./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3752106918 <...> Warning: Permanently added '10.128.1.80' (ECDSA) to the list of known hosts. execve("./syz-executor3752106918", ["./syz-executor3752106918"], 0x7ffcc6b8d760 /* 10 vars */) = 0 brk(NULL) = 0x555555717000 brk(0x555555717d40) = 0x555555717d40 arch_prctl(ARCH_SET_FS, 0x555555717400) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555557176d0) = 291 set_robust_list(0x5555557176e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fdac2c759c0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fdac2c74f10}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fdac2c75a60, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fdac2c74f10}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3752106918", 4096) = 28 brk(0x555555738d40) = 0x555555738d40 brk(0x555555739000) = 0x555555739000 mprotect(0x7fdac2d37000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 rt_sigaction(SIGRTMIN, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x7fdac2c6f060, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fdac2c74f10}, NULL, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x7fdac2c6f060, sa_mask=[], sa_flags=SA_RESTORER|SA_NODEFER|SA_SIGINFO, sa_restorer=0x7fdac2c74f10}, NULL, 8) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557176d0) = 292 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557176d0) = 293 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557176d0) = 294 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557176d0) = 295 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557176d0) = 296 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557176d0) = 297 ./strace-static-x86_64: Process 296 attached [pid 296] set_robust_list(0x5555557176e0, 24) = 0 [pid 296] getpid(./strace-static-x86_64: Process 292 attached [pid 292] set_robust_list(0x5555557176e0, 24) = 0 [pid 292] getpid( [pid 296] <... getpid resumed>) = 296 [pid 296] mkdir("./syzkaller.5zvUKA", 0700) = 0 [pid 292] <... getpid resumed>) = 292 [pid 292] mkdir("./syzkaller.FcqGtf", 0700) = 0 [pid 292] chmod("./syzkaller.FcqGtf", 0777) = 0 [pid 296] chmod("./syzkaller.5zvUKA", 0777) = 0 [pid 296] chdir("./syzkaller.5zvUKA") = 0 [pid 296] mkdir("./0", 0777) = 0 [pid 292] chdir("./syzkaller.FcqGtf") = 0 [pid 292] mkdir("./0", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 292] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 292] ioctl(3, LOOP_CLR_FD [pid 296] ioctl(3, LOOP_CLR_FD [pid 292] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] close(3) = 0 [pid 292] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 300 attached [pid 296] <... clone resumed>, child_tidptr=0x5555557176d0) = 299 [pid 292] <... clone resumed>, child_tidptr=0x5555557176d0) = 300 ./strace-static-x86_64: Process 297 attached ./strace-static-x86_64: Process 293 attached [pid 300] set_robust_list(0x5555557176e0, 24./strace-static-x86_64: Process 299 attached [pid 299] set_robust_list(0x5555557176e0, 24 [pid 300] <... set_robust_list resumed>) = 0 [pid 299] <... set_robust_list resumed>) = 0 [pid 299] chdir("./0"./strace-static-x86_64: Process 295 attached ./strace-static-x86_64: Process 294 attached [pid 300] chdir("./0" [pid 297] set_robust_list(0x5555557176e0, 24 [pid 293] set_robust_list(0x5555557176e0, 24 [pid 299] <... chdir resumed>) = 0 [pid 299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 299] setpgid(0, 0) = 0 [pid 299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 299] write(3, "1000", 4) = 4 [pid 299] close(3) = 0 [pid 299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 299] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdac2c44000 [pid 299] mprotect(0x7fdac2c45000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 299] clone(child_stack=0x7fdac2c642f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[301], tls=0x7fdac2c64700, child_tidptr=0x7fdac2c649d0) = 301 [pid 299] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 301 attached [pid 301] set_robust_list(0x7fdac2c649e0, 24) = 0 [pid 301] memfd_create("syzkaller", 0) = 3 [pid 301] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdaba844000 [pid 301] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 301] munmap(0x7fdaba844000, 262144) = 0 [pid 301] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 21.186172][ T28] audit: type=1400 audit(1684920693.466:66): avc: denied { execmem } for pid=291 comm="syz-executor375" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 21.208519][ T28] audit: type=1400 audit(1684920693.466:67): avc: denied { read write } for pid=296 comm="syz-executor375" name="loop4" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 301] ioctl(4, LOOP_SET_FD, 3 [pid 300] <... chdir resumed>) = 0 [pid 297] <... set_robust_list resumed>) = 0 [pid 295] set_robust_list(0x5555557176e0, 24 [pid 294] set_robust_list(0x5555557176e0, 24 [pid 293] <... set_robust_list resumed>) = 0 [pid 301] <... ioctl resumed>) = 0 [pid 301] close(3) = 0 [pid 301] mkdir("./file0", 0777) = 0 [pid 301] mount("/dev/loop4", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 297] getpid( [pid 295] <... set_robust_list resumed>) = 0 [pid 294] <... set_robust_list resumed>) = 0 [pid 293] getpid( [pid 294] getpid( [pid 300] <... prctl resumed>) = 0 [pid 297] <... getpid resumed>) = 297 [pid 295] getpid( [pid 294] <... getpid resumed>) = 294 [pid 293] <... getpid resumed>) = 293 [pid 300] setpgid(0, 0) = 0 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 295] <... getpid resumed>) = 295 [pid 294] mkdir("./syzkaller.qaD0Fo", 0700 [pid 293] mkdir("./syzkaller.gVKU0k", 0700 [pid 300] <... openat resumed>) = 3 [pid 297] mkdir("./syzkaller.LB081C", 0700 [pid 295] mkdir("./syzkaller.8TNP5v", 0700 [pid 294] <... mkdir resumed>) = 0 [pid 293] <... mkdir resumed>) = 0 [pid 300] write(3, "1000", 4 [pid 297] <... mkdir resumed>) = 0 [pid 295] <... mkdir resumed>) = 0 [pid 300] <... write resumed>) = 4 [pid 297] chmod("./syzkaller.LB081C", 0777 [pid 295] chmod("./syzkaller.8TNP5v", 0777 [pid 294] chmod("./syzkaller.qaD0Fo", 0777 [pid 300] close(3 [pid 297] <... chmod resumed>) = 0 [pid 295] <... chmod resumed>) = 0 [pid 294] <... chmod resumed>) = 0 [pid 293] chmod("./syzkaller.gVKU0k", 0777 [pid 300] <... close resumed>) = 0 [pid 297] chdir("./syzkaller.LB081C" [pid 295] chdir("./syzkaller.8TNP5v" [pid 294] chdir("./syzkaller.qaD0Fo" [pid 293] <... chmod resumed>) = 0 [pid 300] symlink("/dev/binderfs", "./binderfs" [pid 297] <... chdir resumed>) = 0 [pid 295] <... chdir resumed>) = 0 [pid 294] <... chdir resumed>) = 0 [pid 293] chdir("./syzkaller.gVKU0k" [pid 300] <... symlink resumed>) = 0 [pid 297] mkdir("./0", 0777 [pid 295] mkdir("./0", 0777 [pid 294] mkdir("./0", 0777 [pid 293] <... chdir resumed>) = 0 [pid 300] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... mkdir resumed>) = 0 [pid 295] <... mkdir resumed>) = 0 [pid 294] <... mkdir resumed>) = 0 [pid 293] mkdir("./0", 0777 [pid 300] <... futex resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop5", O_RDWR [pid 295] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 294] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 293] <... mkdir resumed>) = 0 [pid 300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 297] <... openat resumed>) = 3 [pid 295] <... openat resumed>) = 3 [pid 294] <... openat resumed>) = 3 [pid 293] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 300] <... mmap resumed>) = 0x7fdac2c44000 [pid 297] ioctl(3, LOOP_CLR_FD [pid 295] ioctl(3, LOOP_CLR_FD [pid 294] ioctl(3, LOOP_CLR_FD [pid 293] <... openat resumed>) = 3 [pid 300] mprotect(0x7fdac2c45000, 131072, PROT_READ|PROT_WRITE [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 294] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 293] ioctl(3, LOOP_CLR_FD [pid 300] <... mprotect resumed>) = 0 [pid 297] close(3 [pid 295] close(3 [pid 294] close(3 [pid 293] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 300] clone(child_stack=0x7fdac2c642f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 297] <... close resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 294] <... close resumed>) = 0 [pid 293] close(3 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 293] <... close resumed>) = 0 [pid 300] <... clone resumed>, parent_tid=[304], tls=0x7fdac2c64700, child_tidptr=0x7fdac2c649d0) = 304 [pid 293] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 300] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... clone resumed>, child_tidptr=0x5555557176d0) = 307 [pid 295] <... clone resumed>, child_tidptr=0x5555557176d0) = 305 [pid 294] <... clone resumed>, child_tidptr=0x5555557176d0) = 306 [pid 300] <... futex resumed>) = 0 [pid 293] <... clone resumed>, child_tidptr=0x5555557176d0) = 308 [pid 300] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 308 attached [pid 308] set_robust_list(0x5555557176e0, 24) = 0 [pid 308] chdir("./0"./strace-static-x86_64: Process 304 attached ) = 0 [pid 304] set_robust_list(0x7fdac2c649e0, 24) = 0 [pid 304] memfd_create("syzkaller", 0 [pid 308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 308] setpgid(0, 0) = 0 [pid 304] <... memfd_create resumed>) = 3 [pid 308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 304] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdaba844000 [pid 308] <... openat resumed>) = 3 ./strace-static-x86_64: Process 307 attached [pid 307] set_robust_list(0x5555557176e0, 24 [pid 308] write(3, "1000", 4) = 4 [pid 308] close(3) = 0 [pid 307] <... set_robust_list resumed>) = 0 [ 21.230288][ T301] loop4: detected capacity change from 0 to 512 [ 21.233204][ T28] audit: type=1400 audit(1684920693.466:68): avc: denied { open } for pid=296 comm="syz-executor375" path="/dev/loop4" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 307] chdir("./0" [pid 308] symlink("/dev/binderfs", "./binderfs") = 0 [pid 307] <... chdir resumed>) = 0 [pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 308] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdac2c44000 [pid 307] setpgid(0, 0) = 0 [pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 308] mprotect(0x7fdac2c45000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 307] <... openat resumed>) = 3 [pid 308] clone(child_stack=0x7fdac2c642f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 307] write(3, "1000", 4) = 4 [pid 307] close(3) = 0 [pid 307] symlink("/dev/binderfs", "./binderfs") = 0 [pid 308] <... clone resumed>, parent_tid=[309], tls=0x7fdac2c64700, child_tidptr=0x7fdac2c649d0) = 309 [pid 308] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 309 attached ./strace-static-x86_64: Process 306 attached ./strace-static-x86_64: Process 305 attached [pid 308] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 307] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 307] <... futex resumed>) = 0 [pid 305] set_robust_list(0x5555557176e0, 24) = 0 [pid 309] set_robust_list(0x7fdac2c649e0, 24 [pid 306] set_robust_list(0x5555557176e0, 24 [pid 309] <... set_robust_list resumed>) = 0 [pid 307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 306] <... set_robust_list resumed>) = 0 [pid 305] chdir("./0" [pid 309] memfd_create("syzkaller", 0 [pid 307] <... mmap resumed>) = 0x7fdac2c44000 [pid 306] chdir("./0" [pid 305] <... chdir resumed>) = 0 [pid 309] <... memfd_create resumed>) = 3 [pid 307] mprotect(0x7fdac2c45000, 131072, PROT_READ|PROT_WRITE [pid 306] <... chdir resumed>) = 0 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 304] <... write resumed>) = 262144 [pid 309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 307] <... mprotect resumed>) = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 305] <... prctl resumed>) = 0 [pid 307] clone(child_stack=0x7fdac2c642f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[312], tls=0x7fdac2c64700, child_tidptr=0x7fdac2c649d0) = 312 [pid 307] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 304] munmap(0x7fdaba844000, 262144 [pid 309] <... mmap resumed>) = 0x7fdaba844000 [pid 306] <... prctl resumed>) = 0 [pid 305] setpgid(0, 0 [pid 304] <... munmap resumed>) = 0 [pid 305] <... setpgid resumed>) = 0 [pid 304] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 304] ioctl(4, LOOP_SET_FD, 3 [pid 309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 306] setpgid(0, 0 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 306] <... setpgid resumed>) = 0 [pid 305] <... openat resumed>) = 3 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 305] write(3, "1000", 4 [pid 306] <... openat resumed>) = 3 [pid 305] <... write resumed>) = 4 [pid 309] <... write resumed>) = 262144 [pid 306] write(3, "1000", 4 [pid 305] close(3 [pid 306] <... write resumed>) = 4 [pid 309] munmap(0x7fdaba844000, 262144 [pid 306] close(3 [pid 305] <... close resumed>) = 0 [pid 306] <... close resumed>) = 0 [pid 305] symlink("/dev/binderfs", "./binderfs" [pid 306] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 312 attached [pid 305] <... symlink resumed>) = 0 [pid 312] set_robust_list(0x7fdac2c649e0, 24 [pid 306] <... symlink resumed>) = 0 [pid 305] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... set_robust_list resumed>) = 0 [pid 309] <... munmap resumed>) = 0 [pid 306] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 312] memfd_create("syzkaller", 0 [pid 309] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 306] <... futex resumed>) = 0 [pid 305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 312] <... memfd_create resumed>) = 3 [pid 309] <... openat resumed>) = 4 [pid 306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 305] <... mmap resumed>) = 0x7fdac2c44000 [pid 312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 309] ioctl(4, LOOP_SET_FD, 3 [pid 306] <... mmap resumed>) = 0x7fdac2c44000 [pid 305] mprotect(0x7fdac2c45000, 131072, PROT_READ|PROT_WRITE [pid 312] <... mmap resumed>) = 0x7fdaba844000 [pid 306] mprotect(0x7fdac2c45000, 131072, PROT_READ|PROT_WRITE [pid 305] <... mprotect resumed>) = 0 [pid 312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 312] munmap(0x7fdaba844000, 262144) = 0 [pid 312] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 4 [ 21.263397][ T28] audit: type=1400 audit(1684920693.466:69): avc: denied { ioctl } for pid=292 comm="syz-executor375" path="/dev/loop0" dev="devtmpfs" ino=113 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 21.305680][ T301] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 21.305998][ T304] loop0: detected capacity change from 0 to 512 [ 21.324259][ T309] loop1: detected capacity change from 0 to 512 [pid 312] ioctl(4, LOOP_SET_FD, 3 [pid 306] <... mprotect resumed>) = 0 [pid 305] clone(child_stack=0x7fdac2c642f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 306] clone(child_stack=0x7fdac2c642f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 309] <... ioctl resumed>) = 0 [pid 309] close(3) = 0 [pid 309] mkdir("./file0", 0777) = 0 [pid 309] mount("/dev/loop1", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 304] <... ioctl resumed>) = 0 [pid 304] close(3) = 0 [pid 304] mkdir("./file0", 0777) = 0 [pid 304] mount("/dev/loop0", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 306] <... clone resumed>, parent_tid=[314], tls=0x7fdac2c64700, child_tidptr=0x7fdac2c649d0) = 314 [pid 305] <... clone resumed>, parent_tid=[313], tls=0x7fdac2c64700, child_tidptr=0x7fdac2c649d0) = 313 [pid 306] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 314 attached ./strace-static-x86_64: Process 313 attached [pid 312] <... ioctl resumed>) = 0 [pid 306] <... futex resumed>) = 0 [pid 305] <... futex resumed>) = 0 [pid 314] set_robust_list(0x7fdac2c649e0, 24 [pid 313] set_robust_list(0x7fdac2c649e0, 24 [pid 312] close(3 [pid 306] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 305] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 314] <... set_robust_list resumed>) = 0 [pid 313] <... set_robust_list resumed>) = 0 [pid 312] <... close resumed>) = 0 [pid 314] memfd_create("syzkaller", 0 [pid 313] memfd_create("syzkaller", 0 [pid 312] mkdir("./file0", 0777 [pid 314] <... memfd_create resumed>) = 3 [pid 313] <... memfd_create resumed>) = 3 [pid 312] <... mkdir resumed>) = 0 [pid 314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 312] mount("/dev/loop5", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 314] <... mmap resumed>) = 0x7fdaba844000 [pid 313] <... mmap resumed>) = 0x7fdaba844000 [pid 313] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144 [pid 313] <... write resumed>) = 262144 [pid 313] munmap(0x7fdaba844000, 262144) = 0 [pid 313] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 313] ioctl(4, LOOP_SET_FD, 3 [pid 314] <... write resumed>) = 262144 [pid 314] munmap(0x7fdaba844000, 262144) = 0 [pid 314] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 314] ioctl(4, LOOP_SET_FD, 3 [pid 313] <... ioctl resumed>) = 0 [ 21.330505][ T28] audit: type=1400 audit(1684920693.526:70): avc: denied { mounton } for pid=299 comm="syz-executor375" path="/root/syzkaller.5zvUKA/0/file0" dev="sda1" ino=1932 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 21.331056][ T301] System zones: [ 21.355425][ T312] loop5: detected capacity change from 0 to 512 [ 21.361871][ T301] 0-2, 18-18, 34-34 [ 21.375283][ T313] loop3: detected capacity change from 0 to 512 [pid 314] <... ioctl resumed>) = 0 [pid 314] close(3) = 0 [pid 314] mkdir("./file0", 0777) = 0 [pid 314] mount("/dev/loop2", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 313] close(3) = 0 [pid 313] mkdir("./file0", 0777) = 0 [ 21.378364][ T314] loop2: detected capacity change from 0 to 512 [ 21.382628][ T312] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 21.395370][ T301] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3789: comm syz-executor375: Allocating blocks 41-42 which overlap fs metadata [ 21.395714][ T304] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 21.417336][ T312] System zones: 0-2, 18-18, 34-34 [ 21.419607][ T304] System zones: 0-2, 18-18, 34-34 [ 21.424015][ T312] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3789: comm syz-executor375: Allocating blocks 41-42 which overlap fs metadata [ 21.428682][ T309] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 21.442751][ T312] Quota error (device loop5): write_blk: dquota write failed [ 21.449546][ T304] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3789: comm syz-executor375: Allocating blocks 41-42 which overlap fs metadata [ 21.457503][ T301] Quota error (device loop4): write_blk: dquota write failed [ 21.470485][ T312] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 21.478236][ T313] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 21.487331][ T304] Quota error (device loop0): write_blk: dquota write failed [ 21.495093][ T313] System zones: 0-2, 18-18, 34-34 [ 21.504623][ T304] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 21.508472][ T313] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3789: comm syz-executor375: Allocating blocks 41-42 which overlap fs metadata [ 21.531111][ T314] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 21.539324][ T314] System zones: 0-2, 18-18, 34-34 [ 21.544718][ T313] EXT4-fs (loop3): 1 truncate cleaned up [ 21.544909][ T309] System zones: [ 21.550528][ T313] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 21.551172][ T301] EXT4-fs (loop4): 1 truncate cleaned up [ 21.554144][ T313] ext4 filesystem being mounted at /root/syzkaller.8TNP5v/0/file0 supports timestamps until 2038 (0x7fffffff) [ 21.563152][ T309] 0-2 [ 21.582422][ T312] EXT4-fs (loop5): 1 truncate cleaned up [pid 313] mount("/dev/loop3", "./file0", "ext4", MS_NODEV, ",errors=continue") = 0 [pid 312] <... mount resumed>) = 0 [pid 312] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 312] chdir("./file0") = 0 [pid 312] ioctl(4, LOOP_CLR_FD) = 0 [pid 312] close(4) = 0 [pid 312] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 21.582512][ T314] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3789: comm syz-executor375: Allocating blocks 41-42 which overlap fs metadata [ 21.587873][ T312] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 21.587950][ T312] ext4 filesystem being mounted at /root/syzkaller.LB081C/0/file0 supports timestamps until 2038 (0x7fffffff) [ 21.602981][ T304] EXT4-fs (loop0): 1 truncate cleaned up [ 21.610678][ T301] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [pid 312] futex(0x7fdac2d3d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 313] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 307] <... futex resumed>) = 0 [pid 301] <... mount resumed>) = 0 [pid 301] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 