./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3634137450 <...> Warning: Permanently added '10.128.0.72' (ED25519) to the list of known hosts. execve("./syz-executor3634137450", ["./syz-executor3634137450"], 0x7ffc8d409670 /* 10 vars */) = 0 brk(NULL) = 0x55557db94000 brk(0x55557db94d00) = 0x55557db94d00 arch_prctl(ARCH_SET_FS, 0x55557db94380) = 0 set_tid_address(0x55557db94650) = 5082 set_robust_list(0x55557db94660, 24) = 0 rseq(0x55557db94ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3634137450", 4096) = 28 getrandom("\x59\x5b\x8e\xef\x34\x03\x6f\x76", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x55557db94d00 brk(0x55557dbb5d00) = 0x55557dbb5d00 brk(0x55557dbb6000) = 0x55557dbb6000 mprotect(0x7f54305bb000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.g3AFSx", 0700) = 0 chmod("./syzkaller.g3AFSx", 0777) = 0 chdir("./syzkaller.g3AFSx") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5083 attached [pid 5083] set_robust_list(0x55557db94660, 24 [pid 5082] <... clone resumed>, child_tidptr=0x55557db94650) = 5083 [pid 5083] <... set_robust_list resumed>) = 0 [pid 5083] chdir("./0") = 0 [pid 5083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5083] setpgid(0, 0) = 0 [pid 5083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5083] write(3, "1000", 4) = 4 [pid 5083] close(3) = 0 [pid 5083] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5083] memfd_create("syzkaller", 0) = 3 [pid 5083] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5083] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5083] munmap(0x7f5428000000, 138412032) = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5083] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5083] close(3) = 0 [pid 5083] close(4) = 0 [pid 5083] mkdir("./file1", 0777) = 0 [ 78.760530][ T5083] loop0: detected capacity change from 0 to 2048 [pid 5083] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5083] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5083] chdir("./file1") = 0 [pid 5083] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5083] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5083] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5083] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5083] exit_group(0) = ? [pid 5083] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5083, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 78.815688][ T5083] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 78.837685][ T5083] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 78.853033][ T5083] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 78.892851][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5088 attached , child_tidptr=0x55557db94650) = 5088 [pid 5088] set_robust_list(0x55557db94660, 24) = 0 [pid 5088] chdir("./1") = 0 [pid 5088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5088] setpgid(0, 0) = 0 [pid 5088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5088] write(3, "1000", 4) = 4 [pid 5088] close(3) = 0 [pid 5088] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5088] memfd_create("syzkaller", 0) = 3 [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5088] munmap(0x7f5428000000, 138412032) = 0 [pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5088] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5088] close(3) = 0 [pid 5088] close(4) = 0 [pid 5088] mkdir("./file1", 0777) = 0 [ 79.094467][ T5088] loop0: detected capacity change from 0 to 2048 [pid 5088] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5088] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5088] chdir("./file1") = 0 [pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 79.149067][ T5088] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5088] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [ 79.196987][ T5088] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 79.211024][ T5088] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 [pid 5088] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5088] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5088] exit_group(0) = ? [pid 5088] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5088, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 79.288991][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5091 attached , child_tidptr=0x55557db94650) = 5091 [pid 5091] set_robust_list(0x55557db94660, 24) = 0 [pid 5091] chdir("./2") = 0 [pid 5091] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5091] setpgid(0, 0) = 0 [pid 5091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5091] write(3, "1000", 4) = 4 [pid 5091] close(3) = 0 [pid 5091] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5091] memfd_create("syzkaller", 0) = 3 [pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5091] munmap(0x7f5428000000, 138412032) = 0 [pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5091] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5091] close(3) = 0 [pid 5091] close(4) = 0 [pid 5091] mkdir("./file1", 0777) = 0 [ 79.510218][ T5091] loop0: detected capacity change from 0 to 2048 [pid 5091] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5091] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5091] chdir("./file1") = 0 [pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 79.568722][ T5091] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 79.594610][ T5091] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [pid 5091] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5091] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5091] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5091] exit_group(0) = ? [pid 5091] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5091, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 79.608421][ T5091] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 79.670598][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5094 attached , child_tidptr=0x55557db94650) = 5094 [pid 5094] set_robust_list(0x55557db94660, 24) = 0 [pid 5094] chdir("./3") = 0 [pid 5094] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5094] setpgid(0, 0) = 0 [pid 5094] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5094] write(3, "1000", 4) = 4 [pid 5094] close(3) = 0 [pid 5094] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5094] memfd_create("syzkaller", 0) = 3 [pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5094] munmap(0x7f5428000000, 138412032) = 0 [pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5094] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5094] close(3) = 0 [pid 5094] close(4) = 0 [pid 5094] mkdir("./file1", 0777) = 0 [ 79.868664][ T5094] loop0: detected capacity change from 0 to 2048 [pid 5094] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5094] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5094] chdir("./file1") = 0 [pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 79.919467][ T5094] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 79.948192][ T5094] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [pid 5094] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5094] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5094] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5094] exit_group(0) = ? [pid 5094] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5094, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 [ 79.962001][ T5094] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 79.996616][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5097 attached , child_tidptr=0x55557db94650) = 5097 [pid 5097] set_robust_list(0x55557db94660, 24) = 0 [pid 5097] chdir("./4") = 0 [pid 