pid 4993] getdents64(4, [pid 4997] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 4995] mkdir("./2", 0777 [pid 4993] <... getdents64 resumed>0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 4997] <... openat resumed>) = 3 [pid 4993] getdents64(4, [pid 5029] <... ftruncate resumed>) = 0 [pid 4997] ioctl(3, LOOP_CLR_FD [pid 4995] <... mkdir resumed>) = 0 [pid 4993] <... getdents64 resumed>0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 4997] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 4995] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 4993] close(4 [pid 4997] close(3 [pid 5029] write(4, "0x0000000000000000", 18 [pid 4995] <... openat resumed>) = 3 [pid 4993] <... close resumed>) = 0 [pid 5027] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4997] <... close resumed>) = 0 [pid 4997] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4995] ioctl(3, LOOP_CLR_FD [pid 4993] rmdir("./1/file2") = 0 [pid 4995] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 4995] close(3 [pid 5027] fchdir(-1 [pid 4993] getdents64(3, [pid 4995] <... close resumed>) = 0 [pid 4995] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5027] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 5027] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 4993] <... getdents64 resumed>0x555556a03620 /* 0 entries */, 32768) = 0 [pid 5027] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0 [pid 4997] <... clone resumed>, child_tidptr=0x555556a025d0) = 5033 [pid 4995] <... clone resumed>, child_tidptr=0x555556a025d0) = 5034 [pid 4993] close(3./strace-static-x86_64: Process 5033 attached ./strace-static-x86_64: Process 5034 attached [pid 5033] chdir("./2" [pid 5034] chdir("./2" [pid 5033] <... chdir resumed>) = 0 [pid 5034] <... chdir resumed>) = 0 [pid 5033] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5027] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4993] <... close resumed>) = 0 [pid 5027] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102 [pid 4993] rmdir("./1" [pid 5027] <... openat resumed>) = -1 EINVAL (Invalid argument) [pid 4993] <... rmdir resumed>) = 0 [pid 5027] openat(AT_FDCWD, NULL, O_RDWR [pid 4993] mkdir("./2", 0777 [pid 5033] <... prctl resumed>) = 0 [pid 5034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5033] setpgid(0, 0 [pid 5034] setpgid(0, 0 [pid 5033] <... setpgid resumed>) = 0 [pid 5034] <... setpgid resumed>) = 0 [pid 5034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [ 60.790731][ T5029] NILFS (loop5): error -5 truncating bmap (ino=16) [ 60.799291][ T5027] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.810314][ T5029] NILFS (loop5): discard dirty page: offset=0, ino=16 [ 60.821768][ T5028] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.831427][ T5029] NILFS (loop5): discard dirty block: blocknr=23, size=1024 [pid 5033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5034] <... openat resumed>) = 3 [pid 5033] <... openat resumed>) = 3 [pid 5033] write(3, "1000", 4 [pid 5034] write(3, "1000", 4 [pid 5027] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5033] <... write resumed>) = 4 [pid 5034] <... write resumed>) = 4 [pid 5034] close(3 [pid 5033] close(3 [pid 4993] <... mkdir resumed>) = 0 [pid 5034] <... close resumed>) = 0 [pid 5033] <... close resumed>) = 0 [pid 5027] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 4993] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5034] symlink("/dev/binderfs", "./binderfs" [pid 5033] symlink("/dev/binderfs", "./binderfs" [pid 5034] <... symlink resumed>) = 0 [pid 5033] <... symlink resumed>) = 0 [pid 5034] memfd_create("syzkaller", 0 [pid 5033] memfd_create("syzkaller", 0 [pid 5034] <... memfd_create resumed>) = 3 [pid 5033] <... memfd_create resumed>) = 3 [pid 5027] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5027] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 4993] <... openat resumed>) = 3 [pid 5034] <... mmap resumed>) = 0x7f4167bc0000 [pid 5033] <... mmap resumed>) = 0x7f4167bc0000 [pid 5027] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4993] ioctl(3, LOOP_CLR_FD [pid 5027] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 4993] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 4993] close(3 [pid 5033] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 4993] <... close resumed>) = 0 [pid 5028] <... write resumed>) = -1 EROFS (Read-only file system) [ 60.840111][ T5029] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.851122][ T5028] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.860150][ T5029] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.869767][ T5028] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.879177][ T5029] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.889212][ T5027] NILFS (loop3): discard dirty page: offset=0, ino=16 [pid 5028] fchdir(-1 [pid 4993] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5028] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 5028] creat(NULL, 000 [pid 4993] <... clone resumed>, child_tidptr=0x555556a025d0) = 5035 [pid 5029] <... write resumed>) = -1 EROFS (Read-only file system) ./strace-static-x86_64: Process 5035 attached [pid 5028] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5028] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0) = -1 EBADF (Bad file descriptor) [pid 5028] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102) = -1 EINVAL (Invalid argument) [pid 5029] fchdir(-1 [pid 5028] openat(AT_FDCWD, NULL, O_RDWR [pid 5035] chdir("./2" [pid 5029] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 5028] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5035] <... chdir resumed>) = 0 [pid 5029] creat(NULL, 000 [pid 5028] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5035] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5029] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5028] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5027] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5035] <... prctl resumed>) = 0 [pid 5029] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0 [ 60.896782][ T5027] NILFS (loop3): discard dirty block: blocknr=23, size=1024 [ 60.904900][ T5027] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.915881][ T5027] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.925877][ T5027] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5028] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 5035] setpgid(0, 0 [pid 5033] <... write resumed>) = 1048576 [pid 5029] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5028] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5027] exit_group(0 [pid 5035] <... setpgid resumed>) = 0 [pid 5033] munmap(0x7f4167bc0000, 1048576 [pid 5029] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102 [pid 5027] <... exit_group resumed>) = ? [pid 5035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5033] <... munmap resumed>) = 0 [pid 5029] <... openat resumed>) = -1 EINVAL (Invalid argument) [pid 5028] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 5027] +++ exited with 0 +++ [pid 5035] <... openat resumed>) = 3 [pid 5033] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5029] openat(AT_FDCWD, NULL, O_RDWR [pid 5035] write(3, "1000", 4 [pid 5033] <... openat resumed>) = 4 [pid 5029] <... openat resumed>) = -1 EFAULT (Bad address) [pid 4996] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5027, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 5035] <... write resumed>) = 4 [pid 5033] ioctl(4, LOOP_SET_FD, 3 [pid 5029] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5035] close(3 [pid 5034] <... write resumed>) = 1048576 [pid 5033] <... ioctl resumed>) = 0 [pid 5029] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5035] <... close resumed>) = 0 [pid 5033] close(3 [pid 5029] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 5035] symlink("/dev/binderfs", "./binderfs" [pid 5033] <... close resumed>) = 0 [pid 5029] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5035] <... symlink resumed>) = 0 [pid 5033] mkdir("./file2", 0777 [pid 5029] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 5035] memfd_create("syzkaller", 0 [pid 5034] munmap(0x7f4167bc0000, 1048576 [pid 5033] <... mkdir resumed>) = 0 [pid 5035] <... memfd_create resumed>) = 3 [pid 5033] mount("/dev/loop4", "./file2", "nilfs2", 0, "" [pid 5035] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4167bc0000 [pid 5035] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5034] <... munmap resumed>) = 0 [pid 4996] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5034] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 4996] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 60.946291][ T5028] NILFS (loop1): discard dirty page: offset=0, ino=16 [ 60.947553][ T5033] loop4: detected capacity change from 0 to 2048 [ 60.955260][ T5028] NILFS (loop1): discard dirty block: blocknr=23, size=1024 [ 60.962761][ T5029] NILFS (loop5): discard dirty page: offset=0, ino=16 [ 60.968015][ T5028] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 60.984539][ T5028] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5034] <... openat resumed>) = 4 [pid 4996] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5035] <... write resumed>) = 1048576 [pid 5035] munmap(0x7f4167bc0000, 1048576 [pid 5034] ioctl(4, LOOP_SET_FD, 3 [pid 4996] <... openat resumed>) = 3 [pid 5035] <... munmap resumed>) = 0 [pid 5035] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5035] ioctl(4, LOOP_SET_FD, 3 [pid 5034] <... ioctl resumed>) = 0 [pid 5028] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4996] fstat(3, [pid 5035] <... ioctl resumed>) = 0 [pid 5035] close(3) = 0 [pid 5035] mkdir("./file2", 0777) = 0 [pid 5035] mount("/dev/loop0", "./file2", "nilfs2", 0, "" [pid 5034] close(3 [pid 5028] exit_group(0 [pid 4996] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5034] <... close resumed>) = 0 [pid 5028] <... exit_group resumed>) = ? [pid 4996] getdents64(3, [pid 5034] mkdir("./file2", 0777 [pid 5028] +++ exited with 0 +++ [pid 5034] <... mkdir resumed>) = 0 [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5028, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 4996] <... getdents64 resumed>0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4996] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5033] <... mount resumed>) = 0 [pid 4996] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4994] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4996] lstat("./2/binderfs", [pid 4994] <... openat resumed>) = 3 [pid 5034] mount("/dev/loop2", "./file2", "nilfs2", 0, "" [pid 5033] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 4996] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5033] <... openat resumed>) = 3 [pid 4996] unlink("./2/binderfs" [pid 4994] getdents64(3, 0x555556a03620 /* 4 entries */, 32768) = 112 [pid 5033] chdir("./file2" [pid 4996] <... unlink resumed>) = 0 [pid 4994] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 60.993827][ T5029] NILFS (loop5): discard dirty block: blocknr=23, size=1024 [ 60.994926][ T5028] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.011533][ T5034] loop2: detected capacity change from 0 to 2048 [ 61.014476][ T5035] loop0: detected capacity change from 0 to 2048 [ 61.018523][ T5029] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.034010][ T5029] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4994] unlink("./2/binderfs" [pid 5033] <... chdir resumed>) = 0 [pid 4996] umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4994] <... unlink resumed>) = 0 [pid 4994] umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW [ 61.054714][ T5036] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 61.062281][ T5029] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.074479][ T4994] NILFS (loop1): discard dirty page: offset=4096, ino=6 [ 61.078020][ T5037] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 61.081620][ T4994] NILFS (loop1): discard dirty block: blocknr=39, size=1024 [pid 5033] ioctl(4, LOOP_CLR_FD [pid 5034] <... mount resumed>) = 0 [pid 5033] <... ioctl resumed>) = 0 [pid 5029] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5034] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5033] close(4 [pid 5029] exit_group(0 [pid 5034] <... openat resumed>) = 3 [pid 5033] <... close resumed>) = 0 [pid 5029] <... exit_group resumed>) = ? [pid 5034] chdir("./file2" [pid 5033] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5029] +++ exited with 0 +++ [pid 5034] <... chdir resumed>) = 0 [pid 5034] ioctl(4, LOOP_CLR_FD [pid 4998] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5029, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 5034] <... ioctl resumed>) = 0 [pid 4998] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5034] close(4 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5034] <... close resumed>) = 0 [pid 4998] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5034] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 4998] <... openat resumed>) = 3 [pid 4998] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4998] getdents64(3, 0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4998] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4998] lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5033] <... open resumed>) = 4 [pid 4998] unlink("./2/binderfs" [ 61.099847][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.100139][ T4996] NILFS (loop3): discard dirty page: offset=4096, ino=6 [ 61.109085][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.125831][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.135695][ T4994] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer [pid 5033] ftruncate(4, 0 [pid 4998] <... unlink resumed>) = 0 [pid 5035] <... mount resumed>) = 0 [pid 5034] <... open resumed>) = 4 [pid 4998] umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5034] ftruncate(4, 0 [pid 5035] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 61.153559][ T5033] NILFS (loop4): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 61.153965][ T5038] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 61.166474][ T5034] NILFS (loop2): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 61.180605][ T4994] NILFS (loop1): discard dirty page: offset=0, ino=3 [ 61.193568][ T4996] NILFS (loop3): discard dirty block: blocknr=39, size=1024 [pid 5035] chdir("./file2") = 0 [ 61.201870][ T4998] NILFS (loop5): discard dirty page: offset=4096, ino=6 [ 61.209531][ T5033] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=16) [ 61.210101][ T4998] NILFS (loop5): discard dirty block: blocknr=39, size=1024 [ 61.221194][ T5033] Remounting filesystem read-only [ 61.227148][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.232326][ T5034] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=16) [pid 5035] ioctl(4, LOOP_CLR_FD) = 0 [pid 5035] close(4 [pid 5033] <... ftruncate resumed>) = 0 [pid 5033] write(4, "0x0000000000000000", 18 [pid 5035] <... close resumed>) = 0 [pid 5035] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [ 61.241071][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.250410][ T5033] NILFS (loop4): error -5 truncating bmap (ino=16) [ 61.258882][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.266282][ T5034] Remounting filesystem read-only [ 61.274461][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.280657][ T5033] NILFS (loop4): discard dirty page: offset=0, ino=16 [ 61.288578][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.298250][ T5035] NILFS (loop0): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 61.312652][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.323787][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.324008][ T5034] NILFS (loop2): error -5 truncating bmap (ino=16) [ 61.334003][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5035] ftruncate(4, 0 [pid 5034] <... ftruncate resumed>) = 0 [ 61.349415][ T4996] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 61.358622][ T5033] NILFS (loop4): discard dirty block: blocknr=23, size=1024 [ 61.358805][ T4994] NILFS (loop1): discard dirty block: blocknr=44, size=1024 [ 61.367375][ T4996] NILFS (loop3): discard dirty page: offset=0, ino=3 [ 61.374938][ T5034] NILFS (loop2): discard dirty page: offset=0, ino=16 [ 61.380513][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.389451][ T5035] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=16) [ 61.396728][ T4998] NILFS (loop5): disposed unprocessed dirty file(s) when detaching log writer [ 61.405384][ T5034] NILFS (loop2): discard dirty block: blocknr=23, size=1024 [ 61.414303][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.421721][ T5033] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.440442][ T5035] Remounting filesystem read-only [ 61.446108][ T5034] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5034] write(4, "0x0000000000000000", 18 [pid 4994] <... umount2 resumed>) = 0 [pid 5035] <... ftruncate resumed>) = 0 [pid 4994] umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5035] write(4, "0x0000000000000000", 18 [pid 4994] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./2/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./2/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4994] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(4, 0x555556a0b660 /* 2 entries */, 32768) = 48 [ 61.454052][ T4998] NILFS (loop5): discard dirty page: offset=0, ino=3 [ 61.462084][ T5035] NILFS (loop0): error -5 truncating bmap (ino=16) [ 61.467566][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.478450][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.491739][ T5034] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4994] getdents64(4, 0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [ 61.498076][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.501313][ T5035] NILFS (loop0): discard dirty page: offset=0, ino=16 [ 61.510040][ T4996] NILFS (loop3): discard dirty block: blocknr=44, size=1024 [ 61.516990][ T5033] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.524410][ T4998] NILFS (loop5): discard dirty block: blocknr=44, size=1024 [ 61.533782][ T5033] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4994] rmdir("./2/file2") = 0 [pid 4994] getdents64(3, 0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./2" [pid 5033] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5033] fchdir(-1 [pid 4994] <... rmdir resumed>) = 0 [pid 4994] mkdir("./3", 0777 [pid 5033] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 5033] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 4994] <... mkdir resumed>) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 5033] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0) = -1 EBADF (Bad file descriptor) [pid 5033] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102) = -1 EINVAL (Invalid argument) [pid 5033] openat(AT_FDCWD, NULL, O_RDWR [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5033] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5033] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5033] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5033] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 4996] <... umount2 resumed>) = 0 [pid 4994] <... clone resumed>, child_tidptr=0x555556a025d0) = 5039 ./strace-static-x86_64: Process 5039 attached [pid 5039] chdir("./3" [pid 5034] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5034] fchdir(-1) = -1 EBADF (Bad file descriptor) [pid 4996] umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5034] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 4996] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4996] lstat("./2/file2", [pid 5034] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0 [pid 4996] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4996] umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5039] <... chdir resumed>) = 0 [pid 5034] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4996] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5034] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102 [pid 4996] openat(AT_FDCWD, "./2/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5034] <... openat resumed>) = -1 EINVAL (Invalid argument) [pid 5039] setpgid(0, 0 [pid 5034] openat(AT_FDCWD, NULL, O_RDWR [pid 5039] <... setpgid resumed>) = 0 [pid 5034] <... openat resumed>) = -1 EFAULT (Bad address) [pid 4996] <... openat resumed>) = 4 [pid 4996] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5034] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5039] <... openat resumed>) = 3 [pid 5034] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4996] getdents64(4, [pid 5039] write(3, "1000", 4 [pid 5034] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 4996] <... getdents64 resumed>0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 4996] getdents64(4, [pid 5039] <... write resumed>) = 4 [pid 5034] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4996] <... getdents64 resumed>0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 5039] close(3 [ 61.540676][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.549460][ T5034] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.558429][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.567588][ T5035] NILFS (loop0): discard dirty block: blocknr=23, size=1024 [ 61.596627][ T5033] NILFS (loop4): discard dirty page: offset=0, ino=16 [pid 5034] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 5039] <... close resumed>) = 0 [pid 4996] close(4 [pid 5039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4996] <... close resumed>) = 0 [pid 4996] rmdir("./2/file2" [pid 5039] memfd_create("syzkaller", 0 [pid 4996] <... rmdir resumed>) = 0 [pid 5039] <... memfd_create resumed>) = 3 [pid 5039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 4996] getdents64(3, [pid 5039] <... mmap resumed>) = 0x7f4167bc0000 [pid 5039] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 4998] <... umount2 resumed>) = 0 [pid 4996] <... getdents64 resumed>0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4998] umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW [ 61.622095][ T5034] NILFS (loop2): discard dirty page: offset=0, ino=16 [ 61.640480][ T5035] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.650085][ T5033] NILFS (loop4): discard dirty block: blocknr=23, size=1024 [ 61.655413][ T5034] NILFS (loop2): discard dirty block: blocknr=23, size=1024 [pid 4996] close(3 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4996] <... close resumed>) = 0 [pid 4998] lstat("./2/file2", [pid 4996] rmdir("./2" [pid 5039] <... write resumed>) = 1048576 [pid 5039] munmap(0x7f4167bc0000, 1048576) = 0 [pid 5039] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5039] ioctl(4, LOOP_SET_FD, 3 [pid 4998] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4996] <... rmdir resumed>) = 0 [pid 4998] umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4996] mkdir("./3", 0777 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4998] openat(AT_FDCWD, "./2/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4996] <... mkdir resumed>) = 0 [pid 4998] <... openat resumed>) = 4 [pid 4996] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5039] <... ioctl resumed>) = 0 [pid 5039] close(3) = 0 [pid 5039] mkdir("./file2", 0777) = 0 [ 61.662669][ T5033] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.665873][ T5034] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.674255][ T5035] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.683293][ T5034] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.697433][ T5039] loop1: detected capacity change from 0 to 2048 [ 61.707777][ T5033] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5039] mount("/dev/loop1", "./file2", "nilfs2", 0, "" [pid 5034] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4998] fstat(4, [pid 4996] <... openat resumed>) = 3 [pid 5035] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5035] fchdir(-1) = -1 EBADF (Bad file descriptor) [pid 5035] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5035] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0) = -1 EBADF (Bad file descriptor) [pid 5035] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102) = -1 EINVAL (Invalid argument) [pid 5035] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5035] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5035] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5035] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 5034] exit_group(0) = ? [pid 5034] +++ exited with 0 +++ [pid 5033] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4998] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4996] ioctl(3, LOOP_CLR_FD [pid 4998] getdents64(4, [pid 4996] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 4998] <... getdents64 resumed>0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 4996] close(3 [pid 4995] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5034, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 4998] getdents64(4, [pid 4996] <... close resumed>) = 0 [pid 4998] <... getdents64 resumed>0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 4996] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4998] close(4) = 0 [pid 4996] <... clone resumed>, child_tidptr=0x555556a025d0) = 5041 [pid 