301] chdir("./file0") = 0 [pid 301] ioctl(4, LOOP_CLR_FD) = 0 [pid 301] close(4) = 0 [pid 301] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... futex resumed>) = 0 [pid 299] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... futex resumed>) = 1 [pid 301] fspick(AT_FDCWD, ".", 0) = 4 [pid 301] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... futex resumed>) = 0 [pid 299] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... futex resumed>) = 1 [pid 301] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 301] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... futex resumed>) = 0 [pid 299] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... futex resumed>) = 1 [pid 301] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0) = 0 [pid 301] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... futex resumed>) = 0 [pid 299] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... futex resumed>) = 1 [pid 301] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 313] <... openat resumed>) = 3 [pid 307] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] chdir("./file0" [pid 307] <... futex resumed>) = 1 [pid 312] <... futex resumed>) = 0 [pid 312] fspick(AT_FDCWD, ".", 0) = 4 [pid 312] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7fdac2d3d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] <... mount resumed>) = 0 [pid 304] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 304] chdir("./file0") = 0 [pid 304] ioctl(4, LOOP_CLR_FD) = 0 [pid 304] close(4) = 0 [pid 304] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 304] futex(0x7fdac2d3d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 313] <... chdir resumed>) = 0 [pid 307] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] <... futex resumed>) = 0 [pid 307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] <... futex resumed>) = 1 [pid 312] <... futex resumed>) = 0 [pid 307] <... futex resumed>) = 1 [pid 300] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 312] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 307] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 312] <... socket resumed>) = 5 [pid 312] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 307] <... futex resumed>) = 0 [pid 312] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 307] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... fsconfig resumed>) = 0 [pid 307] <... futex resumed>) = 0 [pid 312] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 312] <... futex resumed>) = 0 [pid 307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 312] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 307] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 21.622144][ T309] , 18-18 [ 21.633182][ T301] ext4 filesystem being mounted at /root/syzkaller.5zvUKA/0/file0 supports timestamps until 2038 (0x7fffffff) [ 21.645948][ T304] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 21.651504][ T314] EXT4-fs (loop2): 1 truncate cleaned up [ 21.659446][ T309] , 34-34 [ 21.664533][ T304] ext4 filesystem being mounted at /root/syzkaller.FcqGtf/0/file0 supports timestamps until 2038 (0x7fffffff) [ 21.664883][ T314] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [pid 307] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 313] ioctl(4, LOOP_CLR_FD) = 0 [pid 299] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 313] close(4 [pid 299] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0} [pid 313] <... close resumed>) = 0 [pid 299] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 313] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] futex(0x7fdac2d3d7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... futex resumed>) = 1 [pid 305] <... futex resumed>) = 0 [pid 299] <... futex resumed>) = 0 [pid 313] fspick(AT_FDCWD, ".", 0 [pid 305] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 313] <... fspick resumed>) = 4 [pid 305] <... futex resumed>) = 0 [pid 299] <... mmap resumed>) = 0x7fdaba863000 [pid 313] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] mprotect(0x7fdaba864000, 131072, PROT_READ|PROT_WRITE [pid 313] <... futex resumed>) = 0 [pid 305] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] <... mprotect resumed>) = 0 [pid 313] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 305] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] clone(child_stack=0x7fdaba8832f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 329 attached [pid 314] <... mount resumed>) = 0 [pid 313] <... socket resumed>) = 5 [pid 305] <... futex resumed>) = 0 [pid 304] <... futex resumed>) = 0 [pid 314] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 313] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 313] <... futex resumed>) = 0 [pid 305] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 304] fspick(AT_FDCWD, ".", 0 [pid 299] <... clone resumed>, parent_tid=[329], tls=0x7fdaba883700, child_tidptr=0x7fdaba8839d0) = 329 [pid 314] <... openat resumed>) = 3 [pid 305] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] futex(0x7fdac2d3d7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 304] <... fspick resumed>) = 4 [pid 314] chdir("./file0" [pid 313] <... fsconfig resumed>) = 0 [pid 304] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... futex resumed>) = 0 [pid 313] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] futex(0x7fdac2d3d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] <... chdir resumed>) = 0 [pid 313] <... futex resumed>) = 1 [pid 305] <... futex resumed>) = 0 [pid 304] <... futex resumed>) = 1 [pid 300] <... futex resumed>) = 0 [pid 305] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 300] <... futex resumed>) = 0 [pid 305] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 300] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 301] <... fsconfig resumed>) = 0 [pid 301] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 301] futex(0x7fdac2d3d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 329] set_robust_list(0x7fdaba8839e0, 24) = 0 [pid 329] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 314] ioctl(4, LOOP_CLR_FD [pid 313] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 312] <... fsconfig resumed>) = 0 [pid 304] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 314] <... ioctl resumed>) = 0 [ 21.673838][ T309] [ 21.679052][ T314] ext4 filesystem being mounted at /root/syzkaller.qaD0Fo/0/file0 supports timestamps until 2038 (0x7fffffff) [ 21.702300][ T301] EXT4-fs (loop4): re-mounted. Quota mode: writeback. [ 21.715469][ T312] EXT4-fs (loop5): re-mounted. Quota mode: writeback. [ 21.719635][ T329] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended [pid 314] close(4 [pid 312] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 304] <... socket resumed>) = 5 [pid 307] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] <... close resumed>) = 0 [pid 312] <... futex resumed>) = 1 [pid 307] <... futex resumed>) = 0 [pid 304] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=43000000} [pid 314] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 306] <... futex resumed>) = 0 [pid 314] fspick(AT_FDCWD, ".", 0 [pid 306] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... fspick resumed>) = 4 [pid 306] <... futex resumed>) = 0 [pid 314] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] <... futex resumed>) = 0 [pid 306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 314] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE [pid 312] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 306] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 1 [pid 300] <... futex resumed>) = 0 [pid 314] <... socket resumed>) = 5 [pid 306] <... futex resumed>) = 0 [pid 314] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 313] <... fsconfig resumed>) = 0 [pid 306] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 300] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 304] <... fsconfig resumed>) = 0 [pid 300] <... futex resumed>) = 0 [pid 314] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 306] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] <... fsconfig resumed>) = 0 [pid 306] <... futex resumed>) = 0 [pid 304] <... futex resumed>) = 0 [pid 300] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 314] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 300] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] <... futex resumed>) = 0 [pid 306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] <... futex resumed>) = 0 [pid 314] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 306] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... futex resumed>) = 0 [pid 306] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 313] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 313] <... futex resumed>) = 1 [pid 313] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 299] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 21.731879][ T309] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3789: comm syz-executor375: Allocating blocks 41-42 which overlap fs metadata [ 21.732648][ T329] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 21.754027][ T313] EXT4-fs (loop3): re-mounted. Quota mode: writeback. [ 21.761776][ T312] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended [ 21.767215][ T313] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 21.771534][ T309] EXT4-fs (loop1): 1 truncate cleaned up [pid 299] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 309] <... mount resumed>) = 0 [pid 307] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 306] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 305] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 301] <... futex resumed>) = 0 [pid 300] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 299] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] futex(0x7fdac2d3d7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] futex(0x7fdac2d3d7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] futex(0x7fdac2d3d7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 300] futex(0x7fdac2d3d7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = 0 [pid 306] <... futex resumed>) = 0 [pid 305] <... futex resumed>) = 0 [pid 300] <... futex resumed>) = 0 [pid 307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [ 21.785056][ T313] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 21.786295][ T309] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 21.794782][ T312] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 21.803007][ T309] ext4 filesystem being mounted at /root/syzkaller.gVKU0k/0/file0 supports timestamps until 2038 (0x7fffffff) [ 21.811383][ T304] EXT4-fs (loop0): re-mounted. Quota mode: writeback. [pid 300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 307] <... mmap resumed>) = 0x7fdaba863000 [pid 306] <... mmap resumed>) = 0x7fdaba863000 [pid 305] <... mmap resumed>) = 0x7fdaba863000 [pid 301] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 300] <... mmap resumed>) = 0x7fdaba863000 [pid 309] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 309] chdir("./file0") = 0 [pid 309] ioctl(4, LOOP_CLR_FD) = 0 [pid 309] close(4) = 0 [pid 309] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 307] mprotect(0x7fdaba864000, 131072, PROT_READ|PROT_WRITE [pid 306] mprotect(0x7fdaba864000, 131072, PROT_READ|PROT_WRITE [pid 305] mprotect(0x7fdaba864000, 131072, PROT_READ|PROT_WRITE [pid 300] mprotect(0x7fdaba864000, 131072, PROT_READ|PROT_WRITE [pid 308] <... futex resumed>) = 0 [pid 305] <... mprotect resumed>) = 0 [pid 306] <... mprotect resumed>) = 0 [pid 300] <... mprotect resumed>) = 0 [pid 307] <... mprotect resumed>) = 0 [pid 308] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] clone(child_stack=0x7fdaba8832f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 306] clone(child_stack=0x7fdaba8832f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 305] clone(child_stack=0x7fdaba8832f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 300] clone(child_stack=0x7fdaba8832f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 301] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 334 attached ./strace-static-x86_64: Process 332 attached [pid 329] <... fsconfig resumed>) = 0 [pid 307] <... clone resumed>, parent_tid=[332], tls=0x7fdaba883700, child_tidptr=0x7fdaba8839d0) = 332 [pid 306] <... clone resumed>, parent_tid=[333], tls=0x7fdaba883700, child_tidptr=0x7fdaba8839d0) = 333 [pid 301] <... futex resumed>) = 1 [pid 299] <... futex resumed>) = 0 [pid 334] set_robust_list(0x7fdaba8839e0, 24 [pid 332] set_robust_list(0x7fdaba8839e0, 24 [pid 329] futex(0x7fdac2d3d7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] futex(0x7fdac2d3d7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] futex(0x7fdac2d3d7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... clone resumed>, parent_tid=[334], tls=0x7fdaba883700, child_tidptr=0x7fdaba8839d0) = 334 [pid 301] futex(0x7fdac2d3d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] <... clone resumed>, parent_tid=[335], tls=0x7fdaba883700, child_tidptr=0x7fdaba8839d0) = 335 [pid 299] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] <... set_robust_list resumed>) = 0 [pid 332] <... set_robust_list resumed>) = 0 [pid 329] <... futex resumed>) = 0 [pid 307] <... futex resumed>) = 0 [pid 306] <... futex resumed>) = 0 [pid 305] futex(0x7fdac2d3d7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... fsconfig resumed>) = 0 [pid 301] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 334] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 332] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 329] futex(0x7fdac2d3d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 