5097] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5097] setpgid(0, 0) = 0 [pid 5097] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5097] write(3, "1000", 4) = 4 [pid 5097] close(3) = 0 [pid 5097] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5097] memfd_create("syzkaller", 0) = 3 [pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5097] munmap(0x7f5428000000, 138412032) = 0 [pid 5097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5097] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5097] close(3) = 0 [pid 5097] close(4) = 0 [pid 5097] mkdir("./file1", 0777) = 0 [ 80.153391][ T5097] loop0: detected capacity change from 0 to 2048 [pid 5097] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5097] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5097] chdir("./file1") = 0 [pid 5097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 80.218750][ T5097] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 80.248014][ T5097] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [pid 5097] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5097] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5097] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5097] exit_group(0) = ? [pid 5097] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5097, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 [ 80.261881][ T5097] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 80.302482][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5100 attached , child_tidptr=0x55557db94650) = 5100 [pid 5100] set_robust_list(0x55557db94660, 24) = 0 [pid 5100] chdir("./5") = 0 [pid 5100] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5100] setpgid(0, 0) = 0 [pid 5100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5100] write(3, "1000", 4) = 4 [pid 5100] close(3) = 0 [pid 5100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5100] memfd_create("syzkaller", 0) = 3 [pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5100] munmap(0x7f5428000000, 138412032) = 0 [pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5100] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5100] close(3) = 0 [pid 5100] close(4) = 0 [pid 5100] mkdir("./file1", 0777) = 0 [ 80.500074][ T5100] loop0: detected capacity change from 0 to 2048 [pid 5100] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5100] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5100] chdir("./file1") = 0 [pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 80.542427][ T5100] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 80.577924][ T5100] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [pid 5100] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5100] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5100] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5100] exit_group(0) = ? [pid 5100] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5100, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 [ 80.592080][ T5100] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 80.657132][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5103 attached , child_tidptr=0x55557db94650) = 5103 [pid 5103] set_robust_list(0x55557db94660, 24) = 0 [pid 5103] chdir("./6") = 0 [pid 5103] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5103] setpgid(0, 0) = 0 [pid 5103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5103] write(3, "1000", 4) = 4 [pid 5103] close(3) = 0 [pid 5103] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5103] memfd_create("syzkaller", 0) = 3 [pid 5103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5103] munmap(0x7f5428000000, 138412032) = 0 [pid 5103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5103] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5103] close(3) = 0 [pid 5103] close(4) = 0 [pid 5103] mkdir("./file1", 0777) = 0 [ 80.805832][ T5103] loop0: detected capacity change from 0 to 2048 [pid 5103] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5103] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5103] chdir("./file1") = 0 [pid 5103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 80.854626][ T5103] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5103] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5103] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5103] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5103] exit_group(0) = ? [ 80.902264][ T5103] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 80.915927][ T5103] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 [pid 5103] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5103, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 80.980780][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5106 attached , child_tidptr=0x55557db94650) = 5106 [pid 5106] set_robust_list(0x55557db94660, 24) = 0 [pid 5106] chdir("./7") = 0 [pid 5106] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5106] setpgid(0, 0) = 0 [pid 5106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5106] write(3, "1000", 4) = 4 [pid 5106] close(3) = 0 [pid 5106] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5106] memfd_create("syzkaller", 0) = 3 [pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5106] munmap(0x7f5428000000, 138412032) = 0 [pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5106] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5106] close(3) = 0 [pid 5106] close(4) = 0 [pid 5106] mkdir("./file1", 0777) = 0 [ 81.147734][ T5106] loop0: detected capacity change from 0 to 2048 [pid 5106] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5106] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5106] chdir("./file1") = 0 [pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 81.198588][ T5106] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 81.217653][ T5106] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [pid 5106] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5106] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5106] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5106] exit_group(0) = ? [pid 5106] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5106, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 81.243053][ T5106] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 [ 81.281629][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. openat(AT_FDCWD, "./7/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5110 attached , child_tidptr=0x55557db94650) = 5110 [pid 5110] set_robust_list(0x55557db94660, 24) = 0 [pid 5110] chdir("./8") = 0 [pid 5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5110] setpgid(0, 0) = 0 [pid 5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5110] write(3, "1000", 4) = 4 [pid 5110] close(3) = 0 [pid 5110] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5110] memfd_create("syzkaller", 0) = 3 [pid 5110] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5110] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5110] munmap(0x7f5428000000, 138412032) = 0 [pid 5110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5110] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5110] close(3) = 0 [pid 5110] close(4) = 0 [pid 5110] mkdir("./file1", 0777) = 0 [ 81.662029][ T5110] loop0: detected capacity change from 0 to 2048 [pid 5110] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5110] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5110] chdir("./file1") = 0 [pid 5110] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 81.713683][ T5110] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 81.741401][ T5110] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [pid 