4998] rmdir("./2/file2") = 0 [pid 4995] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4998] getdents64(3, 0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4998] close(3) = 0 [pid 4998] rmdir("./2") = 0 [pid 4998] mkdir("./3", 0777) = 0 [pid 4998] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 4998] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4998] close(3) = 0 [pid 4995] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4998] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4995] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5033] exit_group(0) = ? [pid 4998] <... clone resumed>, child_tidptr=0x555556a025d0) = 5042 [ 61.717405][ T5034] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.721146][ T5035] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.727618][ T5033] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.756726][ T5035] NILFS (loop0): discard dirty page: offset=0, ino=16 [pid 5033] +++ exited with 0 +++ [pid 4997] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5033, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- [pid 4997] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4995] <... openat resumed>) = 3 [pid 5039] <... mount resumed>) = 0 [pid 4995] fstat(3, [pid 5039] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 4995] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 ./strace-static-x86_64: Process 5041 attached ./strace-static-x86_64: Process 5042 attached [pid 5039] <... openat resumed>) = 3 [pid 4997] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4995] getdents64(3, [pid 5041] chdir("./3" [pid 5039] chdir("./file2" [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4995] <... getdents64 resumed>0x555556a03620 /* 4 entries */, 32768) = 112 [pid 5042] chdir("./3" [pid 5041] <... chdir resumed>) = 0 [pid 5039] <... chdir resumed>) = 0 [pid 4997] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4995] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5042] <... chdir resumed>) = 0 [pid 5041] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5039] ioctl(4, LOOP_CLR_FD [pid 4997] <... openat resumed>) = 3 [pid 5041] <... prctl resumed>) = 0 [pid 4997] fstat(3, [pid 5041] setpgid(0, 0 [pid 4997] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5041] <... setpgid resumed>) = 0 [pid 4997] getdents64(3, [pid 5041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 4997] <... getdents64 resumed>0x555556a03620 /* 4 entries */, 32768) = 112 [pid 5041] <... openat resumed>) = 3 [pid 4997] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5041] write(3, "1000", 4 [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5041] <... write resumed>) = 4 [pid 4997] lstat("./2/binderfs", [pid 4995] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5042] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5041] close(3 [pid 5039] <... ioctl resumed>) = 0 [pid 4997] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4995] lstat("./2/binderfs", [pid 5042] <... prctl resumed>) = 0 [pid 5041] <... close resumed>) = 0 [pid 5039] close(4 [pid 4997] unlink("./2/binderfs" [pid 4995] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5041] symlink("/dev/binderfs", "./binderfs" [pid 4997] <... unlink resumed>) = 0 [pid 5041] <... symlink resumed>) = 0 [pid 4997] umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5041] memfd_create("syzkaller", 0) = 3 [ 61.766215][ T5040] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 61.783767][ T5035] NILFS (loop0): discard dirty block: blocknr=23, size=1024 [ 61.794174][ T5035] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.803960][ T4997] NILFS (loop4): discard dirty page: offset=4096, ino=6 [ 61.810936][ T4997] NILFS (loop4): discard dirty block: blocknr=39, size=1024 [pid 5041] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4167bc0000 [pid 5042] setpgid(0, 0 [pid 5039] <... close resumed>) = 0 [pid 4995] unlink("./2/binderfs" [pid 5042] <... setpgid resumed>) = 0 [pid 5039] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 4995] <... unlink resumed>) = 0 [pid 5042] <... openat resumed>) = 3 [pid 5042] write(3, "1000", 4 [pid 5039] <... open resumed>) = 4 [pid 4995] umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5042] <... write resumed>) = 4 [pid 5039] ftruncate(4, 0 [pid 5042] close(3 [pid 5041] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5042] <... close resumed>) = 0 [pid 5042] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5042] memfd_create("syzkaller", 0) = 3 [ 61.816461][ T5035] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.833014][ T5039] NILFS (loop1): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 61.847672][ T4995] NILFS (loop2): discard dirty page: offset=4096, ino=6 [ 61.854614][ T5039] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=16) [ 61.855147][ T5039] Remounting filesystem read-only [pid 5042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5041] <... write resumed>) = 1048576 [pid 5041] munmap(0x7f4167bc0000, 1048576) = 0 [pid 5041] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5041] ioctl(4, LOOP_SET_FD, 3 [pid 5042] <... mmap resumed>) = 0x7f4167bc0000 [pid 5042] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5039] <... ftruncate resumed>) = 0 [pid 5041] <... ioctl resumed>) = 0 [pid 5041] close(3) = 0 [pid 5041] mkdir("./file2", 0777 [pid 5042] <... write resumed>) = 1048576 [pid 5042] munmap(0x7f4167bc0000, 1048576 [pid 5039] write(4, "0x0000000000000000", 18 [pid 5035] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5041] <... mkdir resumed>) = 0 [ 61.867363][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.869346][ T5035] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.887525][ T5039] NILFS (loop1): error -5 truncating bmap (ino=16) [ 61.889692][ T5041] loop3: detected capacity change from 0 to 2048 [ 61.908569][ T4995] NILFS (loop2): discard dirty block: blocknr=39, size=1024 [pid 5041] mount("/dev/loop3", "./file2", "nilfs2", 0, "" [pid 5042] <... munmap resumed>) = 0 [pid 5035] exit_group(0 [pid 5042] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5035] <... exit_group resumed>) = ? [pid 5041] <... mount resumed>) = 0 [pid 5041] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5041] chdir("./file2") = 0 [pid 5041] ioctl(4, LOOP_CLR_FD) = 0 [pid 5041] close(4) = 0 [pid 5041] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5041] ftruncate(4, 0 [pid 5042] <... openat resumed>) = 4 [pid 5035] +++ exited with 0 +++ [ 61.912300][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.919010][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.934296][ T5039] NILFS (loop1): discard dirty page: offset=0, ino=16 [ 61.941092][ T5039] NILFS (loop1): discard dirty block: blocknr=23, size=1024 [ 61.951047][ T5041] NILFS (loop3): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 61.961075][ T5039] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5042] ioctl(4, LOOP_SET_FD, 3 [pid 4993] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5035, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- [ 61.971043][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.972943][ T5043] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 61.991817][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 61.993000][ T5042] loop5: detected capacity change from 0 to 2048 [ 62.007563][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5042] <... ioctl resumed>) = 0 [ 62.016595][ T5041] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=16) [ 62.018124][ T5041] Remounting filesystem read-only [ 62.026285][ T5039] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.032279][ T4997] NILFS (loop4): disposed unprocessed dirty file(s) when detaching log writer [ 62.040278][ T5039] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.050163][ T5041] NILFS (loop3): error -5 truncating bmap (ino=16) [ 62.058182][ T4995] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer [pid 5042] close(3) = 0 [pid 5039] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4993] umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5041] <... ftruncate resumed>) = 0 [pid 5041] write(4, "0x0000000000000000", 18 [pid 5042] mkdir("./file2", 0777 [pid 5039] fchdir(-1 [pid 4993] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5042] <... mkdir resumed>) = 0 [pid 5039] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 5042] mount("/dev/loop5", "./file2", "nilfs2", 0, "" [pid 4993] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5039] creat(NULL, 000 [pid 4993] <... openat resumed>) = 3 [pid 5039] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5039] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0 [pid 4993] fstat(3, [pid 5039] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4993] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5039] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102) = -1 EINVAL (Invalid argument) [pid 5039] openat(AT_FDCWD, NULL, O_RDWR [ 62.067864][ T4997] NILFS (loop4): discard dirty page: offset=0, ino=3 [ 62.074458][ T4995] NILFS (loop2): discard dirty page: offset=0, ino=3 [ 62.082860][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.087102][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.096056][ T5041] NILFS (loop3): discard dirty page: offset=0, ino=16 [ 62.112327][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4993] getdents64(3, [pid 5039] <... openat resumed>) = -1 EFAULT (Bad address) [pid 4993] <... getdents64 resumed>0x555556a03620 /* 4 entries */, 32768) = 112 [pid 5042] <... mount resumed>) = 0 [pid 5039] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 4993] umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5042] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5039] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4993] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 62.115490][ T5041] NILFS (loop3): discard dirty block: blocknr=23, size=1024 [ 62.125955][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.133443][ T5044] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 62.142631][ T5041] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.151488][ T4995] NILFS (loop2): discard dirty block: blocknr=44, size=1024 [ 62.161817][ T4997] NILFS (loop4): discard dirty block: blocknr=44, size=1024 [pid 5042] <... openat resumed>) = 3 [pid 5039] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 4993] lstat("./2/binderfs", [pid 5042] chdir("./file2" [pid 5039] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4993] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5042] <... chdir resumed>) = 0 [pid 5039] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 5042] ioctl(4, LOOP_CLR_FD [pid 4993] unlink("./2/binderfs") = 0 [pid 5042] <... ioctl resumed>) = 0 [pid 5042] close(4 [pid 4993] umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5042] <... close resumed>) = 0 [pid 5042] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [ 62.167747][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.176440][ T5041] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.195350][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.196214][ T5039] NILFS (loop1): discard dirty page: offset=0, ino=16 [ 62.205942][ T5041] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5042] ftruncate(4, 0 [pid 5041] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5041] fchdir(-1) = -1 EBADF (Bad file descriptor) [pid 5041] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5041] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0) = -1 EBADF (Bad file descriptor) [pid 5041] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102) = -1 EINVAL (Invalid argument) [pid 5041] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5041] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5041] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5041] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 4997] <... umount2 resumed>) = 0 [pid 4995] <... umount2 resumed>) = 0 [pid 4995] umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4997] umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 62.226946][ T5042] NILFS (loop5): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 62.239989][ T5039] NILFS (loop1): discard dirty block: blocknr=23, size=1024 [ 62.240056][ T5041] NILFS (loop3): discard dirty page: offset=0, ino=16 [ 62.249929][ T5041] NILFS (loop3): discard dirty block: blocknr=23, size=1024 [ 62.261519][ T5042] NILFS error (device loop5): nilfs_bmap_truncate: broken bmap (inode number=16) [pid 4997] lstat("./2/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4997] openat(AT_FDCWD, "./2/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4997] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] getdents64(4, 0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 4997] getdents64(4, [pid 4995] lstat("./2/file2", [pid 4997] <... getdents64 resumed>0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 4997] close(4) = 0 [pid 4997] rmdir("./2/file2") = 0 [pid 4997] getdents64(3, 0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4997] close(3) = 0 [pid 4995] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] rmdir("./2" [pid 4995] umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4997] <... rmdir resumed>) = 0 [pid 4995] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] mkdir("./3", 0777 [pid 4995] openat(AT_FDCWD, "./2/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4997] <... mkdir resumed>) = 0 [pid 4997] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 4995] <... openat resumed>) = 4 [pid 4997] <... openat resumed>) = 3 [pid 4995] fstat(4, [pid 4997] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4997] close(3) = 0 [pid 4997] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a025d0) = 5045 [ 62.283080][ T4993] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 62.290075][ T4993] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 62.294321][ T5041] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.306644][ T5039] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.317951][ T5042] Remounting filesystem read-only [pid 4995] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(4, ./strace-static-x86_64: Process 5045 attached [pid 5045] chdir("./3") = 0 [pid 5045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5045] setpgid(0, 0) = 0 [pid 4995] <... getdents64 resumed>0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 5045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5045] write(3, "1000", 4) = 4 [pid 5045] close(3) = 0 [pid 5042] <... ftruncate resumed>) = 0 [pid 4995] getdents64(4, [pid 5045] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5045] memfd_create("syzkaller", 0) = 3 [pid 5045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4167bc0000 [pid 5042] write(4, "0x0000000000000000", 18 [pid 4995] <... getdents64 resumed>0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 5045] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 4995] close(4) = 0 [ 62.325641][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.335582][ T5039] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.344764][ T5042] NILFS (loop5): error -5 truncating bmap (ino=16) [ 62.351808][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.361586][ T5039] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.370870][ T5041] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4995] rmdir("./2/file2") = 0 [pid 5045] <... write resumed>) = 1048576 [pid 5045] munmap(0x7f4167bc0000, 1048576 [pid 4995] getdents64(3, [pid 5039] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4995] <... getdents64 resumed>0x555556a03620 /* 0 entries */, 32768) = 0 [pid 5045] <... munmap resumed>) = 0 [pid 5045] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5045] ioctl(4, LOOP_SET_FD, 3 [pid 5039] exit_group(0 [pid 4995] close(3 [pid 5045] <... ioctl resumed>) = 0 [pid 5045] close(3) = 0 [ 62.371498][ T5042] NILFS (loop5): discard dirty page: offset=0, ino=16 [ 62.380551][ T5042] NILFS (loop5): discard dirty block: blocknr=23, size=1024 [ 62.395365][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.404844][ T4993] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 62.411129][ T5045] loop4: detected capacity change from 0 to 2048 [ 62.414398][ T5042] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5045] mkdir("./file2", 0777 [pid 5039] <... exit_group resumed>) = ? [pid 4995] <... close resumed>) = 0 [pid 5045] <... mkdir resumed>) = 0 [pid 5045] mount("/dev/loop4", "./file2", "nilfs2", 0, "" [pid 5041] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5041] exit_group(0 [pid 5039] +++ exited with 0 +++ [pid 4995] rmdir("./2" [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5039, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 4994] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 5041] <... exit_group resumed>) = ? [pid 4995] <... rmdir resumed>) = 0 [pid 4994] unlink("./3/binderfs") = 0 [pid 4994] umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5041] +++ exited with 0 +++ [pid 4995] mkdir("./3", 0777 [pid 4996] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5041, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 4996] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4996] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4996] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4996] getdents64(3, 0x555556a03620 /* 4 entries */, 32768) = 112 [ 62.426202][ T5041] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.430489][ T4993] NILFS (loop0): discard dirty page: offset=0, ino=3 [ 62.446335][ T5042] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.456256][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.460217][ T5042] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.467060][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4996] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4996] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4996] unlink("./3/binderfs" [pid 5042] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4996] <... unlink resumed>) = 0 [pid 4995] <... mkdir resumed>) = 0 [pid 4996] umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5042] fchdir(-1 [pid 4995] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5042] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 4995] <... openat resumed>) = 3 [pid 5042] creat(NULL, 000 [pid 4995] ioctl(3, LOOP_CLR_FD [pid 5042] <... creat resumed>) = -1 EFAULT (Bad address) [pid 4995] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5042] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0 [pid 4995] close(3 [pid 5042] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5042] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102 [pid 4995] <... close resumed>) = 0 [pid 5042] <... openat resumed>) = -1 EINVAL (Invalid argument) [pid 5042] openat(AT_FDCWD, NULL, O_RDWR [pid 4995] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5042] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5042] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 4995] <... clone resumed>, child_tidptr=0x555556a025d0) = 5047 [pid 5042] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5042] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [ 62.484693][ T4994] NILFS (loop1): discard dirty page: offset=4096, ino=6 [ 62.491781][ T4993] NILFS (loop0): discard dirty block: blocknr=44, size=1024 [ 62.493205][ T4994] NILFS (loop1): discard dirty block: blocknr=39, size=1024 [ 62.499687][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.508290][ T4996] NILFS (loop3): discard dirty page: offset=4096, ino=6 [pid 5042] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 4993] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 5047 attached [ 62.536754][ T5042] NILFS (loop5): discard dirty page: offset=0, ino=16 [ 62.541588][ T4996] NILFS (loop3): discard dirty block: blocknr=39, size=1024 [ 62.548421][ T5042] NILFS (loop5): discard dirty block: blocknr=23, size=1024 [ 62.558668][ T5046] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 62.564034][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.570263][ T5042] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4993] umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5047] chdir("./3" [pid 4993] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5047] <... chdir resumed>) = 0 [pid 4993] lstat("./2/file2", [pid 5047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 4993] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5045] <... mount resumed>) = 0 [pid 5045] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5045] chdir("./file2") = 0 [pid 5045] ioctl(4, LOOP_CLR_FD) = 0 [pid 5045] close(4) = 0 [pid 5045] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5047] setpgid(0, 0 [pid 5045] <... open resumed>) = 4 [pid 4993] umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW [ 62.588369][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.589506][ T5042] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.607975][ T5042] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.619466][ T5045] NILFS (loop4): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 62.622992][ T27] kauditd_printk_skb: 11 callbacks suppressed [pid 5045] ftruncate(4, 0 [pid 5047] <... setpgid resumed>) = 0 [pid 4993] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [ 62.623005][ T27] audit: type=1800 audit(1686241703.848:23): pid=5045 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor134" name="file2" dev="loop4" ino=16 res=0 errno=0 [ 62.630763][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.641462][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.660910][ T12] NILFS (loop5): discard dirty page: offset=0, ino=3 [pid 4993] openat(AT_FDCWD, "./2/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5047] <... openat resumed>) = 3 [pid 4993] <... openat resumed>) = 4 [pid 5047] write(3, "1000", 4 [pid 4993] fstat(4, [pid 5042] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5042] exit_group(0) = ? [pid 5042] +++ exited with 0 +++ [ 62.667160][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.675853][ T5045] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=16) [ 62.682917][ T4994] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer [ 62.691424][ T12] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.701280][ T4994] NILFS (loop1): discard dirty page: offset=0, ino=3 [ 62.712567][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5047] <... write resumed>) = 4 [pid 4998] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5042, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 4993] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5047] close(3 [pid 4993] getdents64(4, [pid 5047] <... close resumed>) = 0 [pid 4993] <... getdents64 resumed>0x555556a0b660 /* 2 entries */, 32768) = 48 [ 62.718586][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.724777][ T12] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.751516][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.752101][ T5045] Remounting filesystem read-only [ 62.762541][ T4996] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 62.775297][ T4994] NILFS (loop1): discard dirty block: blocknr=44, size=1024 [ 62.776543][ T5045] NILFS (loop4): error -5 truncating bmap (ino=16) [pid 5047] symlink("/dev/binderfs", "./binderfs" [pid 4998] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4993] getdents64(4, [pid 5047] <... symlink resumed>) = 0 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4993] <... getdents64 resumed>0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 5045] <... ftruncate resumed>) = 0 [pid 5045] write(4, "0x0000000000000000", 18 [pid 5047] memfd_create("syzkaller", 0 [pid 4998] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4993] close(4 [pid 5047] <... memfd_create resumed>) = 3 [pid 5047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 4998] <... openat resumed>) = 3 [pid 4993] <... close resumed>) = 0 [pid 5047] <... mmap resumed>) = 0x7f4167bc0000 [pid 4998] fstat(3, [pid 4994] <... umount2 resumed>) = 0 [pid 4993] rmdir("./2/file2" [pid 5047] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 4998] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4993] <... rmdir resumed>) = 0 [pid 4998] getdents64(3, [pid 4993] getdents64(3, [pid 4998] <... getdents64 resumed>0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4998] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4993] <... getdents64 resumed>0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4993] close(3 [pid 4998] lstat("./3/binderfs", [pid 4993] <... close resumed>) = 0 [pid 4998] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4993] rmdir("./2" [pid 4998] unlink("./3/binderfs" [pid 4993] <... rmdir resumed>) = 0 [pid 4998] <... unlink resumed>) = 0 [pid 4998] umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4993] mkdir("./3", 0777 [pid 4994] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4993] <... mkdir resumed>) = 0 [pid 4993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 62.783696][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.791999][ T4996] NILFS (loop3): discard dirty page: offset=0, ino=3 [ 62.806592][ T5045] NILFS (loop4): discard dirty page: offset=0, ino=16 [ 62.821257][ T12] NILFS (loop5): discard dirty block: blocknr=44, size=1024 [ 