307] futex(0x7fdac2d3d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] futex(0x7fdac2d3d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 0 [pid 304] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 301] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 300] futex(0x7fdac2d3d7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... futex resumed>) = 0 [pid 305] futex(0x7fdac2d3d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] <... futex resumed>) = 0 [pid 309] fspick(AT_FDCWD, ".", 0) = 4 [pid 309] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 309] futex(0x7fdac2d3d7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 333 attached ./strace-static-x86_64: Process 335 attached [pid 335] set_robust_list(0x7fdaba8839e0, 24 [pid 333] set_robust_list(0x7fdaba8839e0, 24 [pid 335] <... set_robust_list resumed>) = 0 [pid 333] <... set_robust_list resumed>) = 0 [pid 335] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [ 21.824877][ T301] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3789: comm syz-executor375: Allocating blocks 41-42 which overlap fs metadata [ 21.828366][ T314] EXT4-fs (loop2): re-mounted. Quota mode: writeback. [ 21.843099][ T329] EXT4-fs (loop4): re-mounted. Quota mode: writeback. [ 21.858963][ T301] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3789: comm syz-executor375: Allocating blocks 41-42 which overlap fs metadata [ 21.861516][ T335] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [pid 333] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 334] <... openat resumed>) = 6 [pid 332] <... openat resumed>) = 6 [pid 314] <... fsconfig resumed>) = 0 [pid 308] <... futex resumed>) = 0 [pid 304] futex(0x7fdac2d3d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 300] <... futex resumed>) = 0 [pid 299] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 332] futex(0x7fdac2d3d7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] futex(0x7fdac2d3d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] futex(0x7fdac2d3d7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 1 [pid 308] <... futex resumed>) = 1 [pid 307] <... futex resumed>) = 0 [pid 334] <... futex resumed>) = 1 [pid 332] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 308] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] futex(0x7fdac2d3d7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 334] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 332] <... openat resumed>) = 7 [pid 307] <... futex resumed>) = 0 [pid 305] futex(0x7fdac2d3d7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] <... openat resumed>) = 7 [pid 332] futex(0x7fdac2d3d7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] futex(0x7fdac2d3d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] <... futex resumed>) = 0 [pid 334] futex(0x7fdac2d3d7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 332] <... futex resumed>) = 0 [pid 307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 305] futex(0x7fdac2d3d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 0 [pid 332] futex(0x7fdac2d3d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 305] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 334] futex(0x7fdac2d3d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... futex resumed>) = 0 [pid 299] exit_group(0 [pid 329] <... futex resumed>) = ? [pid 299] <... exit_group resumed>) = ? [pid 329] +++ exited with 0 +++ [pid 301] <... futex resumed>) = ? [pid 314] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7fdac2d3d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 301] +++ exited with 0 +++ [pid 299] +++ exited with 0 +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=299, si_uid=0, si_status=0, si_utime=0, si_stime=19} --- [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 309] <... futex resumed>) = 0 [pid 296] <... restart_syscall resumed>) = 0 [pid 309] socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE) = 5 [pid 309] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 309] <... futex resumed>) = 1 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 309] futex(0x7fdac2d3d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 296] getdents64(3, 0x555555718720 /* 4 entries */, 32768) = 112 [pid 296] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 296] unlink("./0/binderfs") = 0 [pid 296] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 308] <... futex resumed>) = 0 [pid 312] <... fsconfig resumed>) = 0 [pid 312] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 312] futex(0x7fdac2d3d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 307] exit_group(0 [pid 312] <... futex resumed>) = ? [pid 307] <... exit_group resumed>) = ? [pid 312] +++ exited with 0 +++ [ 21.882617][ T333] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 21.885702][ T301] syz-executor375 (301) used greatest stack depth: 21032 bytes left [ 21.898080][ T312] EXT4-fs (loop5): re-mounted. Quota mode: writeback. [ 21.899944][ T313] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3789: comm syz-executor375: Allocating blocks 41-42 which overlap fs metadata [ 21.909819][ T296] EXT4-fs (loop4): unmounting filesystem. [ 21.921489][ T313] EXT4-fs (loop3): re-mounted. Quota mode: writeback. [pid 332] <... futex resumed>) = ? [pid 313] <... fsconfig resumed>) = 0 [pid 308] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 300] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 332] +++ exited with 0 +++ [pid 307] +++ exited with 0 +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=307, si_uid=0, si_status=0, si_utime=0, si_stime=16} --- [pid 297] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 297] getdents64(3, 0x555555718720 /* 4 entries */, 32768) = 112 [pid 297] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 297] unlink("./0/binderfs") = 0 [pid 297] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 313] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7fdac2d3d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] <... futex resumed>) = 0 [pid 308] <... futex resumed>) = 1 [pid 309] fsconfig(4, FSCONFIG_SET_FLAG, "ro", NULL, 0 [pid 308] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... fsconfig resumed>) = 0 [pid 309] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 308] <... futex resumed>) = 0 [pid 305] exit_group(0 [pid 300] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 334] <... futex resumed>) = ? [pid 313] <... futex resumed>) = ? [pid 309] futex(0x7fdac2d3d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 308] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... exit_group resumed>) = ? [pid 304] <... futex resumed>) = 0 [pid 300] <... futex resumed>) = 1 [pid 334] +++ exited with 0 +++ [pid 314] <... futex resumed>) = 0 [pid 306] <... futex resumed>) = 1 [pid 304] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 300] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 306] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] <... openat resumed>) = 6 [pid 314] <... openat resumed>) = 6 [pid 304] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 1 [pid 300] <... futex resumed>) = 0 [pid 314] <... futex resumed>) = 1 [pid 306] <... futex resumed>) = 0 [pid 304] futex(0x7fdac2d3d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] futex(0x7fdac2d3d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 306] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] <... futex resumed>) = 0 [pid 314] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 306] <... futex resumed>) = 0 [pid 304] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 300] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 306] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] <... openat resumed>) = 7 [pid 314] <... openat resumed>) = 7 [pid 304] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 314] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 1 [pid 300] <... futex resumed>) = 0 [pid 314] <... futex resumed>) = 1 [pid 306] <... futex resumed>) = 0 [pid 304] futex(0x7fdac2d3d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 314] futex(0x7fdac2d3d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 313] +++ exited with 0 +++ [pid 309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 309] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] +++ exited with 0 +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=305, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 295] getdents64(3, 0x555555718720 /* 4 entries */, 32768) = 112 [pid 295] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 295] unlink("./0/binderfs") = 0 [pid 295] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 309] <... fsconfig resumed>) = 0 [pid 309] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 309] futex(0x7fdac2d3d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 308] <... futex resumed>) = 0 [pid 308] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 308] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... futex resumed>) = 0 [pid 309] fsconfig(4, FSCONFIG_CMD_RECONFIGURE, NULL, NULL, 0 [pid 333] <... fsconfig resumed>) = 0 [pid 333] futex(0x7fdac2d3d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7fdac2d3d7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 306] exit_group(0) = ? [pid 333] <... futex resumed>) = ? [pid 333] +++ exited with 0 +++ [ 21.925637][ T333] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 21.939283][ T335] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 21.949527][ T297] EXT4-fs (loop5): unmounting filesystem. [ 21.958605][ T309] EXT4-fs (loop1): re-mounted. Quota mode: writeback. [ 21.965426][ T333] EXT4-fs (loop2): re-mounted. Quota mode: writeback. [ 21.969371][ T309] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [pid 314] <... futex resumed>) = ? [pid 314] +++ exited with 0 +++ [pid 306] +++ exited with 0 +++ [pid 294] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=306, si_uid=0, si_status=0, si_utime=0, si_stime=15} --- [pid 294] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 294] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 294] getdents64(3, 0x555555718720 /* 4 entries */, 32768) = 112 [pid 294] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 294] lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 294] unlink("./0/binderfs") = 0 [pid 294] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 296] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 296] getdents64(4, 0x555555720760 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x555555720760 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./0/file0") = 0 [pid 296] getdents64(3, 0x555555718720 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./0") = 0 [pid 296] mkdir("./1", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555557176d0) = 339 [pid 308] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 308] futex(0x7fdac2d3d7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdaba863000 [pid 308] mprotect(0x7fdaba864000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 308] clone(child_stack=0x7fdaba8832f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[340], tls=0x7fdaba883700, child_tidptr=0x7fdaba8839d0) = 340 [pid 308] futex(0x7fdac2d3d7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 308] futex(0x7fdac2d3d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 340 attached ./strace-static-x86_64: Process 339 attached [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 297] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 297] getdents64(4, 0x555555720760 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x555555720760 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./0/file0" [pid 340] set_robust_list(0x7fdaba8839e0, 24 [pid 339] set_robust_list(0x5555557176e0, 24 [pid 297] <... rmdir resumed>) = 0 [ 21.982016][ T309] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002] [ 21.990466][ T335] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3789: comm syz-executor375: Allocating blocks 41-42 which overlap fs metadata [ 21.995009][ T295] EXT4-fs (loop3): unmounting filesystem. [ 22.010879][ T294] EXT4-fs (loop2): unmounting filesystem. [ 22.030503][ T335] EXT4-fs (loop0): re-mounted. Quota mode: writeback. [pid 340] <... set_robust_list resumed>) = 0 [pid 339] <... set_robust_list resumed>) = 0 [pid 335] <... fsconfig resumed>) = 0 [pid 297] getdents64(3, 0x555555718720 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./0") = 0 [pid 297] mkdir("./1", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop5", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3 [pid 340] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 339] chdir("./1" [pid 335] futex(0x7fdac2d3d7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... fsconfig resumed>) = 0 [pid 339] <... chdir resumed>) = 0 [pid 335] <... futex resumed>) = 0 [pid 309] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 300] exit_group(0 [pid 297] <... close resumed>) = 0 [pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 309] <... futex resumed>) = 0 [pid 304] <... futex resumed>) = ? [pid 300] <... exit_group resumed>) = ? [pid 339] <... prctl resumed>) = 0 [pid 335] +++ exited with 0 +++ [pid 309] futex(0x7fdac2d3d7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 339] setpgid(0, 0) = 0 [pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 339] write(3, "1000", 4) = 4 [pid 339] close(3) = 0 [pid 339] symlink("/dev/binderfs", "./binderfs") = 0 [pid 339] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fdac2c44000 [pid 339] mprotect(0x7fdac2c45000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 339] clone(child_stack=0x7fdac2c642f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[342], tls=0x7fdac2c64700, child_tidptr=0x7fdac2c649d0) = 342 [pid 339] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 339] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 342 attached [pid 304] +++ exited with 0 +++ [pid 300] +++ exited with 0 +++ [pid 342] set_robust_list(0x7fdac2c649e0, 24 [pid 292] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=300, si_uid=0, si_status=0, si_utime=0, si_stime=19} --- [pid 292] restart_syscall(<... resuming interrupted clone ...