5110] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5110] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5110] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5110] exit_group(0) = ? [pid 5110] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5110, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 [ 81.755503][ T5110] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 81.790144][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5113 attached , child_tidptr=0x55557db94650) = 5113 [pid 5113] set_robust_list(0x55557db94660, 24) = 0 [pid 5113] chdir("./9") = 0 [pid 5113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5113] setpgid(0, 0) = 0 [pid 5113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5113] write(3, "1000", 4) = 4 [pid 5113] close(3) = 0 [pid 5113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5113] memfd_create("syzkaller", 0) = 3 [pid 5113] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5113] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5113] munmap(0x7f5428000000, 138412032) = 0 [pid 5113] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5113] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5113] close(3) = 0 [pid 5113] close(4) = 0 [pid 5113] mkdir("./file1", 0777) = 0 [ 82.021476][ T5113] loop0: detected capacity change from 0 to 2048 [pid 5113] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5113] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5113] chdir("./file1") = 0 [pid 5113] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5113] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5113] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5113] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5113] exit_group(0) = ? [pid 5113] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5113, si_uid=0, si_status=0, si_utime=0, si_stime=11 /* 0.11 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 [ 82.070521][ T5113] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 82.090545][ T5113] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 82.104644][ T5113] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 82.150754][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5116 attached , child_tidptr=0x55557db94650) = 5116 [pid 5116] set_robust_list(0x55557db94660, 24) = 0 [pid 5116] chdir("./10") = 0 [pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5116] setpgid(0, 0) = 0 [pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5116] write(3, "1000", 4) = 4 [pid 5116] close(3) = 0 [pid 5116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5116] memfd_create("syzkaller", 0) = 3 [pid 5116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5116] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5116] munmap(0x7f5428000000, 138412032) = 0 [pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5116] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5116] close(3) = 0 [pid 5116] close(4) = 0 [pid 5116] mkdir("./file1", 0777) = 0 [ 82.365465][ T5116] loop0: detected capacity change from 0 to 2048 [pid 5116] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5116] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5116] chdir("./file1") = 0 [pid 5116] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5116] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5116] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5116] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5116] exit_group(0) = ? [pid 5116] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5116, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 82.428534][ T5116] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 82.446556][ T5116] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 82.460997][ T5116] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 82.538564][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557db94650) = 5119 ./strace-static-x86_64: Process 5119 attached [pid 5119] set_robust_list(0x55557db94660, 24) = 0 [pid 5119] chdir("./11") = 0 [pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5119] setpgid(0, 0) = 0 [pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5119] write(3, "1000", 4) = 4 [pid 5119] close(3) = 0 [pid 5119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5119] memfd_create("syzkaller", 0) = 3 [pid 5119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5119] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5119] munmap(0x7f5428000000, 138412032) = 0 [pid 5119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5119] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5119] close(3) = 0 [pid 5119] close(4) = 0 [pid 5119] mkdir("./file1", 0777) = 0 [ 82.679801][ T5119] loop0: detected capacity change from 0 to 2048 [pid 5119] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5119] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5119] chdir("./file1") = 0 [pid 5119] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5119] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5119] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5119] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5119] exit_group(0) = ? [pid 5119] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5119, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 82.719029][ T5119] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 82.746853][ T5119] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 82.760863][ T5119] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 82.842241][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5122 attached , child_tidptr=0x55557db94650) = 5122 [pid 5122] set_robust_list(0x55557db94660, 24) = 0 [pid 5122] chdir("./12") = 0 [pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5122] setpgid(0, 0) = 0 [pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5122] write(3, "1000", 4) = 4 [pid 5122] close(3) = 0 [pid 5122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5122] memfd_create("syzkaller", 0) = 3 [pid 5122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5122] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5122] munmap(0x7f5428000000, 138412032) = 0 [pid 5122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5122] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5122] close(3) = 0 [pid 5122] close(4) = 0 [pid 5122] mkdir("./file1", 0777) = 0 [ 83.005638][ T5122] loop0: detected capacity change from 0 to 2048 [pid 5122] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5122] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5122] chdir("./file1") = 0 [pid 5122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 83.058758][ T5122] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 83.087594][ T5122] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [pid 5122] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5122] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5122] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5122] exit_group(0) = ? [pid 5122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 [ 83.101299][ T5122] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 83.149843][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5125 attached , child_tidptr=0x55557db94650) = 5125 [pid 5125] set_robust_list(0x55557db94660, 24) = 0 [pid 5125] chdir("./13") = 0 [pid 5125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5125] setpgid(0, 0) = 0 [pid 5125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5125] write(3, "1000", 4) = 4 [pid 5125] close(3) = 0 [pid 5125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5125] memfd_create("syzkaller", 0) = 3 [pid 5125] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5125] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5125] munmap(0x7f5428000000, 