62.832142][ T5045] NILFS (loop4): discard dirty block: blocknr=23, size=1024 [pid 4993] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 5047] <... write resumed>) = 1048576 [pid 4994] lstat("./3/file2", [pid 4993] close(3 [pid 5047] munmap(0x7f4167bc0000, 1048576 [pid 4994] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4993] <... close resumed>) = 0 [pid 5047] <... munmap resumed>) = 0 [pid 4994] umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW [ 62.841177][ T12] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.846029][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.850898][ T5045] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.869827][ T5045] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.871178][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4993] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5047] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 4994] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5047] <... openat resumed>) = 4 [pid 4994] openat(AT_FDCWD, "./3/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5047] ioctl(4, LOOP_SET_FD, 3 [pid 4993] <... clone resumed>, child_tidptr=0x555556a025d0) = 5048 ./strace-static-x86_64: Process 5048 attached [pid 4994] <... openat resumed>) = 4 [pid 5047] <... ioctl resumed>) = 0 [pid 5045] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5048] chdir("./3" [pid 5045] fchdir(-1 [pid 5048] <... chdir resumed>) = 0 [pid 5045] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 5048] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5045] creat(NULL, 000 [pid 5048] <... prctl resumed>) = 0 [pid 5045] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5048] setpgid(0, 0 [pid 5045] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0 [pid 5048] <... setpgid resumed>) = 0 [pid 5045] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5045] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102 [pid 5048] <... openat resumed>) = 3 [pid 5045] <... openat resumed>) = -1 EINVAL (Invalid argument) [pid 5048] write(3, "1000", 4 [pid 5045] openat(AT_FDCWD, NULL, O_RDWR [pid 5048] <... write resumed>) = 4 [pid 5045] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5048] close(3 [pid 5045] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5048] <... close resumed>) = 0 [pid 5045] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5048] symlink("/dev/binderfs", "./binderfs" [pid 5045] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 5048] <... symlink resumed>) = 0 [pid 5045] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5048] memfd_create("syzkaller", 0 [ 62.887330][ T5045] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.890497][ T4998] NILFS (loop5): discard dirty page: offset=4096, ino=6 [ 62.905772][ T5047] loop2: detected capacity change from 0 to 2048 [ 62.905859][ T4996] NILFS (loop3): discard dirty block: blocknr=44, size=1024 [ 62.912504][ T4998] NILFS (loop5): discard dirty block: blocknr=39, size=1024 [ 62.925532][ T5045] NILFS (loop4): discard dirty page: offset=0, ino=16 [pid 5045] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 5048] <... memfd_create resumed>) = 3 [pid 5047] close(3 [pid 4994] fstat(4, [pid 5047] <... close resumed>) = 0 [pid 4994] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5047] mkdir("./file2", 0777 [pid 4994] getdents64(4, [pid 5047] <... mkdir resumed>) = 0 [pid 4994] <... getdents64 resumed>0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 5047] mount("/dev/loop2", "./file2", "nilfs2", 0, "" [pid 4994] getdents64(4, 0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 4994] close(4) = 0 [pid 4994] rmdir("./3/file2" [pid 5048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 4994] <... rmdir resumed>) = 0 [pid 4994] getdents64(3, 0x555556a03620 /* 0 entries */, 32768) = 0 [pid 5048] <... mmap resumed>) = 0x7f4167bc0000 [pid 4994] close(3) = 0 [pid 4994] rmdir("./3") = 0 [pid 4994] mkdir("./4", 0777) = 0 [pid 4994] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3 [pid 5048] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 4994] <... close resumed>) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a025d0) = 5050 ./strace-static-x86_64: Process 5050 attached [pid 5050] chdir("./4" [pid 5047] <... mount resumed>) = 0 [pid 5050] <... chdir resumed>) = 0 [pid 5050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5050] setpgid(0, 0) = 0 [pid 5050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5050] write(3, "1000", 4) = 4 [ 62.927640][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.933959][ T5045] NILFS (loop4): discard dirty block: blocknr=23, size=1024 [ 62.964720][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 62.968358][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5050] close(3) = 0 [pid 5050] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5050] memfd_create("syzkaller", 0) = 3 [pid 5047] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5047] <... openat resumed>) = 3 [pid 5050] <... mmap resumed>) = 0x7f4167bc0000 [pid 5047] chdir("./file2" [pid 5048] <... write resumed>) = 1048576 [pid 5047] <... chdir resumed>) = 0 [pid 4996] <... umount2 resumed>) = 0 [pid 5048] munmap(0x7f4167bc0000, 1048576 [pid 5047] ioctl(4, LOOP_CLR_FD [pid 4996] umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5048] <... munmap resumed>) = 0 [pid 5047] <... ioctl resumed>) = 0 [pid 4996] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 62.983962][ T5049] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 63.005827][ T5045] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.012174][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.015147][ T5045] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5050] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5048] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5047] close(4 [pid 4996] lstat("./3/file2", [pid 5048] <... openat resumed>) = 4 [pid 5045] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5050] <... write resumed>) = 1048576 [pid 5048] ioctl(4, LOOP_SET_FD, 3 [pid 5047] <... close resumed>) = 0 [pid 5045] exit_group(0 [pid 4996] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5047] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5045] <... exit_group resumed>) = ? [pid 4996] umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5050] munmap(0x7f4167bc0000, 1048576 [pid 5048] <... ioctl resumed>) = 0 [pid 5047] <... open resumed>) = 4 [pid 5045] +++ exited with 0 +++ [pid 4996] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5050] <... munmap resumed>) = 0 [pid 5048] close(3 [ 63.034318][ T5045] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.044761][ T4998] NILFS (loop5): disposed unprocessed dirty file(s) when detaching log writer [ 63.059936][ T5048] loop0: detected capacity change from 0 to 2048 [ 63.071309][ T27] audit: type=1800 audit(1686241704.288:24): pid=5047 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor134" name="file2" dev="loop2" ino=16 res=0 errno=0 [pid 5047] ftruncate(4, 0 [pid 4996] openat(AT_FDCWD, "./3/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5050] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5048] <... close resumed>) = 0 [pid 4998] <... umount2 resumed>) = 0 [pid 4997] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5045, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 5050] <... openat resumed>) = 4 [pid 5048] mkdir("./file2", 0777 [pid 4998] umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4996] <... openat resumed>) = 4 [pid 5050] ioctl(4, LOOP_SET_FD, 3 [pid 5048] <... mkdir resumed>) = 0 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4998] lstat("./3/file2", [pid 4997] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4998] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4998] umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4997] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] <... openat resumed>) = 3 [pid 4998] openat(AT_FDCWD, "./3/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4997] fstat(3, [pid 4998] <... openat resumed>) = 4 [pid 4997] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4998] fstat(4, [pid 4997] getdents64(3, [pid 4998] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] <... getdents64 resumed>0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4998] getdents64(4, [pid 4997] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4998] <... getdents64 resumed>0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4998] getdents64(4, [pid 4997] lstat("./3/binderfs", [pid 4996] fstat(4, [pid 4998] <... getdents64 resumed>0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 4997] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4998] close(4 [pid 4997] unlink("./3/binderfs" [pid 4998] <... close resumed>) = 0 [pid 4997] <... unlink resumed>) = 0 [pid 4998] rmdir("./3/file2" [pid 4997] umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4998] <... rmdir resumed>) = 0 [pid 4998] getdents64(3, 0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4998] close(3) = 0 [pid 5048] mount("/dev/loop0", "./file2", "nilfs2", 0, "" [ 63.076225][ T5047] NILFS (loop2): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 63.116414][ T5047] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=16) [ 63.126012][ T5050] loop1: detected capacity change from 0 to 2048 [ 63.135558][ T4997] NILFS (loop4): discard dirty page: offset=4096, ino=6 [pid 4998] rmdir("./3") = 0 [pid 5050] <... ioctl resumed>) = 0 [pid 5048] <... mount resumed>) = 0 [pid 4998] mkdir("./4", 0777 [pid 4996] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4998] <... mkdir resumed>) = 0 [pid 4998] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 4998] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4998] close(3 [pid 5050] close(3 [pid 5048] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 4998] <... close resumed>) = 0 [pid 4996] getdents64(4, [pid 5050] <... close resumed>) = 0 [pid 5048] <... openat resumed>) = 3 [pid 4998] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5050] mkdir("./file2", 0777 [pid 5048] chdir("./file2" [pid 5047] <... ftruncate resumed>) = 0 [pid 4996] <... getdents64 resumed>0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 4998] <... clone resumed>, child_tidptr=0x555556a025d0) = 5052 [pid 4996] getdents64(4, 0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 5050] <... mkdir resumed>) = 0 [pid 5048] <... chdir resumed>) = 0 [pid 5047] write(4, "0x0000000000000000", 18 [pid 4996] close(4 [pid 5048] ioctl(4, LOOP_CLR_FD [pid 4996] <... close resumed>) = 0 [pid 4996] rmdir("./3/file2") = 0 [pid 4996] getdents64(3, 0x555556a03620 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 5052 attached [pid 4996] close(3 [pid 5052] chdir("./4" [pid 4996] <... close resumed>) = 0 [pid 4996] rmdir("./3" [pid 5052] <... chdir resumed>) = 0 [pid 4996] <... rmdir resumed>) = 0 [pid 5052] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 4996] mkdir("./4", 0777 [pid 5052] <... prctl resumed>) = 0 [pid 5048] <... ioctl resumed>) = 0 [pid 4996] <... mkdir resumed>) = 0 [pid 5052] setpgid(0, 0 [ 63.141065][ T5051] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 63.142556][ T4997] NILFS (loop4): discard dirty block: blocknr=39, size=1024 [ 63.161130][ T5047] Remounting filesystem read-only [ 63.166967][ T5047] NILFS (loop2): error -5 truncating bmap (ino=16) [ 63.174671][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.185426][ T5047] NILFS (loop2): discard dirty page: offset=0, ino=16 [pid 5050] mount("/dev/loop1", "./file2", "nilfs2", 0, "" [pid 4996] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5052] <... setpgid resumed>) = 0 [pid 4996] <... openat resumed>) = 3 [pid 5052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 4996] ioctl(3, LOOP_CLR_FD [pid 5052] <... openat resumed>) = 3 [pid 4996] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5052] write(3, "1000", 4 [pid 4996] close(3 [pid 5052] <... write resumed>) = 4 [pid 5048] close(4 [pid 4996] <... close resumed>) = 0 [pid 5052] close(3 [pid 4996] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5052] <... close resumed>) = 0 [pid 5048] <... close resumed>) = 0 [pid 5052] symlink("/dev/binderfs", "./binderfs" [pid 5048] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 4996] <... clone resumed>, child_tidptr=0x555556a025d0) = 5053 [pid 5052] <... symlink resumed>) = 0 [pid 5052] memfd_create("syzkaller", 0 [pid 5050] <... mount resumed>) = 0 [pid 5048] <... open resumed>) = 4 [pid 5052] <... memfd_create resumed>) = 3 [pid 5050] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5048] ftruncate(4, 0 [ 63.193522][ T5047] NILFS (loop2): discard dirty block: blocknr=23, size=1024 [ 63.209055][ T27] audit: type=1800 audit(1686241704.428:25): pid=5048 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor134" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 63.209871][ T5054] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 5053 attached ) = 0x7f4167bc0000 [pid 5053] chdir("./4" [pid 5052] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5050] <... openat resumed>) = 3 [pid 5053] <... chdir resumed>) = 0 [pid 5053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5053] setpgid(0, 0) = 0 [pid 5053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5053] write(3, "1000", 4) = 4 [pid 5053] close(3) = 0 [pid 5053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5053] memfd_create("syzkaller", 0) = 3 [pid 5053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5050] chdir("./file2" [pid 5053] <... mmap resumed>) = 0x7f4167bc0000 [pid 5050] <... chdir resumed>) = 0 [pid 5053] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [ 63.240289][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.250943][ T5048] NILFS (loop0): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 63.262752][ T5047] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.271999][ T5047] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.281603][ T5048] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=16) [pid 5050] ioctl(4, LOOP_CLR_FD) = 0 [pid 5052] <... write resumed>) = 1048576 [pid 5050] close(4) = 0 [pid 5050] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5048] <... ftruncate resumed>) = 0 [pid 5047] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5052] munmap(0x7f4167bc0000, 1048576) = 0 [ 63.290941][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.300374][ T5047] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.310320][ T5048] Remounting filesystem read-only [ 63.315808][ T4997] NILFS (loop4): disposed unprocessed dirty file(s) when detaching log writer [ 63.324846][ T5048] NILFS (loop0): error -5 truncating bmap (ino=16) [ 63.333188][ T4997] NILFS (loop4): discard dirty page: offset=0, ino=3 [pid 5052] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5052] ioctl(4, LOOP_SET_FD, 3 [pid 5050] <... open resumed>) = 4 [pid 5048] write(4, "0x0000000000000000", 18 [pid 5047] fchdir(-1 [pid 5053] <... write resumed>) = 1048576 [pid 5053] munmap(0x7f4167bc0000, 1048576) = 0 [pid 5053] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 5050] ftruncate(4, 0 [pid 5047] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [ 63.340688][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.346725][ T5052] loop5: detected capacity change from 0 to 2048 [ 63.350729][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.365705][ T5048] NILFS (loop0): discard dirty page: offset=0, ino=16 [ 63.366457][ T27] audit: type=1800 audit(1686241704.568:26): pid=5050 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor134" name="file2" dev="loop1" ino=16 res=0 errno=0 [pid 5053] ioctl(4, LOOP_SET_FD, 3 [pid 5047] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5052] <... ioctl resumed>) = 0 [pid 5052] close(3) = 0 [pid 5052] mkdir("./file2", 0777) = 0 [pid 5047] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0 [pid 5052] mount("/dev/loop5", "./file2", "nilfs2", 0, "" [pid 5047] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [ 63.374470][ T5053] loop3: detected capacity change from 0 to 2048 [ 63.393814][ T4997] NILFS (loop4): discard dirty block: blocknr=44, size=1024 [ 63.400149][ T5048] NILFS (loop0): discard dirty block: blocknr=23, size=1024 [ 63.406889][ T5050] NILFS (loop1): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 63.424854][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5047] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102) = -1 EINVAL (Invalid argument) [pid 5047] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5047] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5047] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5052] <... mount resumed>) = 0 [pid 5052] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5053] <... ioctl resumed>) = 0 [pid 5047] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 4997] <... umount2 resumed>) = 0 [pid 5053] close(3) = 0 [pid 4997] umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5052] chdir("./file2") = 0 [pid 5052] ioctl(4, LOOP_CLR_FD) = 0 [ 63.438117][ T5050] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=16) [ 63.456876][ T5055] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 63.465448][ T5048] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.477001][ T5047] NILFS (loop2): discard dirty page: offset=0, ino=16 [ 63.477434][ T5050] Remounting filesystem read-only [pid 5052] close(4 [pid 5053] mkdir("./file2", 0777 [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5052] <... close resumed>) = 0 [pid 5052] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5053] <... mkdir resumed>) = 0 [pid 4997] lstat("./3/file2", [ 63.489981][ T5050] NILFS (loop1): error -5 truncating bmap (ino=16) [ 63.496921][ T5048] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.503703][ T5047] NILFS (loop2): discard dirty block: blocknr=23, size=1024 [ 63.509540][ T27] audit: type=1800 audit(1686241704.718:27): pid=5052 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor134" name="file2" dev="loop5" ino=16 res=0 errno=0 [ 63.526844][ T5052] NILFS (loop5): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [pid 5052] ftruncate(4, 0 [pid 5053] mount("/dev/loop3", "./file2", "nilfs2", 0, "" [pid 5050] <... ftruncate resumed>) = 0 [pid 4997] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5048] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5050] write(4, "0x0000000000000000", 18 [pid 5048] fchdir(-1 [pid 4997] umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5048] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 63.534769][ T5048] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.553522][ T5047] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.568809][ T5047] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.578343][ T5050] NILFS (loop1): discard dirty page: offset=0, ino=16 [pid 5048] creat(NULL, 000 [pid 4997] openat(AT_FDCWD, "./3/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5048] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5047] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4997] <... openat resumed>) = 4 [pid 5053] <... mount resumed>) = 0 [pid 5048] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0 [pid 5047] exit_group(0 [ 63.579554][ T5056] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 63.590159][ T5050] NILFS (loop1): discard dirty block: blocknr=23, size=1024 [ 63.597114][ T5047] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.609450][ T5052] NILFS error (device loop5): nilfs_bmap_truncate: broken bmap (inode number=16) [ 63.613585][ T5050] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.623715][ T5052] Remounting filesystem read-only [ 63.631459][ T5050] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4997] fstat(4, [pid 5053] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5048] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5047] <... exit_group resumed>) = ? [pid 4997] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5052] <... ftruncate resumed>) = 0 [pid 5052] write(4, "0x0000000000000000", 18 [pid 5053] <... openat resumed>) = 3 [pid 5050] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5048] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102 [pid 5047] +++ exited with 0 +++ [pid 4997] getdents64(4, [pid 5053] chdir("./file2" [pid 5048] <... openat resumed>) = -1 EINVAL (Invalid argument) [pid 4997] <... getdents64 resumed>0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 4995] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5047, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 5053] <... chdir resumed>) = 0 [pid 5048] openat(AT_FDCWD, NULL, O_RDWR [pid 4997] getdents64(4, [pid 5053] ioctl(4, LOOP_CLR_FD [pid 5048] <... openat resumed>) = -1 EFAULT (Bad address) [pid 4997] <... getdents64 resumed>0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 5053] <... ioctl resumed>) = 0 [pid 5048] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 4997] close(4 [pid 4995] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5053] close(4 [pid 5048] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4997] <... close resumed>) = 0 [pid 4995] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5053] <... close resumed>) = 0 [pid 5048] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 4997] rmdir("./3/file2" [pid 4995] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5053] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5048] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4997] <... rmdir resumed>) = 0 [pid 4995] <... openat resumed>) = 3 [pid 5048] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 4997] getdents64(3, [pid 4995] fstat(3, [pid 4997] <... getdents64 resumed>0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4995] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] close(3 [pid 4995] getdents64(3, [pid 4997] <... close resumed>) = 0 [pid 4995] <... getdents64 resumed>0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4997] rmdir("./3" [pid 4995] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4997] <... rmdir resumed>) = 0 [pid 4995] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] mkdir("./4", 0777 [pid 4995] lstat("./3/binderfs", [pid 4997] <... mkdir resumed>) = 0 [pid 4995] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [ 63.636889][ T5052] NILFS (loop5): error -5 truncating bmap (ino=16) [ 63.644760][ T5050] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.654310][ T5052] NILFS (loop5): discard dirty page: offset=0, ino=16 [ 63.673085][ T5048] NILFS (loop0): discard dirty page: offset=0, ino=16 [pid 4997] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 4995] unlink("./3/binderfs" [pid 5053] <... open resumed>) = 4 [pid 5050] fchdir(-1 [pid 4997] <... openat resumed>) = 3 [pid 4995] <... unlink resumed>) = 0 [pid 4997] ioctl(3, LOOP_CLR_FD [pid 4995] umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4997] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 4997] close(3) = 0 [pid 4997] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a025d0) = 5057 ./strace-static-x86_64: Process 5057 attached [pid 5053] ftruncate(4, 0 [pid 5050] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [ 63.680266][ T27] audit: type=1800 audit(1686241704.898:28): pid=5053 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor134" name="file2" dev="loop3" ino=16 res=0 errno=0 [ 63.693210][ T5052] NILFS (loop5): discard dirty block: blocknr=23, size=1024 [ 63.705522][ T5048] NILFS (loop0): discard dirty block: blocknr=23, size=1024 [ 63.716142][ T4995] NILFS (loop2): discard dirty page: offset=4096, ino=6 [ 63.721734][ T5052] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.724529][ T4995] NILFS (loop2): discard dirty block: blocknr=39, size=1024 [pid 5057] chdir("./4" [pid 5050] creat(NULL, 000 [pid 5057] <... chdir resumed>) = 0 [pid 5050] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5057] prctl(PR_SET_PDEATHSIG, SIGKILL [ 63.734710][ T5053] NILFS (loop3): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 63.741293][ T5048] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.750846][ T5052] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.760630][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.769025][ T5053] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=16) [ 63.778913][ T5048] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5050] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0 [pid 5057] <... prctl resumed>) = 0 [pid 5052] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5050] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5057] setpgid(0, 0 [pid 5052] fchdir(-1 [pid 5050] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102 [pid 5052] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 5050] <... openat resumed>) = -1 EINVAL (Invalid argument) [pid 5057] <... setpgid resumed>) = 0 [pid 5057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5052] creat(NULL, 000 [pid 5050] openat(AT_FDCWD, NULL, O_RDWR [pid 5057] <... openat resumed>) = 3 [pid 5052] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5050] <... openat resumed>) = -1 EFAULT (Bad address) [ 63.795130][ T5052] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.806588][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.807177][ T5053] Remounting filesystem