> [pid 342] <... set_robust_list resumed>) = 0 [pid 292] <... restart_syscall resumed>) = 0 [pid 292] umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 294] <... umount2 resumed>) = 0 [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 292] fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 342] memfd_create("syzkaller", 0 [pid 292] getdents64(3, 0x555555718720 /* 4 entries */, 32768) = 112 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 294] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 292] umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 294] lstat("./0/file0", [pid 292] lstat("./0/binderfs", [pid 294] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 292] <... lstat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 [pid 294] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 292] unlink("./0/binderfs" [pid 294] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 342] <... memfd_create resumed>) = 3 [pid 294] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 292] <... unlink resumed>) = 0 [pid 294] <... openat resumed>) = 4 [pid 292] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 294] fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fdaba844000 [pid 308] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 308] futex(0x7fdac2d3d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 308] futex(0x7fdac2d3d7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 308] futex(0x7fdac2d3d7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = 0 [pid 308] <... futex resumed>) = 1 [pid 309] openat(AT_FDCWD, "freezer.self_freezing", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 308] futex(0x7fdac2d3d7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 262144) = 262144 [pid 342] munmap(0x7fdaba844000, 262144) = 0 [pid 342] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 342] ioctl(4, LOOP_SET_FD, 3 [pid 294] getdents64(4, [pid 297] <... clone resumed>, child_tidptr=0x5555557176d0) = 343 [pid 294] <... getdents64 resumed>0x555555720760 /* 2 entries */, 32768) = 48 [pid 294] getdents64(4, 0x555555720760 /* 0 entries */, 32768) = 0 [pid 294] close(4) = 0 [ 22.037549][ T309] EXT4-fs (loop1): re-mounted. Quota mode: writeback. [ 22.047074][ T340] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3789: comm syz-executor375: Allocating blocks 41-42 which overlap fs metadata [ 22.075194][ T292] EXT4-fs (loop0): unmounting filesystem. [ 22.080094][ T342] loop4: detected capacity change from 0 to 512 [pid 294] rmdir("./0/file0"./strace-static-x86_64: Process 343 attached [pid 342] <... ioctl resumed>) = 0 [pid 340] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 295] <... umount2 resumed>) = 0 [pid 294] <... rmdir resumed>) = 0 [pid 295] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 294] getdents64(3, [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 294] <... getdents64 resumed>0x555555718720 /* 0 entries */, 32768) = 0 [pid 295] lstat("./0/file0", [pid 294] close(3 [pid 295] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 294] <... close resumed>) = 0 [pid 295] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 294] rmdir("./0" [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 294] <... rmdir resumed>) = 0 [pid 295] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 294] mkdir("./1", 0777 [pid 295] <... openat resumed>) = 4 [pid 294] <... mkdir resumed>) = 0 [pid 295] fstat(4, [pid 294] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 295] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 294] <... openat resumed>) = 3 [pid 295] getdents64(4, [pid 294] ioctl(3, LOOP_CLR_FD [pid 295] <... getdents64 resumed>0x555555720760 /* 2 entries */, 32768) = 48 [pid 294] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] getdents64(4, [pid 294] close(3 [pid 343] set_robust_list(0x5555557176e0, 24 [pid 342] close(3 [pid 340] futex(0x7fdac2d3d7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... openat resumed>) = -1 EUCLEAN (Structure needs cleaning) [pid 295] <... getdents64 resumed>0x555555720760 /* 0 entries */, 32768) = 0 [pid 294] <... close resumed>) = 0 [pid 295] close(4 [pid 342] <... close resumed>) = 0 [pid 342] mkdir("./file0", 0777) = 0 [pid 295] <... close resumed>) = 0 [pid 294] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] <... umount2 resumed>) = 0 [pid 295] rmdir("./0/file0" [pid 342] mount("/dev/loop4", "./file0", "ext4", MS_NODEV, ",errors=continue" [pid 295] <... rmdir resumed>) = 0 [pid 292] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 309] futex(0x7fdac2d3d7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 308] <... futex resumed>) = 0 [pid 295] getdents64(3, [pid 308] exit_group(0 [pid 294] <... clone resumed>, child_tidptr=0x5555557176d0) = 344 [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 308] <... exit_group resumed>) = ? [pid 295] <... getdents64 resumed>0x555555718720 /* 0 entries */, 32768) = 0 [pid 292] lstat("./0/file0", [pid 295] close(3) = 0 [pid 292] <... lstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 295] rmdir("./0" [pid 309] <... futex resumed>) = ? [pid 309] +++ exited with 0 +++ [pid 295] <... rmdir resumed>) = 0 [pid 292] umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW [pid 295] mkdir("./1", 0777 [pid 292] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 343] <... set_robust_list resumed>) = 0 [pid 340] <... futex resumed>) = ? [pid 343] chdir("./1" [pid 295] <... mkdir resumed>) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 292] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 343] <... chdir resumed>) = 0 [pid 340] +++ exited with 0 +++ [pid 308] +++ exited with 0 +++ [pid 295] <... openat resumed>) = 3 [pid 292] <... openat resumed>) = 4 [pid 295] ioctl(3, LOOP_CLR_FD [pid 292] fstat(4, [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 293] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=308, si_uid=0, si_status=0, si_utime=0, si_stime=20} --- [pid 292] <... fstat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [pid 295] close(3 [pid 293] restart_syscall(<... resuming interrupted clone ...> [pid 295] <... close resumed>) = 0 [pid 292] getdents64(4, [pid 343] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 292] <... getdents64 resumed>0x555555720760 /* 2 entries */, 32768) = 48 [pid 343] <... prctl resumed>) = 0 [pid 343] setpgid(0, 0 [pid 293] <... restart_syscall resumed>) = 0 [pid 292] getdents64(4,