138412032) = 0 [pid 5125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5125] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5125] close(3) = 0 [pid 5125] close(4) = 0 [pid 5125] mkdir("./file1", 0777) = 0 [ 83.358875][ T5125] loop0: detected capacity change from 0 to 2048 [pid 5125] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5125] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5125] chdir("./file1") = 0 [pid 5125] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 83.410180][ T5125] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5125] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5125] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5125] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5125] exit_group(0) = ? [pid 5125] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5125, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 83.456121][ T5125] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 83.470135][ T5125] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 83.540820][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5128 attached [pid 5128] set_robust_list(0x55557db94660, 24) = 0 [pid 5128] chdir("./14" [pid 5082] <... clone resumed>, child_tidptr=0x55557db94650) = 5128 [pid 5128] <... chdir resumed>) = 0 [pid 5128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5128] setpgid(0, 0) = 0 [pid 5128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5128] write(3, "1000", 4) = 4 [pid 5128] close(3) = 0 [pid 5128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5128] memfd_create("syzkaller", 0) = 3 [pid 5128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5128] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5128] munmap(0x7f5428000000, 138412032) = 0 [pid 5128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5128] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5128] close(3) = 0 [pid 5128] close(4) = 0 [pid 5128] mkdir("./file1", 0777) = 0 [ 83.712185][ T5128] loop0: detected capacity change from 0 to 2048 [pid 5128] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5128] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5128] chdir("./file1") = 0 [pid 5128] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 83.759719][ T5128] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5128] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5128] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5128] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5128] exit_group(0) = ? [pid 5128] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5128, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 83.798108][ T5128] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 83.811850][ T5128] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 [ 83.846787][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5131 attached , child_tidptr=0x55557db94650) = 5131 [pid 5131] set_robust_list(0x55557db94660, 24) = 0 [pid 5131] chdir("./15") = 0 [pid 5131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5131] setpgid(0, 0) = 0 [pid 5131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5131] write(3, "1000", 4) = 4 [pid 5131] close(3) = 0 [pid 5131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5131] memfd_create("syzkaller", 0) = 3 [pid 5131] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5131] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5131] munmap(0x7f5428000000, 138412032) = 0 [pid 5131] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5131] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5131] close(3) = 0 [pid 5131] close(4) = 0 [pid 5131] mkdir("./file1", 0777) = 0 [ 83.990330][ T5131] loop0: detected capacity change from 0 to 2048 [pid 5131] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5131] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5131] chdir("./file1") = 0 [pid 5131] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5131] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5131] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5131] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5131] exit_group(0) = ? [pid 5131] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5131, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 [ 84.059328][ T5131] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 84.079316][ T5131] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 84.092963][ T5131] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 84.126984][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5134 attached , child_tidptr=0x55557db94650) = 5134 [pid 5134] set_robust_list(0x55557db94660, 24) = 0 [pid 5134] chdir("./16") = 0 [pid 5134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5134] setpgid(0, 0) = 0 [pid 5134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5134] write(3, "1000", 4) = 4 [pid 5134] close(3) = 0 [pid 5134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5134] memfd_create("syzkaller", 0) = 3 [pid 5134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5134] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5134] munmap(0x7f5428000000, 138412032) = 0 [pid 5134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5134] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5134] close(3) = 0 [pid 5134] close(4) = 0 [pid 5134] mkdir("./file1", 0777) = 0 [ 84.269005][ T5134] loop0: detected capacity change from 0 to 2048 [pid 5134] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5134] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5134] chdir("./file1") = 0 [pid 5134] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5134] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5134] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5134] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5134] exit_group(0) = ? [pid 5134] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5134, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 84.328001][ T5134] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 84.349402][ T5134] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 84.363041][ T5134] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 84.422159][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5137 attached , child_tidptr=0x55557db94650) = 5137 [pid 5137] set_robust_list(0x55557db94660, 24) = 0 [pid 5137] chdir("./17") = 0 [pid 5137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5137] setpgid(0, 0) = 0 [pid 5137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5137] write(3, "1000", 4) = 4 [pid 5137] close(3) = 0 [pid 5137] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5137] memfd_create("syzkaller", 0) = 3 [pid 5137] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5137] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5137] munmap(0x7f5428000000, 138412032) = 0 [pid 5137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5137] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5137] close(3) = 0 [pid 5137] close(4) = 0 [pid 5137] mkdir("./file1", 0777) = 0 [ 84.630255][ T5137] loop0: detected capacity change from 0 to 2048 [pid 5137] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5137] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5137] chdir("./file1") = 0 [pid 5137] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 84.678050][ T5137] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5137] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5137] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5137] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5137] exit_group(0) = ? [ 84.724863][ T5137] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 84.738721][ T5137] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 [pid 5137] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5137, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 [ 84.829181][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. rmdir("./17/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5140 attached , child_tidptr=0x55557db94650) = 5140 [pid 5140] set_robust_list(0x55557db94660, 24) = 0 [pid 5140] chdir("./18") = 0 [pid 5140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5140] setpgid(0, 0) = 0 [pid 5140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5140] write(3, "1000", 4) = 4 [pid 5140] close(3) = 0 [pid 5140] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5140] memfd_create("syzkaller", 0) = 3 [pid 5140] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5140] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5140] munmap(0x7f5428000000, 138412032) = 0 [pid 5140] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5140] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5140] close(3) = 0 [pid 5140] close(4) = 0 [pid 5140] mkdir("./file1", 0777) = 0 [ 85.088573][ T5140] loop0: detected capacity change from 0 to 2048 [pid 5140] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5140] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5140] chdir("./file1") = 0 [pid 5140] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 85.138662][ T5140] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.170274][ T5140] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [pid 5140] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5140] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5140] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5140] exit_group(0) = ? [pid 5140] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5140, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 [ 85.184588][ T5140] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 [ 85.231846][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5143 attached , child_tidptr=0x55557db94650) = 5143 [pid 5143] set_robust_list(0x55557db94660, 24) = 0 [pid 5143] chdir("./19") = 0 [pid 5143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5143] setpgid(0, 0) = 0 [pid 5143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5143] write(3, "1000", 4) = 4 [pid 5143] close(3) = 0 [pid 5143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5143] memfd_create("syzkaller", 0) = 3 [pid 5143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5143] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5143] munmap(0x7f5428000000, 138412032) = 0 [pid 5143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5143] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5143] close(3) = 0 [pid 5143] close(4) = 0 [pid 5143] mkdir("./file1", 0777) = 0 [ 85.435556][ T5143] loop0: detected capacity change from 0 to 2048 [pid 5143] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5143] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5143] chdir("./file1") = 0 [pid 5143] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 85.478339][ T5143] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5143] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5143] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5143] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5143] exit_group(0) = ? [pid 5143] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5143, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 85.517146][ T5143] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 85.530954][ T5143] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 85.610687][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5146 attached , child_tidptr=0x55557db94650) = 5146 [pid 5146] set_robust_list(0x55557db94660, 24) = 0 [pid 5146] chdir("./20") = 0 [pid 5146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5146] setpgid(0, 0) = 0 [pid 5146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5146] write(3, "1000", 4) = 4 [pid 5146] close(3) = 0 [pid 5146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5146] memfd_create("syzkaller", 0) = 3 [pid 5146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5146] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5146] munmap(0x7f5428000000, 138412032) = 0 [pid 5146] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5146] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5146] close(3) = 0 [pid 5146] close(4) = 0 [pid 5146] mkdir("./file1", 0777) = 0 [pid 5146] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5146] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5146] chdir("./file1") = 0 [pid 5146] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 85.812310][ T5146] loop0: detected capacity change from 0 to 2048 [ 85.848753][ T5146] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5146] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5146] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5146] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5146] exit_group(0) = ? [pid 5146] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5146, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 [ 85.889685][ T5146] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 85.903797][ T5146] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 85.948425][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5149 attached [pid 5149] set_robust_list(0x55557db94660, 24 [pid 5082] <... clone resumed>, child_tidptr=0x55557db94650) = 5149 [pid 5149] <... set_robust_list resumed>) = 0 [pid 5149] chdir("./21") = 0 [pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5149] setpgid(0, 0) = 0 [pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5149] write(3, "1000", 4) = 4 [pid 5149] close(3) = 0 [pid 5149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5149] memfd_create("syzkaller", 0) = 3 [pid 5149] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5149] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5149] munmap(0x7f5428000000, 138412032) = 0 [pid 5149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5149] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5149] close(3) = 0 [pid 5149] close(4) = 0 [pid 5149] mkdir("./file1", 0777) = 0 [ 86.185757][ T5149] loop0: detected capacity change from 0 to 2048 [pid 5149] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5149] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5149] chdir("./file1") = 0 [pid 5149] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5149] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5149] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5149] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5149] exit_group(0) = ? [pid 5149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5149, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 [ 86.228521][ T5149] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 86.247238][ T5149] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 86.261022][ T5149] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 [ 86.295118][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 86.357188][ T8] cfg80211: failed to load regulatory.db ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5152 attached , child_tidptr=0x55557db94650) = 5152 [pid 5152] set_robust_list(0x55557db94660, 24) = 0 [pid 5152] chdir("./22") = 0 [pid 5152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5152] setpgid(0, 0) = 0 [pid 5152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5152] write(3, "1000", 4) = 4 [pid 5152] close(3) = 0 [pid 5152] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5152] memfd_create("syzkaller", 0) = 3 [pid 