read-only [ 63.816968][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.821594][ T5053] NILFS (loop3): error -5 truncating bmap (ino=16) [ 63.831011][ T5048] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5057] write(3, "1000", 4 [pid 5053] <... ftruncate resumed>) = 0 [pid 5052] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0 [pid 5050] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5048] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5048] exit_group(0) = ? [pid 5048] +++ exited with 0 +++ [pid 4993] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5048, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 4993] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4993] umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4993] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4993] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4993] getdents64(3, 0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4993] umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4993] lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4993] unlink("./3/binderfs") = 0 [pid 4993] umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5057] <... write resumed>) = 4 [pid 5053] write(4, "0x0000000000000000", 18 [pid 5052] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5050] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [ 63.836907][ T4995] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer [ 63.854898][ T4993] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 63.855588][ T4995] NILFS (loop2): discard dirty page: offset=0, ino=3 [ 63.861845][ T4993] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 63.868788][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.877027][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5057] close(3 [pid 5052] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102 [pid 5050] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 5057] <... close resumed>) = 0 [pid 5052] <... openat resumed>) = -1 EINVAL (Invalid argument) [pid 5050] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5057] symlink("/dev/binderfs", "./binderfs" [pid 5052] openat(AT_FDCWD, NULL, O_RDWR [ 63.886408][ T5053] NILFS (loop3): discard dirty page: offset=0, ino=16 [ 63.895290][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.901304][ T5053] NILFS (loop3): discard dirty block: blocknr=23, size=1024 [ 63.911096][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.926293][ T5053] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.927443][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5050] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 5057] <... symlink resumed>) = 0 [pid 5052] <... openat resumed>) = -1 EFAULT (Bad address) [ 63.944412][ T5050] NILFS (loop1): discard dirty page: offset=0, ino=16 [ 63.945623][ T4993] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 63.951183][ T5050] NILFS (loop1): discard dirty block: blocknr=23, size=1024 [ 63.951202][ T5050] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.951218][ T5050] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.951232][ T5050] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5057] memfd_create("syzkaller", 0 [pid 5053] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5052] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5050] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5057] <... memfd_create resumed>) = 3 [pid 5053] fchdir(-1 [pid 5052] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5050] exit_group(0 [pid 5057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5053] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 5052] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 5050] <... exit_group resumed>) = ? [pid 5053] creat(NULL, 000 [pid 5052] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5050] +++ exited with 0 +++ [pid 5057] <... mmap resumed>) = 0x7f4167bc0000 [pid 5053] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5052] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5050, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 4994] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, [ 63.961260][ T4995] NILFS (loop2): discard dirty block: blocknr=44, size=1024 [ 63.976304][ T5053] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.976326][ T5053] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 63.986283][ T4993] NILFS (loop0): discard dirty page: offset=0, ino=3 [ 63.995350][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.002403][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5053] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0 [pid 4994] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./4/binderfs") = 0 [pid 4994] umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4995] <... umount2 resumed>) = 0 [pid 4995] umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./3/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./3/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5057] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5053] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4995] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(4, 0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 4995] getdents64(4, 0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 4995] close(4) = 0 [pid 4995] rmdir("./3/file2") = 0 [pid 4995] getdents64(3, 0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4995] close(3) = 0 [pid 4995] rmdir("./3") = 0 [pid 4995] mkdir("./4", 0777 [pid 5057] <... write resumed>) = 1048576 [pid 5053] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102 [pid 4995] <... mkdir resumed>) = 0 [pid 4995] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 4995] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 64.046039][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.053168][ T5052] NILFS (loop5): discard dirty page: offset=0, ino=16 [ 64.069302][ T4993] NILFS (loop0): discard dirty block: blocknr=44, size=1024 [ 64.073111][ T4994] NILFS (loop1): discard dirty page: offset=4096, ino=6 [ 64.076928][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4995] close(3 [pid 5057] munmap(0x7f4167bc0000, 1048576 [pid 5053] <... openat resumed>) = -1 EINVAL (Invalid argument) [pid 4995] <... close resumed>) = 0 [pid 5057] <... munmap resumed>) = 0 [pid 5053] openat(AT_FDCWD, NULL, O_RDWR [pid 4995] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a025d0) = 5058 [pid 5057] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5053] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5057] <... openat resumed>) = 4 [pid 5053] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5057] ioctl(4, LOOP_SET_FD, 3 [pid 5053] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4993] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 5058 attached [pid 5058] chdir("./4") = 0 [pid 5058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5058] setpgid(0, 0) = 0 [pid 5058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5058] write(3, "1000", 4) = 4 [pid 5058] close(3) = 0 [pid 5058] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5053] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 5058] memfd_create("syzkaller", 0 [pid 5053] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4993] umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5058] <... memfd_create resumed>) = 3 [ 64.100268][ T5052] NILFS (loop5): discard dirty block: blocknr=23, size=1024 [ 64.114146][ T5052] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.124366][ T5052] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.130275][ T4994] NILFS (loop1): discard dirty block: blocknr=39, size=1024 [ 64.133461][ T5057] loop4: detected capacity change from 0 to 2048 [pid 5053] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 4993] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4167bc0000 [pid 4993] lstat("./3/file2", [pid 5058] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 4993] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4993] umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5057] <... ioctl resumed>) = 0 [pid 4993] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5057] close(3 [pid 5052] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5057] <... close resumed>) = 0 [ 64.153018][ T5053] NILFS (loop3): discard dirty page: offset=0, ino=16 [ 64.160134][ T5053] NILFS (loop3): discard dirty block: blocknr=23, size=1024 [ 64.165957][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.169828][ T5053] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.185891][ T5052] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.195224][ T5053] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4993] openat(AT_FDCWD, "./3/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5052] exit_group(0 [pid 5057] mkdir("./file2", 0777 [pid 5053] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5052] <... exit_group resumed>) = ? [pid 4993] <... openat resumed>) = 4 [pid 5057] <... mkdir resumed>) = 0 [pid 5053] exit_group(0 [pid 5058] <... write resumed>) = 1048576 [pid 5057] mount("/dev/loop4", "./file2", "nilfs2", 0, "" [pid 5053] <... exit_group resumed>) = ? [pid 5052] +++ exited with 0 +++ [pid 4993] fstat(4, [pid 5058] munmap(0x7f4167bc0000, 1048576) = 0 [pid 5058] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5058] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5053] +++ exited with 0 +++ [pid 4993] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5058] close(3 [pid 4996] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5053, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5058] <... close resumed>) = 0 [pid 4996] restart_syscall(<... resuming interrupted clone ...> [pid 5058] mkdir("./file2", 0777 [pid 4996] <... restart_syscall resumed>) = 0 [pid 5058] <... mkdir resumed>) = 0 [pid 5058] mount("/dev/loop2", "./file2", "nilfs2", 0, "" [pid 4996] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4998] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5052, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 4996] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4993] getdents64(4, [pid 4998] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4996] <... openat resumed>) = 3 [pid 4996] fstat(3, [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4996] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4993] <... getdents64 resumed>0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 5057] <... mount resumed>) = 0 [ 64.204727][ T5053] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.208279][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.227014][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.233259][ T5058] loop2: detected capacity change from 0 to 2048 [ 64.238292][ T4994] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer [pid 4998] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4996] getdents64(3, 0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4996] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4996] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4996] unlink("./4/binderfs") = 0 [pid 4996] umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5057] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 4998] <... openat resumed>) = 3 [pid 4993] getdents64(4, [pid 5057] <... openat resumed>) = 3 [pid 4998] fstat(3, [pid 4993] <... getdents64 resumed>0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 5057] chdir("./file2" [pid 4998] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4993] close(4 [pid 5057] <... chdir resumed>) = 0 [pid 4998] getdents64(3, [pid 4993] <... close resumed>) = 0 [pid 5057] ioctl(4, LOOP_CLR_FD [pid 4998] <... getdents64 resumed>0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4993] rmdir("./3/file2" [pid 5057] <... ioctl resumed>) = 0 [pid 4998] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4993] <... rmdir resumed>) = 0 [pid 5057] close(4 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4993] getdents64(3, [pid 5057] <... close resumed>) = 0 [pid 4998] lstat("./4/binderfs", [pid 4993] <... getdents64 resumed>0x555556a03620 /* 0 entries */, 32768) = 0 [pid 5057] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 4998] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4993] close(3 [pid 5057] <... open resumed>) = 4 [pid 4998] unlink("./4/binderfs" [pid 4993] <... close resumed>) = 0 [pid 4998] <... unlink resumed>) = 0 [pid 4998] umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW [ 64.259330][ T5059] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 64.267781][ T4994] NILFS (loop1): discard dirty page: offset=0, ino=3 [ 64.282757][ T27] audit: type=1800 audit(1686241705.498:29): pid=5057 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor134" name="file2" dev="loop4" ino=16 res=0 errno=0 [pid 4993] rmdir("./3") = 0 [pid 4993] mkdir("./4", 0777) = 0 [pid 4993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4993] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4993] close(3) = 0 [pid 4993] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a025d0) = 5060 ./strace-static-x86_64: Process 5060 attached [pid 5060] chdir("./4") = 0 [pid 5060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5060] setpgid(0, 0) = 0 [pid 5060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5060] write(3, "1000", 4) = 4 [pid 5060] close(3) = 0 [pid 5060] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5060] memfd_create("syzkaller", 0) = 3 [pid 5060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4167bc0000 [pid 5060] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5058] <... mount resumed>) = 0 [pid 5058] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5058] chdir("./file2") = 0 [pid 5058] ioctl(4, LOOP_CLR_FD) = 0 [pid 5058] close(4) = 0 [pid 5058] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [ 64.305322][ T4996] NILFS (loop3): discard dirty page: offset=4096, ino=6 [ 64.305330][ T4998] NILFS (loop5): discard dirty page: offset=4096, ino=6 [ 64.305348][ T4998] NILFS (loop5): discard dirty block: blocknr=39, size=1024 [ 64.312264][ T4996] NILFS (loop3): discard dirty block: blocknr=39, size=1024 [ 64.334019][ T5058] NILFS (loop2): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 64.334045][ T5058] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=16) [ 64.346079][ T5058] Remounting filesystem read-only [pid 5058] ftruncate(4, 0 [ 64.360489][ T5061] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 64.371821][ T5057] NILFS (loop4): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 64.372665][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.399424][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5057] ftruncate(4, 0 [pid 5060] <... write resumed>) = 1048576 [ 64.409161][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.418321][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.427612][ T4998] NILFS (loop5): disposed unprocessed dirty file(s) when detaching log writer [ 64.435557][ T27] audit: type=1800 audit(1686241705.558:30): pid=5058 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor134" name="file2" dev="loop2" ino=16 res=0 errno=0 [pid 5060] munmap(0x7f4167bc0000, 1048576) = 0 [pid 5060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5060] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5060] close(3) = 0 [ 64.438352][ T4998] NILFS (loop5): discard dirty page: offset=0, ino=3 [ 64.459544][ T5057] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=16) [ 64.464186][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.474282][ T5060] loop0: detected capacity change from 0 to 2048 [ 64.482057][ T5058] NILFS (loop2): error -5 truncating bmap (ino=16) [ 64.495372][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5060] mkdir("./file2", 0777) = 0 [pid 5060] mount("/dev/loop0", "./file2", "nilfs2", 0, "" [pid 5058] <... ftruncate resumed>) = 0 [pid 5058] write(4, "0x0000000000000000", 18 [pid 5057] <... ftruncate resumed>) = 0 [ 64.497840][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.513934][ T5057] Remounting filesystem read-only [ 64.513974][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.518956][ T5057] NILFS (loop4): error -5 truncating bmap (ino=16) [ 64.534581][ T4998] NILFS (loop5): discard dirty block: blocknr=44, size=1024 [ 64.535321][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.551028][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.553160][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.560997][ T5058] NILFS (loop2): discard dirty page: offset=0, ino=16 [ 64.569044][ T5057] NILFS (loop4): discard dirty page: offset=0, ino=16 [ 64.576493][ T4994] NILFS (loop1): discard dirty block: blocknr=44, size=1024 [ 64.584624][ T5057] NILFS (loop4): discard dirty block: blocknr=23, size=1024 [ 64.599016][ T5058] NILFS (loop2): discard dirty block: blocknr=23, size=1024 [pid 5057] write(4, "0x0000000000000000", 18 [pid 4998] <... umount2 resumed>) = 0 [pid 4998] umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] <... umount2 resumed>) = 0 [pid 4998] lstat("./4/file2", [pid 5060] <... mount resumed>) = 0 [pid 4998] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5060] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5060] chdir("./file2") = 0 [pid 5060] ioctl(4, LOOP_CLR_FD) = 0 [pid 5060] close(4) = 0 [ 64.610183][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.615245][ T5062] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 64.620145][ T5058] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.633149][ T4996] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 64.646143][ T5057] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5060] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 4998] umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5060] <... open resumed>) = 4 [pid 4994] umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW [ 64.661357][ T27] audit: type=1800 audit(1686241705.878:31): pid=5060 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor134" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 64.670262][ T5058] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.687220][ T4996] NILFS (loop3): discard dirty page: offset=0, ino=3 [ 64.697755][ T5060] NILFS (loop0): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [pid 5060] ftruncate(4, 0 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4994] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4998] openat(AT_FDCWD, "./4/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4994] lstat("./4/file2", [pid 4998] <... openat resumed>) = 4 [pid 4994] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5058] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5057] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4998] fstat(4, [pid 4994] umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4998] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4998] getdents64(4, [pid 4994] openat(AT_FDCWD, "./4/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4998] <... getdents64 resumed>0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 4994] <... openat resumed>) = 4 [pid 4998] getdents64(4, [pid 4994] fstat(4, [pid 4998] <... getdents64 resumed>0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 4994] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5057] fchdir(-1 [pid 4998] close(4 [pid 4994] getdents64(4, [pid 5057] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 4998] <... close resumed>) = 0 [pid 4994] <... getdents64 resumed>0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 5057] creat(NULL, 000 [pid 4998] rmdir("./4/file2" [ 64.703054][ T5057] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.712212][ T5060] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=16) [ 64.723346][ T5057] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.730015][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.739198][ T5058] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.751914][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4994] getdents64(4, [pid 5057] <... creat resumed>) = -1 EFAULT (Bad address) [pid 4998] <... rmdir resumed>) = 0 [pid 4994] <... getdents64 resumed>0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 5057] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0 [pid 4998] getdents64(3, [pid 4994] close(4 [pid 5057] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4998] <... getdents64 resumed>0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4994] <... close resumed>) = 0 [pid 5057] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102 [pid 4998] close(3 [pid 4994] rmdir("./4/file2" [pid 5057] <... openat resumed>) = -1 EINVAL (Invalid argument) [pid 4998] <... close resumed>) = 0 [pid 4994] <... rmdir resumed>) = 0 [pid 5057] openat(AT_FDCWD, NULL, O_RDWR [pid 4998] rmdir("./4" [pid 4994] getdents64(3, [pid 5057] <... openat resumed>) = -1 EFAULT (Bad address) [pid 4998] <... rmdir resumed>) = 0 [pid 4994] <... getdents64 resumed>0x555556a03620 /* 0 entries */, 32768) = 0 [pid 5057] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 4998] mkdir("./5", 0777 [pid 4994] close(3 [pid 5057] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4998] <... mkdir resumed>) = 0 [pid 4994] <... close resumed>) = 0 [pid 5057] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 4998] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 4994] rmdir("./4" [pid 5057] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4998] <... openat resumed>) = 3 [pid 4994] <... rmdir resumed>) = 0 [pid 5057] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 4998] ioctl(3, LOOP_CLR_FD [pid 4994] mkdir("./5", 0777 [pid 4998] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 4994] <... mkdir resumed>) = 0 [pid 5058] fchdir(-1 [pid 4998] close(3 [pid 4994] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5060] <... ftruncate resumed>) = 0 [pid 5058] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 4998] <... close resumed>) = 0 [pid 4994] <... openat resumed>) = 3 [pid 5058] creat(NULL, 000 [pid 4998] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 4994] ioctl(3, LOOP_CLR_FD [pid 5058] <... creat resumed>) = -1 EFAULT (Bad address) [pid 4994] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5058] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0 [pid 4998] <... clone resumed>, child_tidptr=0x555556a025d0) = 5063 [pid 4994] close(3 [pid 5058] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4994] <... close resumed>) = 0 [pid 5058] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5058] <... openat resumed>) = -1 EINVAL (Invalid argument) [pid 5058] openat(AT_FDCWD, NULL, O_RDWR [pid 4994] <... clone resumed>, child_tidptr=0x555556a025d0) = 5064 [pid 5058] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5058] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5058] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [ 64.762877][ T4996] NILFS (loop3): discard dirty block: blocknr=44, size=1024 [ 64.770235][ T5060] Remounting filesystem read-only [ 64.775632][ T5060] NILFS (loop0): error -5 truncating bmap (ino=16) [ 64.782252][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.803138][ T5057] NILFS (loop4): discard dirty page: offset=0, ino=16 [pid 5058] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24./strace-static-x86_64: Process 5064 attached ./strace-static-x86_64: Process 5063 attached [pid 5060] write(4, "0x0000000000000000", 18 [pid 4996] <... umount2 resumed>) = 0 [pid 5064] chdir("./5" [pid 5063] chdir("./5" [pid 5064] <... chdir resumed>) = 0 [pid 5063] <... chdir resumed>) = 0 [pid 5064] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5063] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] <... prctl resumed>) = 0 [pid 5063] <... prctl resumed>) = 0 [ 64.809949][ T5057] NILFS (loop4): discard dirty block: blocknr=23, size=1024 [ 64.818042][ T5058] NILFS (loop2): discard dirty page: offset=0, ino=16 [ 64.826660][ T5060] NILFS (loop0): discard dirty page: offset=0, ino=16 [ 64.828430][ T5058] NILFS (loop2): discard dirty block: blocknr=23, size=1024 [ 64.841523][ T5060] NILFS (loop0): discard dirty block: blocknr=23, size=1024 [ 64.843176][ T5057] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4996] umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] setpgid(0, 0 [pid 5063] setpgid(0, 0 [pid 4996] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... setpgid resumed>) = 0 [pid 5063] <... setpgid resumed>) = 0 [pid 4996] lstat("./4/file2", [pid 5064] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5060] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4996] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 64.857787][ T5060] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.860145][ T5058] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.867057][ T5060] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.877969][ T5057] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.885115][ T5060] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.895746][ T5058] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5064] <... openat resumed>) = 3 [pid 5063] <... openat resumed>) = 3 [pid 5060] fchdir(-1 [pid 5057] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4996] umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5064] write(3, "1000", 4 [pid 