5152] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5152] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5152] munmap(0x7f5428000000, 138412032) = 0 [pid 5152] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5152] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5152] close(3) = 0 [pid 5152] close(4) = 0 [pid 5152] mkdir("./file1", 0777) = 0 [ 86.540991][ T5152] loop0: detected capacity change from 0 to 2048 [pid 5152] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5152] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5152] chdir("./file1") = 0 [pid 5152] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5152] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5152] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5152] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5152] exit_group(0) = ? [pid 5152] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5152, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 86.589822][ T5152] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 86.613895][ T5152] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 86.627917][ T5152] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 86.713711][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5155 attached , child_tidptr=0x55557db94650) = 5155 [pid 5155] set_robust_list(0x55557db94660, 24) = 0 [pid 5155] chdir("./23") = 0 [pid 5155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5155] setpgid(0, 0) = 0 [pid 5155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5155] write(3, "1000", 4) = 4 [pid 5155] close(3) = 0 [pid 5155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5155] memfd_create("syzkaller", 0) = 3 [pid 5155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5155] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5155] munmap(0x7f5428000000, 138412032) = 0 [pid 5155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5155] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5155] close(3) = 0 [pid 5155] close(4) = 0 [pid 5155] mkdir("./file1", 0777) = 0 [pid 5155] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5155] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5155] chdir("./file1") = 0 [pid 5155] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 86.919872][ T5155] loop0: detected capacity change from 0 to 2048 [ 86.951195][ T5155] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5155] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5155] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5155] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5155] exit_group(0) = ? [pid 5155] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5155, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 [ 86.967606][ T5155] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 86.981616][ T5155] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 87.012470][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5158 attached [pid 5158] set_robust_list(0x55557db94660, 24) = 0 [pid 5082] <... clone resumed>, child_tidptr=0x55557db94650) = 5158 [pid 5158] chdir("./24") = 0 [pid 5158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5158] setpgid(0, 0) = 0 [pid 5158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5158] write(3, "1000", 4) = 4 [pid 5158] close(3) = 0 [pid 5158] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5158] memfd_create("syzkaller", 0) = 3 [pid 5158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5158] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5158] munmap(0x7f5428000000, 138412032) = 0 [pid 5158] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5158] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5158] close(3) = 0 [pid 5158] close(4) = 0 [pid 5158] mkdir("./file1", 0777) = 0 [ 87.208261][ T5158] loop0: detected capacity change from 0 to 2048 [pid 5158] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5158] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5158] chdir("./file1") = 0 [pid 5158] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 87.247839][ T5158] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5158] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5158] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5158] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5158] exit_group(0) = ? [ 87.278907][ T5158] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 87.292561][ T5158] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 [pid 5158] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5158, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 [ 87.382219][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5161 attached , child_tidptr=0x55557db94650) = 5161 [pid 5161] set_robust_list(0x55557db94660, 24) = 0 [pid 5161] chdir("./25") = 0 [pid 5161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5161] setpgid(0, 0) = 0 [pid 5161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5161] write(3, "1000", 4) = 4 [pid 5161] close(3) = 0 [pid 5161] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5161] memfd_create("syzkaller", 0) = 3 [pid 5161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5161] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5161] munmap(0x7f5428000000, 138412032) = 0 [pid 5161] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5161] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5161] close(3) = 0 [pid 5161] close(4) = 0 [pid 5161] mkdir("./file1", 0777) = 0 [ 87.598781][ T5161] loop0: detected capacity change from 0 to 2048 [pid 5161] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5161] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5161] chdir("./file1") = 0 [pid 5161] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 87.638817][ T5161] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5161] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5161] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5161] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5161] exit_group(0) = ? [pid 5161] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5161, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 [ 87.675957][ T5161] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 87.689563][ T5161] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 [ 87.727658][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. close(4) = 0 rmdir("./25/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5164 attached , child_tidptr=0x55557db94650) = 5164 [pid 5164] set_robust_list(0x55557db94660, 24) = 0 [pid 5164] chdir("./26") = 0 [pid 5164] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5164] setpgid(0, 0) = 0 [pid 5164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5164] write(3, "1000", 4) = 4 [pid 5164] close(3) = 0 [pid 5164] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5164] memfd_create("syzkaller", 0) = 3 [pid 5164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5164] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5164] munmap(0x7f5428000000, 138412032) = 0 [pid 5164] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5164] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5164] close(3) = 0 [pid 5164] close(4) = 0 [pid 5164] mkdir("./file1", 0777) = 0 [ 87.967907][ T5164] loop0: detected capacity change from 0 to 2048 [pid 5164] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5164] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5164] chdir("./file1") = 0 [pid 5164] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 88.010079][ T5164] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 88.038518][ T5164] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [pid 5164] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5164] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5164] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5164] exit_group(0) = ? [pid 5164] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5164, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 [ 88.052685][ T5164] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 88.103803][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557db94650) = 5167 ./strace-static-x86_64: Process 5167 attached [pid 5167] set_robust_list(0x55557db94660, 24) = 0 [pid 5167] chdir("./27") = 0 [pid 5167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5167] setpgid(0, 0) = 0 [pid 5167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5167] write(3, "1000", 4) = 4 [pid 5167] close(3) = 0 [pid 5167] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5167] memfd_create("syzkaller", 0) = 3 [pid 5167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5167] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5167] munmap(0x7f5428000000, 138412032) = 0 [pid 5167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5167] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5167] close(3) = 0 [pid 5167] close(4) = 0 [pid 5167] mkdir("./file1", 0777) = 0 [ 88.300533][ T5167] loop0: detected capacity change from 0 to 2048 [pid 5167] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5167] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5167] chdir("./file1") = 0 [pid 5167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 88.348147][ T5167] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 88.376825][ T5167] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [pid 5167] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5167] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5167] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5167] exit_group(0) = ? [pid 5167] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5167, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 88.390579][ T5167] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 88.474546][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557db94650) = 5170 ./strace-static-x86_64: Process 5170 attached [pid 5170] set_robust_list(0x55557db94660, 24) = 0 [pid 5170] chdir("./28") = 0 [pid 5170] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5170] setpgid(0, 0) = 0 [pid 5170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5170] write(3, "1000", 4) = 4 [pid 5170] close(3) = 0 [pid 5170] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5170] memfd_create("syzkaller", 0) = 3 [pid 5170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5170] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5170] munmap(0x7f5428000000, 138412032) = 0 [pid 5170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5170] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5170] close(3) = 0 [pid 5170] close(4) = 0 [pid 5170] mkdir("./file1", 0777) = 0 [ 88.679435][ T5170] loop0: detected capacity change from 0 to 2048 [pid 5170] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5170] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5170] chdir("./file1") = 0 [pid 5170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 88.719103][ T5170] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5170] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5170] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5170] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5170] exit_group(0) = ? [pid 5170] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5170, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 [ 88.750030][ T5170] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 88.764532][ T5170] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 88.812567][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5174 attached , child_tidptr=0x55557db94650) = 5174 [pid 5174] set_robust_list(0x55557db94660, 24) = 0 [pid 5174] chdir("./29") = 0 [pid 5174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5174] setpgid(0, 0) = 0 [pid 5174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5174] write(3, "1000", 4) = 4 [pid 5174] close(3) = 0 [pid 5174] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5174] memfd_create("syzkaller", 0) = 3 [pid 5174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5174] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5174] munmap(0x7f5428000000, 138412032) = 0 [pid 5174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5174] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5174] close(3) = 0 [pid 5174] close(4) = 0 [pid 5174] mkdir("./file1", 0777) = 0 [ 88.990947][ T5174] loop0: detected capacity change from 0 to 2048 [pid 5174] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5174] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5174] chdir("./file1") = 0 [pid 5174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 89.038973][ T5174] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [pid 5174] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5174] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5174] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5174] exit_group(0) = ? [pid 5174] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5174, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 [ 89.080319][ T5174] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 89.094296][ T5174] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 89.131685][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5177 attached , child_tidptr=0x55557db94650) = 5177 [pid 5177] set_robust_list(0x55557db94660, 24) = 0 [pid 5177] chdir("./30") = 0 [pid 5177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5177] setpgid(0, 0) = 0 [pid 5177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5177] write(3, "1000", 4) = 4 [pid 5177] close(3) = 0 [pid 5177] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5177] memfd_create("syzkaller", 0) = 3 [pid 5177] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5177] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5177] munmap(0x7f5428000000, 138412032) = 0 [pid 5177] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5177] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5177] close(3) = 0 [pid 5177] close(4) = 0 [pid 5177] mkdir("./file1", 0777) = 0 [ 89.355081][ T5177] loop0: detected capacity change from 0 to 2048 [pid 5177] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5177] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5177] chdir("./file1") = 0 [pid 5177] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5177] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5177] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5177] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5177] exit_group(0) = ? [pid 5177] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5177, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 89.398381][ T5177] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 89.415859][ T5177] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 89.429852][ T5177] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 89.510315][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5180 attached , child_tidptr=0x55557db94650) = 5180 [pid 5180] set_robust_list(0x55557db94660, 24) = 0 [pid 5180] chdir("./31") = 0 [pid 5180] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5180] setpgid(0, 0) = 0 [pid 5180] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5180] write(3, "1000", 4) = 4 [pid 5180] close(3) = 0 [pid 5180] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5180] memfd_create("syzkaller", 0) = 3 [pid 