5063] write(3, "1000", 4 [pid 5060] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 4996] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5064] <... write resumed>) = 4 [pid 5063] <... write resumed>) = 4 [pid 5060] creat(NULL, 000 [pid 4996] openat(AT_FDCWD, "./4/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5064] close(3 [pid 5063] close(3 [pid 5060] <... creat resumed>) = -1 EFAULT (Bad address) [pid 4996] <... openat resumed>) = 4 [pid 5064] <... close resumed>) = 0 [pid 5063] <... close resumed>) = 0 [pid 5060] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0 [pid 4996] fstat(4, [pid 5064] symlink("/dev/binderfs", "./binderfs" [pid 5063] symlink("/dev/binderfs", "./binderfs" [pid 5060] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4996] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5064] <... symlink resumed>) = 0 [pid 5063] <... symlink resumed>) = 0 [pid 5060] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102 [pid 5064] memfd_create("syzkaller", 0 [pid 5063] memfd_create("syzkaller", 0 [pid 5060] <... openat resumed>) = -1 EINVAL (Invalid argument) [pid 5058] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4996] getdents64(4, [pid 5064] <... memfd_create resumed>) = 3 [pid 5063] <... memfd_create resumed>) = 3 [pid 5060] openat(AT_FDCWD, NULL, O_RDWR [pid 4996] <... getdents64 resumed>0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 5064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5060] <... openat resumed>) = -1 EFAULT (Bad address) [pid 4996] getdents64(4, [pid 5064] <... mmap resumed>) = 0x7f4167bc0000 [pid 5063] <... mmap resumed>) = 0x7f4167bc0000 [pid 5060] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 4996] <... getdents64 resumed>0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 5060] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5058] exit_group(0 [pid 5057] exit_group(0 [pid 4996] close(4 [pid 5057] <... exit_group resumed>) = ? [pid 5057] +++ exited with 0 +++ [pid 5060] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 4997] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5057, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- [pid 4996] <... close resumed>) = 0 [pid 5060] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 4997] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4996] rmdir("./4/file2" [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4996] <... rmdir resumed>) = 0 [pid 4997] <... openat resumed>) = 3 [pid 4996] getdents64(3, [pid 4997] fstat(3, [pid 4996] <... getdents64 resumed>0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4997] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4996] close(3 [pid 4997] getdents64(3, [pid 4996] <... close resumed>) = 0 [pid 5058] <... exit_group resumed>) = ? [pid 4997] <... getdents64 resumed>0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4996] rmdir("./4" [pid 5058] +++ exited with 0 +++ [pid 4995] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5058, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- [pid 4995] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4995] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4995] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(3, [pid 4997] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4995] <... getdents64 resumed>0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4996] <... rmdir resumed>) = 0 [pid 4995] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4997] lstat("./4/binderfs", [pid 4996] mkdir("./5", 0777 [pid 4995] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4995] lstat("./4/binderfs", [pid 4997] unlink("./4/binderfs" [pid 4996] <... mkdir resumed>) = 0 [pid 4995] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4997] <... unlink resumed>) = 0 [pid 4996] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 4995] unlink("./4/binderfs" [pid 4997] umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4996] <... openat resumed>) = 3 [pid 4995] <... unlink resumed>) = 0 [ 64.903866][ T5057] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.913832][ T5058] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.947317][ T5060] NILFS (loop0): discard dirty page: offset=0, ino=16 [pid 5064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5063] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 4996] ioctl(3, LOOP_CLR_FD [pid 4995] umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5063] <... write resumed>) = 1048576 [pid 4996] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5063] munmap(0x7f4167bc0000, 1048576 [ 64.959829][ T4997] NILFS (loop4): discard dirty page: offset=4096, ino=6 [ 64.964563][ T5060] NILFS (loop0): discard dirty block: blocknr=23, size=1024 [ 64.968036][ T4997] NILFS (loop4): discard dirty block: blocknr=39, size=1024 [ 64.980972][ T5060] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 64.982938][ T4995] NILFS (loop2): discard dirty page: offset=4096, ino=6 [ 64.990628][ T5060] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4996] close(3 [pid 5063] <... munmap resumed>) = 0 [pid 4996] <... close resumed>) = 0 [pid 5064] <... write resumed>) = 1048576 [pid 5064] munmap(0x7f4167bc0000, 1048576 [pid 5063] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 4996] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5063] <... openat resumed>) = 4 [pid 5064] <... munmap resumed>) = 0 [pid 5063] ioctl(4, LOOP_SET_FD, 3 [pid 5064] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5064] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 5065 attached [pid 5063] <... ioctl resumed>) = 0 [pid 4996] <... clone resumed>, child_tidptr=0x555556a025d0) = 5065 [pid 5065] chdir("./5" [pid 5063] close(3 [pid 5060] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5065] <... chdir resumed>) = 0 [pid 5063] <... close resumed>) = 0 [ 65.002638][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.022197][ T5063] loop5: detected capacity change from 0 to 2048 [ 65.023782][ T5064] loop1: detected capacity change from 0 to 2048 [ 65.029768][ T5060] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.035945][ T4995] NILFS (loop2): discard dirty block: blocknr=39, size=1024 [ 65.044429][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5060] exit_group(0 [pid 5065] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5064] <... ioctl resumed>) = 0 [pid 5063] mkdir("./file2", 0777 [pid 5065] <... prctl resumed>) = 0 [pid 5060] <... exit_group resumed>) = ? [pid 5064] close(3 [pid 5065] setpgid(0, 0 [pid 5063] <... mkdir resumed>) = 0 [pid 5064] <... close resumed>) = 0 [pid 5064] mkdir("./file2", 0777 [pid 5065] <... setpgid resumed>) = 0 [pid 5063] mount("/dev/loop5", "./file2", "nilfs2", 0, "" [pid 5060] +++ exited with 0 +++ [pid 5064] <... mkdir resumed>) = 0 [pid 5064] mount("/dev/loop1", "./file2", "nilfs2", 0, "" [pid 5065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5064] <... mount resumed>) = 0 [pid 5064] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 4993] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5060, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- [pid 5065] <... openat resumed>) = 3 [pid 5064] <... openat resumed>) = 3 [pid 5065] write(3, "1000", 4 [pid 5064] chdir("./file2") = 0 [pid 4993] umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... write resumed>) = 4 [pid 5064] ioctl(4, LOOP_CLR_FD) = 0 [pid 5064] close(4 [pid 4993] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5065] close(3 [pid 4993] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5065] <... close resumed>) = 0 [pid 5065] symlink("/dev/binderfs", "./binderfs" [pid 4993] <... openat resumed>) = 3 [pid 5064] <... close resumed>) = 0 [pid 5065] <... symlink resumed>) = 0 [pid 5064] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [ 65.061049][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.072279][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.073013][ T4997] NILFS (loop4): disposed unprocessed dirty file(s) when detaching log writer [pid 5064] ftruncate(4, 0 [pid 5065] memfd_create("syzkaller", 0 [pid 4993] fstat(3, [pid 5065] <... memfd_create resumed>) = 3 [pid 4993] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 65.098888][ T27] audit: type=1800 audit(1686241706.318:32): pid=5064 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor134" name="file2" dev="loop1" ino=16 res=0 errno=0 [ 65.100538][ T5064] NILFS (loop1): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 65.119619][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.136689][ T5066] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 65.141772][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5065] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 4993] getdents64(3, [pid 5065] <... mmap resumed>) = 0x7f4167bc0000 [pid 4993] <... getdents64 resumed>0x555556a03620 /* 4 entries */, 32768) = 112 [pid 5065] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 4993] umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4993] lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4993] unlink("./4/binderfs") = 0 [pid 4993] umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5065] <... write resumed>) = 1048576 [ 65.151653][ T4997] NILFS (loop4): discard dirty page: offset=0, ino=3 [ 65.160437][ T4995] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer [ 65.166331][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.184055][ T5064] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=16) [ 65.197204][ T5067] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5063] <... mount resumed>) = 0 [pid 5065] munmap(0x7f4167bc0000, 1048576 [pid 5063] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5065] <... munmap resumed>) = 0 [pid 5063] <... openat resumed>) = 3 [ 65.209075][ T4993] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 65.209330][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.220923][ T4993] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 65.225984][ T5064] Remounting filesystem read-only [ 65.233692][ T4995] NILFS (loop2): discard dirty page: offset=0, ino=3 [ 65.238095][ T5064] NILFS (loop1): error -5 truncating bmap (ino=16) [ 65.245343][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5065] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5063] chdir("./file2" [pid 5064] <... ftruncate resumed>) = 0 [pid 5064] write(4, "0x0000000000000000", 18 [pid 5065] <... openat resumed>) = 4 [pid 5063] <... chdir resumed>) = 0 [pid 5065] ioctl(4, LOOP_SET_FD, 3 [ 65.251925][ T4997] NILFS (loop4): discard dirty block: blocknr=44, size=1024 [ 65.260130][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.269942][ T5064] NILFS (loop1): discard dirty page: offset=0, ino=16 [ 65.276248][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.283494][ T5064] NILFS (loop1): discard dirty block: blocknr=23, size=1024 [ 65.291844][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5063] ioctl(4, LOOP_CLR_FD) = 0 [pid 5063] close(4) = 0 [pid 5063] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5065] <... ioctl resumed>) = 0 [ 65.300316][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.308321][ T5065] loop3: detected capacity change from 0 to 2048 [ 65.323285][ T5064] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.323307][ T5064] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.332365][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.350491][ T4993] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [pid 5065] close(3) = 0 [pid 5065] mkdir("./file2", 0777) = 0 [pid 5063] ftruncate(4, 0 [pid 5065] mount("/dev/loop3", "./file2", "nilfs2", 0, "" [pid 4997] <... umount2 resumed>) = 0 [pid 4997] umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4997] lstat("./4/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4997] openat(AT_FDCWD, "./4/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4997] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] getdents64(4, 0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 4997] getdents64(4, 0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 4997] close(4) = 0 [pid 4997] rmdir("./4/file2") = 0 [pid 4997] getdents64(3, 0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4997] close(3) = 0 [pid 4997] rmdir("./4") = 0 [pid 4997] mkdir("./5", 0777) = 0 [pid 4997] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [ 65.372696][ T4995] NILFS (loop2): discard dirty block: blocknr=44, size=1024 [ 65.380243][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.394277][ T5063] NILFS (loop5): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 65.407446][ T4993] NILFS (loop0): discard dirty page: offset=0, ino=3 [pid 4997] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4997] close(3 [pid 5065] <... mount resumed>) = 0 [pid 5065] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5065] chdir("./file2") = 0 [pid 5065] ioctl(4, LOOP_CLR_FD) = 0 [pid 5065] close(4) = 0 [pid 5065] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 4997] <... close resumed>) = 0 [pid 4997] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5065] <... open resumed>) = 4 [pid 5065] ftruncate(4, 0 [pid 4995] <... umount2 resumed>) = 0 [pid 4997] <... clone resumed>, child_tidptr=0x555556a025d0) = 5069 ./strace-static-x86_64: Process 5069 attached [pid 5069] chdir("./5") = 0 [pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5069] setpgid(0, 0) = 0 [pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "1000", 4) = 4 [pid 5069] close(3) = 0 [pid 5069] symlink("/dev/binderfs", "./binderfs") = 0 [ 65.416748][ T5068] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 65.430249][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.435446][ T5064] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.451469][ T5065] NILFS (loop3): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [pid 5069] memfd_create("syzkaller", 0) = 3 [pid 4995] umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 4995] lstat("./4/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./4/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4995] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(4, 0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 4995] getdents64(4, 0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 4995] close(4 [pid 5069] <... mmap resumed>) = 0x7f4167bc0000 [pid 4995] <... close resumed>) = 0 [pid 4995] rmdir("./4/file2" [pid 5069] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 4995] <... rmdir resumed>) = 0 [pid 4995] getdents64(3, [pid 5064] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4995] <... getdents64 resumed>0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4995] close(3) = 0 [pid 4995] rmdir("./4") = 0 [pid 4995] mkdir("./5", 0777 [pid 5064] fchdir(-1 [pid 4995] <... mkdir resumed>) = 0 [pid 4995] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 4995] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4995] close(3) = 0 [pid 4995] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5064] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 4995] <... clone resumed>, child_tidptr=0x555556a025d0) = 5070 [pid 5064] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5064] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0) = -1 EBADF (Bad file descriptor) [pid 5064] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102) = -1 EINVAL (Invalid argument) [pid 5064] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5064] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5064] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [ 65.464569][ T5063] NILFS error (device loop5): nilfs_bmap_truncate: broken bmap (inode number=16) [ 65.483578][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.491031][ T5065] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=16) [pid 5064] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24./strace-static-x86_64: Process 5070 attached [pid 5069] <... write resumed>) = 1048576 [pid 5070] chdir("./5") = 0 [pid 5070] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5070] setpgid(0, 0) = 0 [pid 5070] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5070] write(3, "1000", 4) = 4 [pid 5070] close(3) = 0 [pid 5070] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5070] memfd_create("syzkaller", 0) = 3 [pid 5070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4167bc0000 [pid 5070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [ 65.523424][ T5064] NILFS (loop1): discard dirty page: offset=0, ino=16 [ 65.531715][ T5063] Remounting filesystem read-only [ 65.549178][ T4993] NILFS (loop0): discard dirty block: blocknr=44, size=1024 [ 65.549901][ T5064] NILFS (loop1): discard dirty block: blocknr=23, size=1024 [ 65.556967][ T5063] NILFS (loop5): error -5 truncating bmap (ino=16) [pid 5069] munmap(0x7f4167bc0000, 1048576) = 0 [pid 5069] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 5069] ioctl(4, LOOP_SET_FD, 3 [pid 5070] <... write resumed>) = 1048576 [pid 5070] munmap(0x7f4167bc0000, 1048576) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5069] <... ioctl resumed>) = 0 [pid 5063] <... ftruncate resumed>) = 0 [pid 5069] close(3 [pid 5063] write(4, "0x0000000000000000", 18 [pid 5069] <... close resumed>) = 0 [pid 5070] <... openat resumed>) = 4 [pid 5070] ioctl(4, LOOP_SET_FD, 3 [ 65.571345][ T5065] Remounting filesystem read-only [ 65.577758][ T5065] NILFS (loop3): error -5 truncating bmap (ino=16) [ 65.587013][ T5069] loop4: detected capacity change from 0 to 2048 [ 65.594919][ T5064] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.597033][ T5070] loop2: detected capacity change from 0 to 2048 [ 65.604804][ T5063] NILFS (loop5): discard dirty page: offset=0, ino=16 [pid 5069] mkdir("./file2", 0777) = 0 [pid 5065] <... ftruncate resumed>) = 0 [pid 5065] write(4, "0x0000000000000000", 18 [pid 5070] <... ioctl resumed>) = 0 [pid 5070] close(3) = 0 [pid 5070] mkdir("./file2", 0777) = 0 [pid 5070] mount("/dev/loop2", "./file2", "nilfs2", 0, "" [pid 5069] mount("/dev/loop4", "./file2", "nilfs2", 0, "" [pid 4993] <... umount2 resumed>) = 0 [pid 4993] umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 65.611371][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.617972][ T5064] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.635720][ T5065] NILFS (loop3): discard dirty page: offset=0, ino=16 [ 65.640418][ T5063] NILFS (loop5): discard dirty block: blocknr=23, size=1024 [ 65.643623][ T5065] NILFS (loop3): discard dirty block: blocknr=23, size=1024 [ 65.650101][ T5063] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4993] lstat("./4/file2", [pid 5069] <... mount resumed>) = 0 [pid 5069] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 4993] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4993] umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4993] openat(AT_FDCWD, "./4/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4993] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4993] getdents64(4, 0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 4993] getdents64(4, 0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 4993] close(4) = 0 [pid 4993] rmdir("./4/file2" [pid 5069] <... openat resumed>) = 3 [pid 5069] chdir("./file2") = 0 [pid 5069] ioctl(4, LOOP_CLR_FD) = 0 [pid 5069] close(4) = 0 [pid 4993] <... rmdir resumed>) = 0 [pid 4993] getdents64(3, 0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4993] close(3) = 0 [pid 4993] rmdir("./4") = 0 [pid 4993] mkdir("./5", 0777) = 0 [pid 5069] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5070] <... mount resumed>) = 0 [pid 5069] <... open resumed>) = 4 [pid 5070] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5070] chdir("./file2") = 0 [pid 5070] ioctl(4, LOOP_CLR_FD) = 0 [pid 5070] close(4) = 0 [pid 5070] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 4993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 4993] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4993] close(3) = 0 [pid 4993] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5070] <... open resumed>) = 4 [pid 5069] ftruncate(4, 0 [pid 5064] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5070] ftruncate(4, 0 [pid 4993] <... clone resumed>, child_tidptr=0x555556a025d0) = 5073 [ 65.669108][ T5071] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 65.680205][ T5064] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.704368][ T5072] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 65.710725][ T5063] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5064] exit_group(0./strace-static-x86_64: Process 5073 attached [pid 5073] chdir("./5") = 0 [pid 5073] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5073] setpgid(0, 0) = 0 [pid 5073] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5064] <... exit_group resumed>) = ? [pid 5073] write(3, "1000", 4) = 4 [pid 5064] +++ exited with 0 +++ [pid 5073] close(3 [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5064, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- [pid 5073] <... close resumed>) = 0 [pid 4994] restart_syscall(<... resuming interrupted clone ...> [pid 5073] symlink("/dev/binderfs", "./binderfs") = 0 [ 65.726227][ T5069] NILFS (loop4): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 65.728300][ T5065] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.746697][ T5070] NILFS (loop2): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 65.757508][ T5069] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=16) [pid 5073] memfd_create("syzkaller", 0) = 3 [pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4167bc0000 [pid 4994] <... restart_syscall resumed>) = 0 [pid 4994] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 4994] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./5/binderfs") = 0 [pid 4994] umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] <... write resumed>) = 1048576 [ 65.771692][ T5063] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.784879][ T5070] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=16) [ 65.801496][ T5069] Remounting filesystem read-only [ 65.812519][ T4994] NILFS (loop1): discard dirty page: offset=4096, ino=6 [pid 5073] munmap(0x7f4167bc0000, 1048576) = 0 [pid 5063] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5073] ioctl(4, LOOP_SET_FD, 3 [pid 5069] <... ftruncate resumed>) = 0 [pid 5063] fchdir(-1 [pid 5069] write(4, "0x0000000000000000", 18 [pid 5063] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 5073] <... ioctl resumed>) = 0 [pid 5073] close(3) = 0 [pid 5073] mkdir("./file2", 0777 [pid 5070] <... ftruncate resumed>) = 0 [ 65.822286][ T5070] Remounting filesystem read-only [ 65.822523][ T4994] NILFS (loop1): discard dirty block: blocknr=39, size=1024 [ 65.830393][ T5065] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.843071][ T5069] NILFS (loop4): error -5 truncating bmap (ino=16) [ 65.847675][ T5073] loop0: detected capacity change from 0 to 2048 [ 65.851250][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.858086][ T5070] NILFS (loop2): error -5 truncating bmap (ino=16) [pid 5070] write(4, "0x0000000000000000", 18 [pid 5073] <... mkdir resumed>) = 0 [pid 5073] mount("/dev/loop0", "./file2", "nilfs2", 0, "" [pid 5063] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5063] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0 [pid 5065] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5065] fchdir(-1) = -1 EBADF (Bad file descriptor) [pid 5065] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5065] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0) = -1 EBADF (Bad file descriptor) [pid 5065] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102) = -1 EINVAL (Invalid argument) [pid 5063] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5063] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102) = -1 EINVAL (Invalid argument) [ 65.865686][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.880382][ T5065] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.881551][ T5069] NILFS (loop4): discard dirty page: offset=0, ino=16 [ 65.891139][ T5070] NILFS (loop2): discard dirty page: offset=0, ino=16 [ 65.896932][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.905314][ T5070] NILFS (loop2): discard dirty block: blocknr=23, size=1024 [ 65.912966][ T5069] NILFS (loop4): discard dirty block: blocknr=23, size=1024 [pid 5063] openat(AT_FDCWD, NULL, O_RDWR [pid 5065] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5065] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5065] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5065] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 5063] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5063] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [ 65.929323][ T4994] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer [ 65.935303][ T5070] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.938588][ T5069] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.947733][ T5065] NILFS (loop3): discard dirty page: offset=0, ino=16 [ 65.957178][ T4994] NILFS (loop1): discard dirty page: offset=0, ino=3 [ 65.964685][ T5070] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5063] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [ 65.969816][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.980116][ T5065] NILFS (loop3): discard dirty block: blocknr=23, size=1024 [ 65.987598][ T5069] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 65.996987][ T5070] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.004076][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5063] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 5070] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5070] fchdir(-1) = -1 EBADF (Bad file descriptor) [pid 5070] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5070] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0) = -1 EBADF (Bad file descriptor) [pid 5070] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102) = -1 EINVAL (Invalid argument) [pid 5070] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5070] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5070] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [ 66.014668][ T5065] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.021857][ T5069] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.041285][ T5063] NILFS (loop5): discard dirty page: offset=0, ino=16 [ 66.042312][ T5065] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.048331][ T5074] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 66.057575][ T5070] NILFS (loop2): discard dirty page: offset=0, ino=16 [pid 5070] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 5073] <... mount resumed>) = 0 [pid 5073] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5073] chdir("./file2") = 0 [pid 5073] ioctl(4, LOOP_CLR_FD) = 0 [pid 5073] close(4) = 0 [pid 5073] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5073] ftruncate(4, 0 [pid 5069] <... write resumed>) = -1 EROFS (Read-only file system) [ 66.067626][ T4994] NILFS (loop1): discard dirty block: blocknr=44, size=1024 [ 66.075736][ T5065] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.081790][ T5063] NILFS (loop5): discard dirty block: blocknr=23, size=1024 [ 66.091648][ T5070] NILFS (loop2): discard dirty block: blocknr=23, size=1024 [ 66.098020][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.115826][ T5073] NILFS (loop0): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [pid 5069] fchdir(-1) = -1 EBADF (Bad file descriptor) [pid 5069] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5065] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5065] exit_group(0) = ? [pid 5069] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0) = -1 EBADF (Bad file descriptor) [pid 5069] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102) = -1 EINVAL (Invalid argument) [pid 5069] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5069] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 4994] <... umount2 resumed>) = 0 [pid 5065] +++ exited with 0 +++ [ 66.127043][ T5063] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.129590][ T5073] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=16) [ 66.154411][ T5063] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.154861][ T5070] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5069] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5063] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4996] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5065, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- [pid 4994] umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 4994] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5069] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4994] lstat("./5/file2", [pid 5069] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 4996] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4994] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4996] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4994] umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4996] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4994] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4996] <... openat resumed>) = 3 [pid 4994] openat(AT_FDCWD, "./5/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4996] fstat(3, [pid 4994] <... openat resumed>) = 4 [pid 4996] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] fstat(4, [pid 4996] getdents64(3, [pid 4994] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4996] <... getdents64 resumed>0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4994] getdents64(4, [pid 4996] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4994] <... getdents64 resumed>0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 4996] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4994] getdents64(4, [pid 4996] lstat("./5/binderfs", [pid 4994] <... getdents64 resumed>0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 5070] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5063] exit_group(0 [pid 4996] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] close(4 [pid 4996] unlink("./5/binderfs" [pid 4994] <... close resumed>) = 0 [pid 4996] <... unlink resumed>) = 0 [pid 4994] rmdir("./5/file2" [pid 4996] umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4994] <... rmdir resumed>) = 0 [pid 4994] getdents64(3, 0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4994] close(3) = 0 [pid 4994] rmdir("./5") = 0 [ 66.172692][ T5063] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.175607][ T5070] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.192428][ T5069] NILFS (loop4): discard dirty page: offset=0, ino=16 [ 66.192864][ T5070] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.209492][ T5069] NILFS (loop4): discard dirty block: blocknr=23, size=1024 [ 66.218833][ T4996] NILFS (loop3): discard dirty page: offset=4096, ino=6 [pid 4994] mkdir("./6", 0777) = 0 [pid 5070] exit_group(0 [pid 5063] <... exit_group resumed>) = ? [pid 4994] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 4994] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4994] close(3) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a025d0) = 5075 [pid 5070] <... exit_group resumed>) = ? [pid 5063] +++ exited with 0 +++ [ 66.218915][ T5069] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.229888][ T4996] NILFS (loop3): discard dirty block: blocknr=39, size=1024 [ 66.243203][ T5073] Remounting filesystem read-only [ 66.248033][ T5069] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.248239][ T5073] NILFS (loop0): error -5 truncating bmap (ino=16) [ 66.263886][ T5069] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 ./strace-static-x86_64: Process 5075 attached [pid 5070] +++ exited with 0 +++ [pid 5069] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4998] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5063, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- [pid 4995] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5070, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- [pid 4995] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4995] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4995] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(3, 0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4995] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4995] unlink("./5/binderfs") = 0 [pid 4995] umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5069] exit_group(0 [pid 5075] chdir("./6" [pid 5069] <... exit_group resumed>) = ? [pid 5075] <... chdir resumed>) = 0 [pid 5069] +++ exited with 0 +++ [ 66.273277][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.283707][ T4995] NILFS (loop2): discard dirty page: offset=4096, ino=6 [ 66.284952][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.294628][ T4995] NILFS (loop2): discard dirty block: blocknr=39, size=1024 [ 66.302152][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.311593][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4998] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] <... ftruncate resumed>) = 0 [pid 5073] write(4, "0x0000000000000000", 18 [pid 5075] <... prctl resumed>) = 0 [pid 4998] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4997] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5069, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- [pid 5075] setpgid(0, 0 [pid 4998] <... openat resumed>) = 3 [pid 4997] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5075] <... setpgid resumed>) = 0 [pid 4998] fstat(3, [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 66.316888][ T4996] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 66.326374][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.335516][ T4996] NILFS (loop3): discard dirty page: offset=0, ino=3 [ 66.343561][ T5073] NILFS (loop0): discard dirty page: offset=0, ino=16 [ 66.350469][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.357034][ T5073] NILFS (loop0): discard dirty block: blocknr=23, size=1024 [ 66.366354][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 4998] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5075] <... openat resumed>) = 3 [pid 4998] getdents64(3, [pid 4997] <... openat resumed>) = 3 [ 66.373506][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.382458][ T4996] NILFS (loop3): discard dirty block: blocknr=44, size=1024 [ 66.391204][ T5073] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.406945][ T4996] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.416873][ T4995] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer [pid 5075] write(3, "1000", 4 [pid 4998] <... getdents64 resumed>0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4997] fstat(3, [pid 4996] <... umount2 resumed>) = 0 [pid 5075] <... write resumed>) = 4 [pid 5075] close(3) = 0 [pid 5075] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4998] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5075] memfd_create("syzkaller", 0) = 3 [pid 5075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 4997] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4996] umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5075] <... mmap resumed>) = 0x7f4167bc0000 [pid 4996] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4997] getdents64(3, [pid 4996] lstat("./5/file2", [pid 4998] lstat("./5/binderfs", [pid 4997] <... getdents64 resumed>0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4996] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4998] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4996] umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4998] unlink("./5/binderfs" [pid 5073] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4997] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4996] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] fchdir(-1 [pid 4998] <... unlink resumed>) = 0 [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4996] openat(AT_FDCWD, "./5/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5073] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 4998] umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4997] lstat("./5/binderfs", [pid 5073] creat(NULL, 000 [pid 4996] <... openat resumed>) = 4 [pid 5073] <... creat resumed>) = -1 EFAULT (Bad address) [pid 4997] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4996] fstat(4, [pid 5073] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0 [pid 4997] unlink("./5/binderfs" [pid 4996] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5073] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4997] <... unlink resumed>) = 0 [pid 4996] getdents64(4, [pid 5073] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102 [pid 4997] umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4996] <... getdents64 resumed>0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 5073] <... openat resumed>) = -1 EINVAL (Invalid argument) [pid 4996] getdents64(4, [pid 5073] openat(AT_FDCWD, NULL, O_RDWR [pid 4996] <... getdents64 resumed>0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 5073] <... openat resumed>) = -1 EFAULT (Bad address) [pid 4996] close(4 [pid 5075] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5073] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 4996] <... close resumed>) = 0 [pid 4996] rmdir("./5/file2") = 0 [ 66.422146][ T5073] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.437948][ T5073] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.453377][ T4995] NILFS (loop2): discard dirty page: offset=0, ino=3 [ 66.462738][ T4998] NILFS (loop5): discard dirty page: offset=4096, ino=6 [ 66.469860][ T4998] NILFS (loop5): discard dirty block: blocknr=39, size=1024 [pid 4996] getdents64(3, [pid 5075] <... write resumed>) = 1048576 [pid 5075] munmap(0x7f4167bc0000, 1048576 [pid 4996] <... getdents64 resumed>0x555556a03620 /* 0 entries */, 32768) = 0 [pid 5073] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4996] close(3 [pid 5075] <... munmap resumed>) = 0 [pid 5075] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5075] ioctl(4, LOOP_SET_FD, 3 [pid 5073] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 4996] <... close resumed>) = 0 [pid 5075] <... ioctl resumed>) = 0 [pid 5075] close(3) = 0 [pid 5075] mkdir("./file2", 0777) = 0 [pid 5075] mount("/dev/loop1", "./file2", "nilfs2", 0, "" [pid 5073] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [ 66.478239][ T4997] NILFS (loop4): discard dirty page: offset=4096, ino=6 [ 66.487600][ T4997] NILFS (loop4): discard dirty block: blocknr=39, size=1024 [ 66.491246][ T5075] loop1: detected capacity change from 0 to 2048 [ 66.496041][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.508554][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.511370][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4996] rmdir("./5" [pid 5073] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 4996] <... rmdir resumed>) = 0 [pid 4996] mkdir("./6", 0777) = 0 [pid 4996] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [ 66.520618][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.528911][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.546638][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.555751][ T5073] NILFS (loop0): discard dirty page: offset=0, ino=16 [ 66.562986][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.563929][ T5073] NILFS (loop0): discard dirty block: blocknr=23, size=1024 [pid 4996] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4996] close(3 [pid 5075] <... mount resumed>) = 0 [pid 4996] <... close resumed>) = 0 [ 66.580042][ T4995] NILFS (loop2): discard dirty block: blocknr=44, size=1024 [ 66.580975][ T5076] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 66.587683][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.607541][ T4998] NILFS (loop5): disposed unprocessed dirty file(s) when detaching log writer [ 66.607928][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5075] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5075] chdir("./file2") = 0 [pid 5075] ioctl(4, LOOP_CLR_FD) = 0 [pid 5075] close(4) = 0 [pid 5075] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 4996] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5075] <... open resumed>) = 4 [pid 5075] ftruncate(4, 0./strace-static-x86_64: Process 5077 attached [pid 4996] <... clone resumed>, child_tidptr=0x555556a025d0) = 5077 [pid 5077] chdir("./6") = 0 [pid 5077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5077] setpgid(0, 0) = 0 [pid 5077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5077] write(3, "1000", 4) = 4 [pid 5077] close(3) = 0 [pid 5077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5077] memfd_create("syzkaller", 0) = 3 [pid 5077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4167bc0000 [ 66.628327][ T5073] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.639172][ T5073] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.639865][ T5075] NILFS (loop1): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 66.648905][ T4997] NILFS (loop4): disposed unprocessed dirty file(s) when detaching log writer [ 66.668559][ T5073] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5077] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5073] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4995] <... umount2 resumed>) = 0 [pid 5073] exit_group(0 [pid 4995] umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5073] <... exit_group resumed>) = ? [pid 4995] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5073] +++ exited with 0 +++ [pid 4995] lstat("./5/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4993] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5073, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- [pid 4995] umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4993] restart_syscall(<... resuming interrupted clone ...> [pid 4995] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./5/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4993] <... restart_syscall resumed>) = 0 [pid 4995] <... openat resumed>) = 4 [pid 4995] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4993] umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4995] getdents64(4, [pid 4993] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4995] <... getdents64 resumed>0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 4993] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4995] getdents64(4, 0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 4993] <... openat resumed>) = 3 [pid 4995] close(4) = 0 [pid 4993] fstat(3, [pid 4995] rmdir("./5/file2" [pid 4993] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] <... rmdir resumed>) = 0 [pid 4993] getdents64(3, [pid 4995] getdents64(3, [pid 5077] <... write resumed>) = 1048576 [pid 4995] <... getdents64 resumed>0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4993] <... getdents64 resumed>0x555556a03620 /* 4 entries */, 32768) = 112 [pid 5077] munmap(0x7f4167bc0000, 1048576 [pid 4995] close(3 [pid 4993] umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5077] <... munmap resumed>) = 0 [pid 4995] <... close resumed>) = 0 [pid 4993] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5077] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 4995] rmdir("./5" [pid 4993] lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4995] <... rmdir resumed>) = 0 [pid 4993] unlink("./5/binderfs" [pid 5077] <... openat resumed>) = 4 [pid 5077] ioctl(4, LOOP_SET_FD, 3 [pid 4995] mkdir("./6", 0777 [pid 4993] <... unlink resumed>) = 0 [ 66.689191][ T4998] NILFS (loop5): discard dirty page: offset=0, ino=3 [ 66.695134][ T4997] NILFS (loop4): discard dirty page: offset=0, ino=3 [ 66.717721][ T5075] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=16) [ 66.728970][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5077] <... ioctl resumed>) = 0 [pid 4995] <... mkdir resumed>) = 0 [pid 4993] umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5077] close(3 [pid 4995] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5077] <... close resumed>) = 0 [pid 5077] mkdir("./file2", 0777 [pid 4995] <... openat resumed>) = 3 [pid 5077] <... mkdir resumed>) = 0 [ 66.741076][ T5077] loop3: detected capacity change from 0 to 2048 [ 66.745681][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.748622][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.760908][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.766420][ T5075] Remounting filesystem read-only [ 66.781052][ T4998] NILFS (loop5): discard dirty block: blocknr=44, size=1024 [pid 4995] ioctl(3, LOOP_CLR_FD [pid 5077] mount("/dev/loop3", "./file2", "nilfs2", 0, "" [pid 4995] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 4995] close(3) = 0 [pid 4995] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a025d0) = 5078 [pid 5075] <... ftruncate resumed>) = 0 [pid 5077] <... mount resumed>) = 0 [ 66.781550][ T4993] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 66.789471][ T4998] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.795849][ T5075] NILFS (loop1): error -5 truncating bmap (ino=16) [ 66.812090][ T4997] NILFS (loop4): discard dirty block: blocknr=44, size=1024 [ 66.822134][ T4993] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [pid 5075] write(4, "0x0000000000000000", 18 [pid 5077] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 5078 attached [pid 5078] chdir("./6" [pid 5077] <... openat resumed>) = 3 [pid 4998] <... umount2 resumed>) = 0 [pid 5078] <... chdir resumed>) = 0 [pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5078] setpgid(0, 0) = 0 [pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5077] chdir("./file2" [pid 5078] <... openat resumed>) = 3 [pid 5078] write(3, "1000", 4) = 4 [pid 5078] close(3 [pid 5077] <... chdir resumed>) = 0 [pid 5078] <... close resumed>) = 0 [pid 5078] symlink("/dev/binderfs", "./binderfs") = 0 [pid 4998] umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5078] memfd_create("syzkaller", 0 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5078] <... memfd_create resumed>) = 3 [pid 4998] lstat("./5/file2", [pid 5078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 4998] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5078] <... mmap resumed>) = 0x7f4167bc0000 [pid 4998] umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5077] ioctl(4, LOOP_CLR_FD [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5077] <... ioctl resumed>) = 0 [pid 4998] openat(AT_FDCWD, "./5/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5077] close(4 [pid 4998] <... openat resumed>) = 4 [pid 4998] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 66.835230][ T5079] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 66.846800][ T5075] NILFS (loop1): discard dirty page: offset=0, ino=16 [ 66.854254][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.864173][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.874033][ T5075] NILFS (loop1): discard dirty block: blocknr=23, size=1024 [ 66.882346][ T5075] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4998] getdents64(4, 0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 5078] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 4998] getdents64(4, 0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 4998] close(4) = 0 [pid 4998] rmdir("./5/file2" [pid 5077] <... close resumed>) = 0 [pid 4998] <... rmdir resumed>) = 0 [pid 4997] <... umount2 resumed>) = 0 [pid 5077] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 4998] getdents64(3, 0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4997] umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5077] <... open resumed>) = 4 [pid 4998] close(3 [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5077] ftruncate(4, 0 [pid 4998] <... close resumed>) = 0 [pid 4997] lstat("./5/file2", [pid 4998] rmdir("./5") = 0 [pid 4998] mkdir("./6", 0777) = 0 [pid 4998] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 4998] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4998] close(3) = 0 [pid 4998] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a025d0) = 5080 ./strace-static-x86_64: Process 5080 attached [pid 4997] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 66.894526][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.907813][ T5075] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.917445][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 66.933797][ T5075] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5080] chdir("./6" [pid 5078] <... write resumed>) = 1048576 [pid 5080] <... chdir resumed>) = 0 [pid 5080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5080] setpgid(0, 0) = 0 [pid 5080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5080] write(3, "1000", 4 [pid 4997] umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5080] <... write resumed>) = 4 [pid 4997] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5080] close(3 [pid 4997] openat(AT_FDCWD, "./5/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5080] <... close resumed>) = 0 [pid 5080] symlink("/dev/binderfs", "./binderfs" [pid 4997] <... openat resumed>) = 4 [pid 5080] <... symlink resumed>) = 0 [pid 4997] fstat(4, [pid 5080] memfd_create("syzkaller", 0) = 3 [pid 5080] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4167bc0000 [pid 5080] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 4997] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] getdents64(4, 0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 5078] munmap(0x7f4167bc0000, 1048576 [pid 4997] getdents64(4, 0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 4997] close(4) = 0 [pid 5078] <... munmap resumed>) = 0 [pid 5075] <... write resumed>) = -1 EROFS (Read-only file system) [ 66.945286][ T5077] NILFS (loop3): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 66.963642][ T5077] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=16) [ 66.979770][ T4993] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [pid 4997] rmdir("./5/file2" [pid 5075] fchdir(-1 [pid 4997] <... rmdir resumed>) = 0 [pid 5078] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5078] ioctl(4, LOOP_SET_FD, 3 [pid 5075] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 4997] getdents64(3, [pid 5075] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0 [pid 4997] <... getdents64 resumed>0x555556a03620 /* 0 entries */, 32768) = 0 [pid 5075] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102 [pid 4997] close(3 [pid 5075] <... openat resumed>) = -1 EINVAL (Invalid argument) [pid 5075] openat(AT_FDCWD, NULL, O_RDWR [pid 4997] <... close resumed>) = 0 [pid 5075] <... openat resumed>) = -1 EFAULT (Bad address) [pid 5077] <... ftruncate resumed>) = 0 [pid 4997] rmdir("./5" [pid 5075] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 4997] <... rmdir resumed>) = 0 [pid 5075] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5075] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 5077] write(4, "0x0000000000000000", 18 [pid 4997] mkdir("./6", 0777 [pid 5075] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5078] <... ioctl resumed>) = 0 [pid 5078] close(3) = 0 [pid 5078] mkdir("./file2", 0777 [pid 4997] <... mkdir resumed>) = 0 [ 66.995459][ T5077] Remounting filesystem read-only [ 67.000695][ T5077] NILFS (loop3): error -5 truncating bmap (ino=16) [ 67.013512][ T4993] NILFS (loop0): discard dirty page: offset=0, ino=3 [ 67.018338][ T5078] loop2: detected capacity change from 0 to 2048 [ 67.020291][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5075] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 4997] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5080] <... write resumed>) = 1048576 [pid 5078] <... mkdir resumed>) = 0 [pid 5080] munmap(0x7f4167bc0000, 1048576 [pid 5078] mount("/dev/loop2", "./file2", "nilfs2", 0, "" [pid 5080] <... munmap resumed>) = 0 [pid 5080] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5080] ioctl(4, LOOP_SET_FD, 3 [pid 4997] <... openat resumed>) = 3 [pid 4997] ioctl(3, LOOP_CLR_FD [pid 5080] <... ioctl resumed>) = 0 [pid 5080] close(3) = 0 [pid 5080] mkdir("./file2", 0777) = 0 [pid 4997] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5080] mount("/dev/loop5", "./file2", "nilfs2", 0, "" [pid 4997] close(3) = 0 [ 67.040659][ T5075] NILFS (loop1): discard dirty page: offset=0, ino=16 [ 67.046922][ T5080] loop5: detected capacity change from 0 to 2048 [ 67.048842][ T5075] NILFS (loop1): discard dirty block: blocknr=23, size=1024 [ 67.054220][ T5077] NILFS (loop3): discard dirty page: offset=0, ino=16 [ 67.062870][ T5075] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.077567][ T5077] NILFS (loop3): discard dirty block: blocknr=23, size=1024 [ 67.079026][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4997] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5082 attached [pid 5082] chdir("./6") = 0 [pid 5082] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5082] setpgid(0, 0) = 0 [pid 5082] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 4997] <... clone resumed>, child_tidptr=0x555556a025d0) = 5082 [pid 5082] <... openat resumed>) = 3 [pid 5082] write(3, "1000", 4) = 4 [pid 5082] close(3) = 0 [pid 5082] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5082] memfd_create("syzkaller", 0) = 3 [pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4167bc0000 [ 67.103577][ T5077] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.106733][ T5075] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.122042][ T5081] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 67.135123][ T4993] NILFS (loop0): discard dirty block: blocknr=44, size=1024 [ 67.137428][ T5077] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5078] <... mount resumed>) = 0 [pid 5078] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5078] chdir("./file2") = 0 [pid 5078] ioctl(4, LOOP_CLR_FD) = 0 [pid 5078] close(4) = 0 [pid 5078] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5078] ftruncate(4, 0 [pid 5082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5075] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5075] exit_group(0 [pid 5080] <... mount resumed>) = 0 [pid 5080] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5080] chdir("./file2") = 0 [pid 5080] ioctl(4, LOOP_CLR_FD) = 0 [pid 5080] close(4) = 0 [pid 5080] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5075] <... exit_group resumed>) = ? [ 67.143023][ T4993] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.157257][ T5078] NILFS (loop2): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 67.179390][ T5075] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.180262][ T5083] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5080] ftruncate(4, 0 [pid 5075] +++ exited with 0 +++ [pid 4993] <... umount2 resumed>) = 0 [pid 4994] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5075, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- [pid 4994] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4994] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] getdents64(3, 0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4994] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4994] lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] unlink("./6/binderfs") = 0 [pid 4994] umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] <... write resumed>) = 1048576 [pid 4993] umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5082] munmap(0x7f4167bc0000, 1048576) = 0 [pid 4993] lstat("./5/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4993] umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 67.217342][ T5080] NILFS (loop5): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 67.236300][ T4994] NILFS (loop1): discard dirty page: offset=4096, ino=6 [ 67.246193][ T5078] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=16) [ 67.257153][ T4994] NILFS (loop1): discard dirty block: blocknr=39, size=1024 [pid 5082] ioctl(4, LOOP_SET_FD, 3 [pid 4993] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5077] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4993] openat(AT_FDCWD, "./5/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5077] fchdir(-1 [pid 4993] <... openat resumed>) = 4 [pid 5077] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [ 67.261652][ T5077] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.265403][ T5082] loop4: detected capacity change from 0 to 2048 [ 67.279314][ T5080] NILFS error (device loop5): nilfs_bmap_truncate: broken bmap (inode number=16) [ 67.280555][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.291150][ T5080] Remounting filesystem read-only [ 67.299829][ T5078] Remounting filesystem read-only [ 67.304641][ T5080] NILFS (loop5): error -5 truncating bmap (ino=16) [pid 4993] fstat(4, [pid 5082] <... ioctl resumed>) = 0 [pid 5080] <... ftruncate resumed>) = 0 [pid 5077] creat(NULL, 000 [pid 4993] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5078] <... ftruncate resumed>) = 0 [pid 5078] write(4, "0x0000000000000000", 18 [pid 5082] close(3 [pid 5080] write(4, "0x0000000000000000", 18 [pid 5077] <... creat resumed>) = -1 EFAULT (Bad address) [pid 4993] getdents64(4, [pid 5082] <... close resumed>) = 0 [pid 5077] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0 [pid 5082] mkdir("./file2", 0777 [pid 5077] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4993] <... getdents64 resumed>0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 5082] <... mkdir resumed>) = 0 [pid 5077] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102 [ 67.309884][ T5078] NILFS (loop2): error -5 truncating bmap (ino=16) [ 67.316126][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.324627][ T5078] NILFS (loop2): discard dirty page: offset=0, ino=16 [ 67.331320][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.347770][ T5080] NILFS (loop5): discard dirty page: offset=0, ino=16 [ 67.355722][ T5078] NILFS (loop2): discard dirty block: blocknr=23, size=1024 [pid 4993] getdents64(4, [pid 5082] mount("/dev/loop4", "./file2", "nilfs2", 0, "" [pid 5077] <... openat resumed>) = -1 EINVAL (Invalid argument) [pid 4993] <... getdents64 resumed>0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 5077] openat(AT_FDCWD, NULL, O_RDWR [pid 4993] close(4 [pid 5077] <... openat resumed>) = -1 EFAULT (Bad address) [pid 4993] <... close resumed>) = 0 [pid 5078] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5078] fchdir(-1) = -1 EBADF (Bad file descriptor) [pid 5078] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5078] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0) = -1 EBADF (Bad file descriptor) [pid 5078] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102) = -1 EINVAL (Invalid argument) [pid 5078] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [ 67.356533][ T4994] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer [ 67.365288][ T5078] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.372278][ T5080] NILFS (loop5): discard dirty block: blocknr=23, size=1024 [ 67.382418][ T5078] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.390079][ T4994] NILFS (loop1): discard dirty page: offset=0, ino=3 [ 67.398852][ T5078] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5078] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5078] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5078] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24) = -1 EROFS (Read-only file system) [pid 5078] exit_group(0) = ? [pid 5078] +++ exited with 0 +++ [pid 5077] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 4993] rmdir("./5/file2" [pid 5077] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4995] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 4993] <... rmdir resumed>) = 0 [ 67.404630][ T5080] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.421823][ T5078] NILFS (loop2): discard dirty page: offset=0, ino=16 [ 67.421845][ T5078] NILFS (loop2): discard dirty block: blocknr=23, size=1024 [ 67.421860][ T5078] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.421876][ T5078] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.421891][ T5078] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5080] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5077] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 4995] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4993] getdents64(3, [pid 5080] fchdir(-1 [pid 5077] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4995] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4993] <... getdents64 resumed>0x555556a03620 /* 0 entries */, 32768) = 0 [pid 5080] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 5077] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 4995] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 4993] close(3 [pid 5080] creat(NULL, 000 [pid 4995] <... openat resumed>) = 3 [pid 4993] <... close resumed>) = 0 [pid 5080] <... creat resumed>) = -1 EFAULT (Bad address) [pid 4995] fstat(3, [pid 4993] rmdir("./5" [pid 5080] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0 [pid 4995] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4993] <... rmdir resumed>) = 0 [pid 5080] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4995] getdents64(3, [pid 4993] mkdir("./6", 0777 [pid 5080] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102 [pid 4995] <... getdents64 resumed>0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4993] <... mkdir resumed>) = 0 [pid 5080] <... openat resumed>) = -1 EINVAL (Invalid argument) [pid 5080] openat(AT_FDCWD, NULL, O_RDWR [pid 4995] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4993] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5080] <... openat resumed>) = -1 EFAULT (Bad address) [pid 4995] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5080] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 4995] lstat("./6/binderfs", [pid 4993] <... openat resumed>) = 3 [pid 5080] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4995] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4993] ioctl(3, LOOP_CLR_FD [pid 5080] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [ 67.427520][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.431059][ T5080] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.439140][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.447730][ T5080] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.455788][ T4994] NILFS (loop1): discard dirty block: blocknr=44, size=1024 [ 67.507572][ T4994] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4995] unlink("./6/binderfs" [pid 5080] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 4995] <... unlink resumed>) = 0 [pid 4993] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 5080] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 4995] umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4993] close(3) = 0 [pid 4993] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a025d0) = 5085 ./strace-static-x86_64: Process 5085 attached [pid 5082] <... mount resumed>) = 0 [pid 4994] <... umount2 resumed>) = 0 [pid 5082] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 67.516693][ T5084] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 67.523014][ T4995] NILFS (loop2): discard dirty page: offset=4096, ino=6 [ 67.538599][ T5080] NILFS (loop5): discard dirty page: offset=0, ino=16 [ 67.541149][ T4995] NILFS (loop2): discard dirty block: blocknr=39, size=1024 [ 67.548504][ T5077] NILFS (loop3): discard dirty page: offset=0, ino=16 [ 67.554732][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5082] chdir("./file2" [pid 5085] chdir("./6" [pid 5082] <... chdir resumed>) = 0 [pid 4994] umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5082] ioctl(4, LOOP_CLR_FD) = 0 [pid 5082] close(4) = 0 [pid 5082] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [ 67.559711][ T5077] NILFS (loop3): discard dirty block: blocknr=23, size=1024 [ 67.568428][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.568447][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.568667][ T4995] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer [ 67.584645][ T5082] NILFS (loop4): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [pid 5082] ftruncate(4, 0 [pid 5085] <... chdir resumed>) = 0 [pid 4994] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] prctl(PR_SET_PDEATHSIG, SIGKILL [ 67.598287][ T4995] NILFS (loop2): discard dirty page: offset=0, ino=3 [ 67.620560][ T5080] NILFS (loop5): discard dirty block: blocknr=23, size=1024 [ 67.620567][ T2384] NILFS (loop3): discard dirty page: offset=0, ino=3 [ 67.620585][ T2384] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.628135][ T5080] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.645605][ T2384] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4994] lstat("./6/file2", [pid 5085] <... prctl resumed>) = 0 [pid 4994] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] setpgid(0, 0 [pid 4994] umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] <... setpgid resumed>) = 0 [pid 5080] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4994] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 67.664641][ T5080] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.669532][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.674522][ T5080] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.684214][ T5082] NILFS error (device loop4): nilfs_bmap_truncate: broken bmap (inode number=16) [ 67.692167][ T2384] NILFS (loop3): discard dirty block: blocknr=44, size=1024 [ 67.701735][ T5077] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5085] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5080] exit_group(0 [pid 4994] openat(AT_FDCWD, "./6/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5085] <... openat resumed>) = 3 [pid 5080] <... exit_group resumed>) = ? [pid 4994] <... openat resumed>) = 4 [pid 5085] write(3, "1000", 4 [pid 5080] +++ exited with 0 +++ [ 67.709092][ T2384] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.718360][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.727148][ T2384] NILFS (loop3): discard dirty page: offset=4096, ino=6 [ 67.736142][ T5077] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.743884][ T2384] NILFS (loop3): discard dirty block: blocknr=39, size=1024 [ 67.752027][ T4995] NILFS (loop2): discard dirty block: blocknr=44, size=1024 [pid 4994] fstat(4, [pid 5085] <... write resumed>) = 4 [pid 4994] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5085] close(3 [pid 4998] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5080, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- [pid 4994] getdents64(4, [pid 5085] <... close resumed>) = 0 [pid 4998] restart_syscall(<... resuming interrupted clone ...> [pid 4994] <... getdents64 resumed>0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 5085] symlink("/dev/binderfs", "./binderfs" [pid 4998] <... restart_syscall resumed>) = 0 [ 67.759164][ T2384] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.766687][ T5077] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.784148][ T2384] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.784421][ T5082] Remounting filesystem read-only [ 67.794013][ T2384] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.799083][ T4995] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4994] getdents64(4, [pid 5085] <... symlink resumed>) = 0 [pid 5077] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4994] <... getdents64 resumed>0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 5082] <... ftruncate resumed>) = 0 [pid 5082] write(4, "0x0000000000000000", 18 [pid 5085] memfd_create("syzkaller", 0 [pid 5077] exit_group(0 [pid 4994] close(4 [pid 5085] <... memfd_create resumed>) = 3 [pid 5077] <... exit_group resumed>) = ? [pid 4998] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4994] <... close resumed>) = 0 [pid 5077] +++ exited with 0 +++ [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4996] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5077, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- [pid 4994] rmdir("./6/file2" [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 4996] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4994] <... rmdir resumed>) = 0 [pid 4998] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5085] <... mmap resumed>) = 0x7f4167bc0000 [pid 4996] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4998] <... openat resumed>) = 3 [pid 4996] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4996] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4996] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4996] getdents64(3, 0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4996] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4996] lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4996] unlink("./6/binderfs") = 0 [ 67.808453][ T2384] NILFS (loop3): discard dirty page: offset=0, ino=16 [ 67.817331][ T5082] NILFS (loop4): error -5 truncating bmap (ino=16) [ 67.823583][ T2384] NILFS (loop3): discard dirty block: blocknr=23, size=1024 [ 67.831058][ T5082] NILFS (loop4): discard dirty page: offset=0, ino=16 [ 67.837411][ T2384] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4996] umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 4998] fstat(3, [pid 4994] getdents64(3, [pid 5085] <... write resumed>) = 1048576 [pid 4998] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4994] <... getdents64 resumed>0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4995] <... umount2 resumed>) = 0 [pid 4995] umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] lstat("./6/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4995] openat(AT_FDCWD, "./6/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 4995] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4995] getdents64(4, 0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 4995] getdents64(4, 0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 4995] close(4) = 0 [pid 4995] rmdir("./6/file2") = 0 [pid 4995] getdents64(3, 0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4995] close(3) = 0 [pid 4995] rmdir("./6") = 0 [pid 4995] mkdir("./7", 0777) = 0 [pid 4995] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 4998] getdents64(3, [pid 4994] close(3 [pid 5085] munmap(0x7f4167bc0000, 1048576 [pid 4995] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 67.864429][ T2384] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.876627][ T5082] NILFS (loop4): discard dirty block: blocknr=23, size=1024 [ 67.880921][ T2384] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.897241][ T5082] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.903379][ T4996] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [pid 4995] close(3 [pid 5085] <... munmap resumed>) = 0 [pid 4998] <... getdents64 resumed>0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4994] <... close resumed>) = 0 [pid 4995] <... close resumed>) = 0 [pid 4995] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a025d0) = 5086 ./strace-static-x86_64: Process 5086 attached [pid 5086] chdir("./7") = 0 [pid 5086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5086] setpgid(0, 0) = 0 [pid 5086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5086] write(3, "1000", 4) = 4 [pid 5086] close(3) = 0 [pid 5086] symlink("/dev/binderfs", "./binderfs" [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 4998] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4994] rmdir("./6" [pid 5086] <... symlink resumed>) = 0 [pid 5086] memfd_create("syzkaller", 0) = 3 [pid 5086] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4167bc0000 [pid 4994] <... rmdir resumed>) = 0 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5085] <... openat resumed>) = 4 [pid 4998] lstat("./6/binderfs", [pid 4994] mkdir("./7", 0777 [pid 5085] ioctl(4, LOOP_SET_FD, 3 [pid 4998] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4994] <... mkdir resumed>) = 0 [pid 5085] <... ioctl resumed>) = 0 [pid 4998] unlink("./6/binderfs" [pid 4994] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 4998] <... unlink resumed>) = 0 [pid 4994] ioctl(3, LOOP_CLR_FD [pid 4998] umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 4994] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 4994] close(3 [ 67.906195][ T5082] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.933424][ T2384] NILFS (loop5): discard dirty page: offset=0, ino=3 [ 67.940197][ T2384] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.954507][ T5085] loop0: detected capacity change from 0 to 2048 [pid 5085] close(3) = 0 [pid 4994] <... close resumed>) = 0 [pid 4994] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5085] mkdir("./file2", 0777 [pid 4994] <... clone resumed>, child_tidptr=0x555556a025d0) = 5087 [pid 5085] <... mkdir resumed>) = 0 [pid 5085] mount("/dev/loop0", "./file2", "nilfs2", 0, "" [pid 5086] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 5087 attached [pid 5087] chdir("./7") = 0 [pid 5087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5087] setpgid(0, 0 [pid 4996] <... umount2 resumed>) = 0 [pid 5087] <... setpgid resumed>) = 0 [pid 4996] umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 4996] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5087] <... openat resumed>) = 3 [pid 4996] lstat("./6/file2", [pid 5087] write(3, "1000", 4 [pid 4996] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] <... write resumed>) = 4 [pid 5082] <... write resumed>) = -1 EROFS (Read-only file system) [pid 4996] umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5087] close(3 [pid 4996] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5087] <... close resumed>) = 0 [pid 4996] openat(AT_FDCWD, "./6/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5087] symlink("/dev/binderfs", "./binderfs" [pid 4996] <... openat resumed>) = 4 [pid 5087] <... symlink resumed>) = 0 [pid 4996] fstat(4, [pid 5087] memfd_create("syzkaller", 0 [pid 4996] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5087] <... memfd_create resumed>) = 3 [pid 4996] getdents64(4, [pid 5087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 4996] <... getdents64 resumed>0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 5087] <... mmap resumed>) = 0x7f4167bc0000 [pid 4996] getdents64(4, 0x555556a0b660 /* 0 entries */, 32768) = 0 [ 67.966425][ T5082] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 67.985895][ T2384] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.001868][ T2384] NILFS (loop5): discard dirty block: blocknr=44, size=1024 [pid 5082] fchdir(-1 [pid 4996] close(4 [pid 5087] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 4996] <... close resumed>) = 0 [pid 4996] rmdir("./6/file2") = 0 [pid 4996] getdents64(3, 0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4996] close(3) = 0 [pid 4996] rmdir("./6") = 0 [pid 5085] <... mount resumed>) = 0 [pid 4996] mkdir("./7", 0777 [pid 5086] <... write resumed>) = 1048576 [pid 5085] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5082] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 4996] <... mkdir resumed>) = 0 [pid 4996] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 4996] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 4996] close(3 [pid 5085] <... openat resumed>) = 3 [pid 5082] creat(NULL, 000 [pid 4996] <... close resumed>) = 0 [pid 4996] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556a025d0) = 5089 [pid 5086] munmap(0x7f4167bc0000, 1048576) = 0 [pid 5086] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 68.013426][ T5088] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 68.025194][ T2384] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.034899][ T2384] NILFS (loop5): discard dirty page: offset=4096, ino=6 [ 68.047396][ T5086] loop2: detected capacity change from 0 to 2048 [ 68.047520][ T2384] NILFS (loop5): discard dirty block: blocknr=39, size=1024 [ 68.053904][ T2384] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5086] ioctl(4, LOOP_SET_FD, 3 [pid 5085] chdir("./file2" [pid 5082] <... creat resumed>) = -1 EFAULT (Bad address) ./strace-static-x86_64: Process 5089 attached [pid 5089] chdir("./7") = 0 [pid 5089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5089] setpgid(0, 0) = 0 [pid 5087] <... write resumed>) = 1048576 [pid 5089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5089] write(3, "1000", 4) = 4 [pid 5089] close(3) = 0 [pid 5089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5089] memfd_create("syzkaller", 0) = 3 [pid 5089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4167bc0000 [pid 5085] <... chdir resumed>) = 0 [pid 5082] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0 [pid 5086] <... ioctl resumed>) = 0 [pid 5086] close(3) = 0 [pid 5086] mkdir("./file2", 0777 [pid 5085] ioctl(4, LOOP_CLR_FD [pid 5082] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5086] <... mkdir resumed>) = 0 [pid 5085] <... ioctl resumed>) = 0 [pid 5082] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102 [pid 5086] mount("/dev/loop2", "./file2", "nilfs2", 0, "" [pid 5087] munmap(0x7f4167bc0000, 1048576) = 0 [pid 5087] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5087] ioctl(4, LOOP_SET_FD, 3 [pid 5085] close(4 [pid 5082] <... openat resumed>) = -1 EINVAL (Invalid argument) [pid 5085] <... close resumed>) = 0 [pid 5082] openat(AT_FDCWD, NULL, O_RDWR [pid 5089] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5085] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000 [pid 5082] <... openat resumed>) = -1 EFAULT (Bad address) [ 68.053923][ T2384] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.079739][ T2384] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.090574][ T4998] NILFS (loop5): disposed unprocessed dirty file(s) when detaching log writer [ 68.097506][ T5087] loop1: detected capacity change from 0 to 2048 [pid 5082] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0 [pid 5085] <... open resumed>) = 4 [pid 5089] munmap(0x7f4167bc0000, 1048576 [pid 5087] <... ioctl resumed>) = 0 [pid 5087] close(3) = 0 [pid 5087] mkdir("./file2", 0777) = 0 [pid 5089] <... munmap resumed>) = 0 [pid 5089] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5087] mount("/dev/loop1", "./file2", "nilfs2", 0, "" [pid 5089] <... openat resumed>) = 4 [pid 5089] ioctl(4, LOOP_SET_FD, 3 [pid 5085] ftruncate(4, 0 [pid 5082] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5082] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 5086] <... mount resumed>) = 0 [pid 5086] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5086] chdir("./file2") = 0 [pid 5086] ioctl(4, LOOP_CLR_FD) = 0 [pid 5082] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5086] close(4) = 0 [pid 5086] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5082] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [ 68.122157][ T27] kauditd_printk_skb: 10 callbacks suppressed [ 68.122172][ T27] audit: type=1800 audit(1686241709.338:43): pid=5085 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor134" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 68.131233][ T5089] loop3: detected capacity change from 0 to 2048 [ 68.156960][ T5085] NILFS (loop0): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [pid 5086] ftruncate(4, 0 [pid 4998] <... umount2 resumed>) = 0 [pid 4998] umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5087] <... mount resumed>) = 0 [pid 5087] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5087] chdir("./file2") = 0 [pid 5087] ioctl(4, LOOP_CLR_FD) = 0 [pid 5087] close(4) = 0 [pid 5087] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [ 68.170718][ T5082] NILFS (loop4): discard dirty page: offset=0, ino=16 [ 68.171800][ T5086] NILFS (loop2): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 68.180745][ T5082] NILFS (loop4): discard dirty block: blocknr=23, size=1024 [ 68.189254][ T5090] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 68.206536][ T5091] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [pid 5087] ftruncate(4, 0 [pid 4998] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 4998] lstat("./6/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 5089] <... ioctl resumed>) = 0 [pid 5089] close(3 [pid 4998] umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4998] openat(AT_FDCWD, "./6/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5089] <... close resumed>) = 0 [pid 5089] mkdir("./file2", 0777 [pid 4998] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4998] getdents64(4, 0x555556a0b660 /* 2 entries */, 32768) = 48 [pid 5089] <... mkdir resumed>) = 0 [pid 5089] mount("/dev/loop3", "./file2", "nilfs2", 0, "" [pid 4998] getdents64(4, 0x555556a0b660 /* 0 entries */, 32768) = 0 [pid 4998] close(4) = 0 [pid 4998] rmdir("./6/file2") = 0 [pid 4998] getdents64(3, 0x555556a03620 /* 0 entries */, 32768) = 0 [pid 4998] close(3) = 0 [pid 4998] rmdir("./6") = 0 [pid 4998] mkdir("./7", 0777) = 0 [ 68.217647][ T5085] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=16) [ 68.217704][ T5087] NILFS (loop1): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 68.246519][ T5020] udevd[5020]: incorrect nilfs2 checksum on /dev/loop0 [ 68.252704][ T5085] Remounting filesystem read-only [ 68.260913][ T5082] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 4998] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 5089] <... mount resumed>) = 0 [pid 4998] <... openat resumed>) = 3 [pid 5089] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5089] chdir("./file2") = 0 [pid 5089] ioctl(4, LOOP_CLR_FD) = 0 [pid 5089] close(4) = 0 [pid 5089] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [ 68.279558][ T27] audit: type=1800 audit(1686241709.398:44): pid=5086 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor134" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 68.280802][ T5092] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 68.307071][ T5085] NILFS (loop0): error -5 truncating bmap (ino=16) [ 68.315937][ T5086] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=16) [pid 5089] ftruncate(4, 0 [pid 4998] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 68.326666][ T2384] NILFS (loop0): discard dirty page: offset=0, ino=3 [ 68.328208][ T5089] NILFS (loop3): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 68.338391][ T5082] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.345727][ T5087] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=16) [ 68.358839][ T2384] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.364523][ T5086] Remounting filesystem read-only [pid 5085] <... ftruncate resumed>) = 0 [pid 4998] close(3 [pid 5085] write(4, "0x0000000000000000", 18 [pid 4998] <... close resumed>) = 0 [pid 4998] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5093 attached [pid 5093] chdir("./7") = 0 [pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5093] setpgid(0, 0) = 0 [pid 5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5093] write(3, "1000", 4) = 4 [pid 5093] close(3) = 0 [pid 5093] symlink("/dev/binderfs", "./binderfs") = 0 [ 68.375259][ T2384] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.378367][ T5089] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=16) [ 68.392745][ T27] audit: type=1800 audit(1686241709.428:45): pid=5087 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor134" name="file2" dev="loop1" ino=16 res=0 errno=0 [ 68.416069][ T5086] NILFS (loop2): error -5 truncating bmap (ino=16) [ 68.416965][ T5085] NILFS (loop0): discard dirty page: offset=0, ino=16 [pid 4998] <... clone resumed>, child_tidptr=0x555556a025d0) = 5093 [pid 5093] memfd_create("syzkaller", 0) = 3 [pid 5093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4167bc0000 [pid 5086] <... ftruncate resumed>) = 0 [pid 5086] write(4, "0x0000000000000000", 18 [ 68.431588][ T5087] Remounting filesystem read-only [ 68.442284][ T5082] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.445676][ T5087] NILFS (loop1): error -5 truncating bmap (ino=16) [ 68.454563][ T5085] NILFS (loop0): discard dirty block: blocknr=23, size=1024 [ 68.466461][ T5086] NILFS (loop2): discard dirty page: offset=0, ino=16 [ 68.472491][ T2384] NILFS (loop0): discard dirty block: blocknr=44, size=1024 [pid 5093] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5082] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5082] exit_group(0) = ? [pid 5082] +++ exited with 0 +++ [pid 4997] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5082, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- [pid 4997] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 4997] umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4997] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 4997] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 4997] getdents64(3, 0x555556a03620 /* 4 entries */, 32768) = 112 [pid 4997] umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 4997] lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 4997] unlink("./6/binderfs") = 0 [ 68.481484][ T5085] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.481554][ T5089] Remounting filesystem read-only [ 68.490668][ T2384] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.507715][ T5085] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.515129][ T5086] NILFS (loop2): discard dirty block: blocknr=23, size=1024 [pid 4997] umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW [pid 5087] <... ftruncate resumed>) = 0 [ 68.517127][ T27] audit: type=1800 audit(1686241709.528:46): pid=5089 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor134" name="file2" dev="loop3" ino=16 res=0 errno=0 [ 68.544228][ T4997] NILFS (loop4): discard dirty page: offset=4096, ino=6 [ 68.544788][ T2384] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 68.551350][ T4997] NILFS (loop4): discard dirty block: blocknr=39, size=1024 [ 68.558237][ T5085] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.566548][ T5087] NILFS (loop1): discard dirty page: offset=0, ino=16 [pid 5087] write(4, "0x0000000000000000", 18 [pid 5093] <... write resumed>) = 1048576 [pid 5093] munmap(0x7f4167bc0000, 1048576) = 0 [pid 5093] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [pid 5093] ioctl(4, LOOP_SET_FD, 3 [pid 5085] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5089] <... ftruncate resumed>) = 0 [ 68.574559][ T5089] NILFS (loop3): error -5 truncating bmap (ino=16) [ 68.588364][ T2384] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 68.589662][ T5093] loop5: detected capacity change from 0 to 2048 [ 68.596291][ T2384] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.611413][ T5086] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.611680][ T2384] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5085] fchdir(-1 [pid 5089] write(4, "0x0000000000000000", 18 [pid 5085] <... fchdir resumed>) = -1 EBADF (Bad file descriptor) [pid 5093] <... ioctl resumed>) = 0 [pid 5093] close(3) = 0 [pid 5093] mkdir("./file2", 0777) = 0 [pid 5085] creat(NULL, 000 [pid 5093] mount("/dev/loop5", "./file2", "nilfs2", 0, "" [pid 5085] <... creat resumed>) = -1 EFAULT (Bad address) [ 68.621859][ T5087] NILFS (loop1): discard dirty block: blocknr=23, size=1024 [ 68.629734][ T2384] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.639908][ T5086] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.646393][ T5089] NILFS (loop3): discard dirty page: offset=0, ino=16 [ 68.661787][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.662736][ T5087] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5085] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0) = -1 EBADF (Bad file descriptor) [ 68.671174][ T5089] NILFS (loop3): discard dirty block: blocknr=23, size=1024 [ 68.681244][ T5086] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.689471][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.698298][ T5094] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 68.705960][ T5089] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5085] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102) = -1 EINVAL (Invalid argument) [pid 5093] <... mount resumed>) = 0 [pid 5093] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5093] chdir("./file2") = 0 [pid 5093] ioctl(4, LOOP_CLR_FD) = 0 [pid 5093] close(4) = 0 [pid 5093] open("./file2", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|FASYNC, 000) = 4 [pid 5093] ftruncate(4, 0 [pid 5085] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5086] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5085] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5086] fchdir(-1) = -1 EBADF (Bad file descriptor) [pid 5086] creat(NULL, 000 [ 68.717257][ T5087] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.733909][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.734176][ T4997] NILFS (loop4): disposed unprocessed dirty file(s) when detaching log writer [ 68.747696][ T5093] NILFS (loop5): vblocknr = 10 has abnormal lifetime: start cno (= 3221225474) > current cno (= 3) [ 68.762681][ T27] audit: type=1800 audit(1686241709.968:47): pid=5093 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor134" name="file2" dev="loop5" ino=16 res=0 errno=0 [ 68.788020][ T5085] ------------[ cut here ]------------ [ 68.789235][ T5087] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.793638][ T5085] WARNING: CPU: 1 PID: 5085 at fs/buffer.c:1130 mark_buffer_dirty+0x2dd/0x500 [ 68.804824][ T5093] NILFS error (device loop5): nilfs_bmap_truncate: broken bmap (inode number=16) [ 68.811285][ T5085] Modules linked in: [ 68.821176][ T5089] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [pid 5085] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL [pid 5086] <... creat resumed>) = -1 EFAULT (Bad address) [pid 5085] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5085] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 5086] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0) = -1 EBADF (Bad file descriptor) [pid 5086] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102) = -1 EINVAL (Invalid argument) [pid 5086] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5086] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5086] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [pid 5086] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 5087] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5087] fchdir(-1) = -1 EBADF (Bad file descriptor) [pid 5087] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5087] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0) = -1 EBADF (Bad file descriptor) [pid 5087] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102) = -1 EINVAL (Invalid argument) [pid 5087] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [pid 5087] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5087] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [ 68.824311][ T5085] CPU: 1 PID: 5085 Comm: syz-executor134 Not tainted 6.4.0-rc5-syzkaller-00024-g5f63595ebd82 #0 [ 68.824333][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 68.824343][ T5085] RIP: 0010:mark_buffer_dirty+0x2dd/0x500 [ 68.824366][ T5085] Code: df e8 57 0e e0 ff 48 8b 3b be 04 00 00 00 5b 41 5c 41 5e 41 5f 5d e9 22 69 fc ff e8 3d 39 88 ff e9 71 ff ff ff e8 33 39 88 ff <0f> 0b e9 6d fd ff ff e8 27 39 88 ff 0f 0b e9 96 fd ff ff e8 1b 39 [ 68.833705][ T5086] NILFS (loop2): discard dirty page: offset=0, ino=16 [ 68.843689][ T5085] RSP: 0018:ffffc90003f5f810 EFLAGS: 00010293 [ 68.853805][ T5087] NILFS (loop1): discard dirty page: offset=0, ino=16 [ 68.859475][ T5085] [ 68.859484][ T5085] RAX: ffffffff820345fd RBX: ffff8880775fbb01 RCX: ffff888015f30000 [ 68.880310][ T5093] Remounting filesystem read-only [ 68.885941][ T5085] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 68.885962][ T5085] RBP: 0000000000000000 R08: ffffffff82034364 R09: ffffed100eeb48af [ 68.885974][ T5085] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8880775a4570 [pid 5087] write(4, "\x0b\x00\x00\x00\x10\x00\x00\xfa\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00", 24 [pid 5093] <... ftruncate resumed>) = 0 [pid 5093] write(4, "0x0000000000000000", 18 [pid 5089] <... write resumed>) = -1 EROFS (Read-only file system) [pid 5089] fchdir(-1) = -1 EBADF (Bad file descriptor) [pid 5089] creat(NULL, 000) = -1 EFAULT (Bad address) [pid 5089] ioctl(-1, _IOC(_IOC_WRITE, 0x66, 0x8, 0x28), 0) = -1 EBADF (Bad file descriptor) [pid 5089] openat(-1, NULL, O_WRONLY|O_EXCL|O_NONBLOCK|O_NOFOLLOW|__O_TMPFILE, 0102) = -1 EINVAL (Invalid argument) [pid 5089] openat(AT_FDCWD, NULL, O_RDWR) = -1 EFAULT (Bad address) [ 68.885987][ T5085] R13: dffffc0000000000 R14: ffffc90003f5f880 R15: 1ffff920007ebf10 [ 68.886000][ T5085] FS: 0000555556a02300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 [ 68.892208][ T5093] NILFS (loop5): error -5 truncating bmap (ino=16) [ 68.898829][ T5085] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.909200][ T5089] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 68.914188][ T5085] CR2: 0000000000000000 CR3: 000000002ba98000 CR4: 00000000003506e0 [pid 5089] ioctl(-1, BTRFS_IOC_GET_SUBVOL_INFO, 0) = -1 EBADF (Bad file descriptor) [pid 5089] ioctl(-1, BTRFS_IOC_BALANCE_V2, NULL) = -1 EBADF (Bad file descriptor) [ 68.914205][ T5085] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 68.914216][ T5085] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 68.914227][ T5085] Call Trace: [ 68.914236][ T5085] [ 68.914245][ T5085] ? __warn+0x162/0x4a0 [ 68.931485][ T4997] NILFS (loop4): discard dirty page: offset=0, ino=3 [ 68.938579][ T5085] ? mark_buffer_dirty+0x2dd/0x500 [ 68.938615][ T5085] ? report_bug+0x2b3/0x500 [ 68.957790][ T5093] NILFS (loop5): discard dirty page: offset=0, ino=16 [ 68.962136][ T5085] ? mark_buffer_dirty+0x2dd/0x500 [ 68.962172][ T5085] ? handle_bug+0x3d/0x70 [ 68.972809][ T5086] NILFS (loop2): discard dirty block: blocknr=23, size=1024 [ 68.977657][ T5085] ? exc_invalid_op+0x1a/0x50 [ 68.992497][ T5089] NILFS (loop3): discard dirty page: offset=0, ino=16 [ 68.993645][ T5085] ? asm_exc_invalid_op+0x1a/0x20 [ 69.001692][ T5089] NILFS (loop3): discard dirty block: blocknr=23, size=1024 [ 69.004904][ T5085] ? mark_buffer_dirty+0x44/0x500 [ 69.004925][ T5085] ? mark_buffer_dirty+0x2dd/0x500 [ 69.004943][ T5085] ? mark_buffer_dirty+0x2dd/0x500 [ 69.004965][ T5085] __nilfs_mark_inode_dirty+0x105/0x280 [ 69.012319][ T5089] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.018718][ T5085] ? nilfs_inode_dirty+0x130/0x130 [ 69.024163][ T5087] NILFS (loop1): discard dirty block: blocknr=23, size=1024 [ 69.028325][ T5085] ? nilfs_transaction_begin+0x4fc/0x6e0 [ 69.028365][ T5085] nilfs_dirty_inode+0x164/0x200 [ 69.035618][ T5093] NILFS (loop5): discard dirty block: blocknr=23, size=1024 [ 69.040255][ T5085] ? do_raw_spin_unlock+0x13b/0x8b0 [ 69.040289][ T5085] ? __nilfs_mark_inode_dirty+0x280/0x280 [ 69.044954][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.051884][ T5085] ? __mark_inode_dirty+0x7fb/0xd90 [ 69.056897][ T5086] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.063349][ T5085] ? __nilfs_mark_inode_dirty+0x280/0x280 [ 69.063380][ T5085] __mark_inode_dirty+0x305/0xd90 [ 69.063407][ T5085] generic_write_end+0x184/0x1e0 [ 69.063432][ T5085] nilfs_write_end+0x85/0xf0 [ 69.063459][ T5085] ? nilfs_write_begin+0x110/0x110 [ 69.069972][ T5087] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.075751][ T5085] generic_perform_write+0x3ed/0x5e0 [ 69.075789][ T5085] ? generic_file_direct_write+0x460/0x460 [ 69.081882][ T5089] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.085912][ T5085] ? generic_file_direct_write+0x40f/0x460 [ 69.085946][ T5085] __generic_file_write_iter+0x29b/0x400 [ 69.085972][ T5085] generic_file_write_iter+0xaf/0x310 [ 69.085995][ T5085] vfs_write+0x790/0xb20 [ 69.092304][ T5093] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.096650][ T5085] ? file_end_write+0x250/0x250 [ 69.096688][ T5085] ? lockdep_hardirqs_on+0x98/0x140 [ 69.106796][ T5086] NILFS (loop2): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.110634][ T5085] ? __fdget_pos+0x265/0x2f0 [ 69.110660][ T5085] ksys_write+0x1a0/0x2c0 [ 69.110690][ T5085] ? __ia32_sys_read+0x90/0x90 [ 69.119146][ T5089] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.123606][ T5085] ? syscall_enter_from_user_mode+0x32/0x230 [ 69.123634][ T5085] ? syscall_enter_from_user_mode+0x8c/0x230 [ 69.123657][ T5085] do_syscall_64+0x41/0xc0 [ 69.123682][ T5085] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 69.123704][ T5085] RIP: 0033:0x7f417000db39 [ 69.136948][ T5087] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.141126][ T5085] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 69.141144][ T5085] RSP: 002b:00007ffd6c282ed8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 69.141168][ T5085] RAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f417000db39 [ 69.147997][ T4997] NILFS (loop4): discard dirty block: blocknr=18446744073709551615, size=1024 [ 69.155749][ T5085] RDX: 0000000000000018 RSI: 00000000200001c0 RDI: 0000000000000004 [ 69.155765][ T5085] RBP: 0000000000000000 R08: 00007ffd6c282f00 R09: 00007ffd6c282f00 [ 69.155778][ T5085] R10: 00007ffd6c282f00 R11: 0000000000000246 R12: 00007ffd6c282efc [ 69.155789][ T5085] R13: 00007ffd6c282f30 R14: 00007ffd6c282f10 R15: 0000000000000006 [ 69.155823][ T5085] [ 69.155833][ T5085] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 69.155841][ T5085] CPU: 1 PID: 5085 Comm: syz-executor134 Not tainted 6.4.0-rc5-syzkaller-00024-g5f63595ebd82 #0 [ 69.155858][ T5085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/25/2023 [ 69.155866][ T5085] Call Trace: [ 69.155873][ T5085] [ 69.155879][ T5085] dump_stack_lvl+0x1e7/0x2d0 [ 69.155909][ T5085] ? nf_tcp_handle_invalid+0x650/0x650 [ 69.155932][ T5085] ? panic+0x770/0x770 [ 69.155957][ T5085] ? vscnprintf+0x5d/0x80 [ 69.155978][ T5085] panic+0x30f/0x770 [ 69.155998][ T5085] ? __warn+0x171/0x4a0 [ 69.156020][ T5085] ? __memcpy_flushcache+0x2b0/0x2b0 [ 69.156054][ T5085] __warn+0x314/0x4a0 [ 69.156073][ T5085] ? mark_buffer_dirty+0x2dd/0x500 [ 69.156093][ T5085] report_bug+0x2b3/0x500 [ 69.156109][ T5085] ? mark_buffer_dirty+0x2dd/0x500 [ 69.156129][ T5085] handle_bug+0x3d/0x70 [ 69.156143][ T5085] exc_invalid_op+0x1a/0x50 [ 69.156158][ T5085] asm_exc_invalid_op+0x1a/0x20 [ 69.156175][ T5085] RIP: 0010:mark_buffer_dirty+0x2dd/0x500 [ 69.156191][ T5085] Code: df e8 57 0e e0 ff 48 8b 3b be 04 00 00 00 5b 41 5c 41 5e 41 5f 5d e9 22 69 fc ff e8 3d 39 88 ff e9 71 ff ff ff e8 33 39 88 ff <0f> 0b e9 6d fd ff ff e8 27 39 88 ff 0f 0b e9 96 fd ff ff e8 1b 39 [ 69.156204][ T5085] RSP: 0018:ffffc90003f5f810 EFLAGS: 00010293 [ 69.156220][ T5085] RAX: ffffffff820345fd RBX: ffff8880775fbb01 RCX: ffff888015f30000 [ 69.156231][ T5085] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 69.156240][ T5085] RBP: 0000000000000000 R08: ffffffff82034364 R09: ffffed100eeb48af [ 69.156251][ T5085] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8880775a4570 [ 69.156261][ T5085] R13: dffffc0000000000 R14: ffffc90003f5f880 R15: 1ffff920007ebf10 [ 69.156279][ T5085] ? mark_buffer_dirty+0x44/0x500 [ 69.156293][ T5085] ? mark_buffer_dirty+0x2dd/0x500 [ 69.156317][ T5085] __nilfs_mark_inode_dirty+0x105/0x280 [ 69.156343][ T5085] ? nilfs_inode_dirty+0x130/0x130 [ 69.156367][ T5085] ? nilfs_transaction_begin+0x4fc/0x6e0 [ 69.156393][ T5085] nilfs_dirty_inode+0x164/0x200 [ 69.156413][ T5085] ? do_raw_spin_unlock+0x13b/0x8b0 [ 69.156437][ T5085] ? __nilfs_mark_inode_dirty+0x280/0x280 [ 69.156462][ T5085] ? __mark_inode_dirty+0x7fb/0xd90 [ 69.156485][ T5085] ? __nilfs_mark_inode_dirty+0x280/0x280 [ 69.156508][ T5085] __mark_inode_dirty+0x305/0xd90 [ 69.156534][ T5085] generic_write_end+0x184/0x1e0 [ 69.156557][ T5085] nilfs_write_end+0x85/0xf0 [ 69.156581][ T5085] ? nilfs_write_begin+0x110/0x110 [ 69.156601][ T5085] generic_perform_write+0x3ed/0x5e0 [ 69.156631][ T5085] ? generic_file_direct_write+0x460/0x460 [ 69.156650][ T5085] ? generic_file_direct_write+0x40f/0x460 [ 69.156676][ T5085] __generic_file_write_iter+0x29b/0x400 [ 69.156701][ T5085] generic_file_write_iter+0xaf/0x310 [ 69.156722][ T5085] vfs_write+0x790/0xb20 [ 69.156752][ T5085] ? file_end_write+0x250/0x250 [ 69.156783][ T5085] ? lockdep_hardirqs_on+0x98/0x140 [ 69.156810][ T5085] ? __fdget_pos+0x265/0x2f0 [ 69.156828][ T5085] ksys_write+0x1a0/0x2c0 [ 69.156854][ T5085] ? __ia32_sys_read+0x90/0x90 [ 69.156876][ T5085] ? syscall_enter_from_user_mode+0x32/0x230 [ 69.156898][ T5085] ? syscall_enter_from_user_mode+0x8c/0x230 [ 69.156919][ T5085] do_syscall_64+0x41/0xc0 [ 69.156941][ T5085] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 69.156958][ T5085] RIP: 0033:0x7f417000db39 [ 69.156971][ T5085] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 11 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 [ 69.156983][ T5085] RSP: 002b:00007ffd6c282ed8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 69.156999][ T5085] RAX: ffffffffffffffda RBX: 0032656c69662f2e RCX: 00007f417000db39 [ 69.157011][ T5085] RDX: 0000000000000018 RSI: 00000000200001c0 RDI: 0000000000000004 [ 69.157020][ T5085] RBP: 0000000000000000 R08: 00007ffd6c282f00 R09: 00007ffd6c282f00 [ 69.157031][ T5085] R10: 00007ffd6c282f00 R11: 0000000000000246 R12: 00007ffd6c282efc [ 69.157041][ T5085] R13: 00007ffd6c282f30 R14: 00007ffd6c282f10 R15: 0000000000000006 [ 69.157066][ T5085] [ 69.161175][ T5085] Kernel Offset: disabled [ 69.807553][ T5085] Rebooting in 86400 seconds..