5180] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5180] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5180] munmap(0x7f5428000000, 138412032) = 0 [pid 5180] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5180] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5180] close(3) = 0 [pid 5180] close(4) = 0 [pid 5180] mkdir("./file1", 0777) = 0 [ 89.717855][ T5180] loop0: detected capacity change from 0 to 2048 [pid 5180] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5180] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5180] chdir("./file1") = 0 [pid 5180] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5180] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5180] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5180] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5180] exit_group(0) = ? [pid 5180] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5180, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 89.769667][ T5180] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 89.790973][ T5180] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 89.805080][ T5180] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 89.881647][ T5082] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5184 attached , child_tidptr=0x55557db94650) = 5184 [pid 5184] set_robust_list(0x55557db94660, 24) = 0 [pid 5184] chdir("./32") = 0 [pid 5184] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5184] setpgid(0, 0) = 0 [pid 5184] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5184] write(3, "1000", 4) = 4 [pid 5184] close(3) = 0 [pid 5184] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5184] memfd_create("syzkaller", 0) = 3 [pid 5184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5184] munmap(0x7f5428000000, 138412032) = 0 [pid 5184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5184] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5184] close(3) = 0 [pid 5184] close(4) = 0 [pid 5184] mkdir("./file1", 0777) = 0 [ 90.105102][ T5184] loop0: detected capacity change from 0 to 2048 [pid 5184] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5184] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5184] chdir("./file1") = 0 [pid 5184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5184] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5184] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5184] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5184] exit_group(0) = ? [pid 5184] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5184, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 90.176162][ T5184] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 90.191045][ T5184] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5188 attached [pid 5188] set_robust_list(0x55557db94660, 24 [pid 5082] <... clone resumed>, child_tidptr=0x55557db94650) = 5188 [pid 5188] <... set_robust_list resumed>) = 0 [pid 5188] chdir("./33") = 0 [pid 5188] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5188] setpgid(0, 0) = 0 [pid 5188] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5188] write(3, "1000", 4) = 4 [pid 5188] close(3) = 0 [pid 5188] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5188] memfd_create("syzkaller", 0) = 3 [pid 5188] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5188] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5188] munmap(0x7f5428000000, 138412032) = 0 [pid 5188] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5188] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5188] close(3) = 0 [pid 5188] close(4) = 0 [pid 5188] mkdir("./file1", 0777) = 0 [pid 5188] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5188] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 90.409391][ T5188] loop0: detected capacity change from 0 to 2048 [pid 5188] chdir("./file1") = 0 [pid 5188] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5188] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5188] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5188] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5188] exit_group(0) = ? [pid 5188] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5188, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 90.498858][ T5188] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 90.512738][ T5188] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5191 attached [pid 5191] set_robust_list(0x55557db94660, 24) = 0 [pid 5191] chdir("./34" [pid 5082] <... clone resumed>, child_tidptr=0x55557db94650) = 5191 [pid 5191] <... chdir resumed>) = 0 [pid 5191] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5191] setpgid(0, 0) = 0 [pid 5191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5191] write(3, "1000", 4) = 4 [pid 5191] close(3) = 0 [pid 5191] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5191] memfd_create("syzkaller", 0) = 3 [pid 5191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5191] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5191] munmap(0x7f5428000000, 138412032) = 0 [pid 5191] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5191] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5191] close(3) = 0 [pid 5191] close(4) = 0 [pid 5191] mkdir("./file1", 0777) = 0 [pid 5191] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5191] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5191] chdir("./file1") = 0 [pid 5191] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 90.778847][ T5191] loop0: detected capacity change from 0 to 2048 [pid 5191] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5191] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5191] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5191] exit_group(0) = ? [pid 5191] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5191, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 [ 90.830356][ T5191] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 90.844866][ T5191] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 close(4) = 0 rmdir("./34/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5194 attached , child_tidptr=0x55557db94650) = 5194 [pid 5194] set_robust_list(0x55557db94660, 24) = 0 [pid 5194] chdir("./35") = 0 [pid 5194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5194] setpgid(0, 0) = 0 [pid 5194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5194] write(3, "1000", 4) = 4 [pid 5194] close(3) = 0 [pid 5194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5194] memfd_create("syzkaller", 0) = 3 [pid 5194] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5194] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5194] munmap(0x7f5428000000, 138412032) = 0 [pid 5194] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5194] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5194] close(3) = 0 [pid 5194] close(4) = 0 [pid 5194] mkdir("./file1", 0777) = 0 [pid 5194] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5194] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5194] chdir("./file1") = 0 [ 91.070280][ T5194] loop0: detected capacity change from 0 to 2048 [pid 5194] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5194] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5194] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5194] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5194] exit_group(0) = ? [pid 5194] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5194, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 91.147239][ T5194] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 91.160910][ T5194] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5197 attached , child_tidptr=0x55557db94650) = 5197 [pid 5197] set_robust_list(0x55557db94660, 24) = 0 [pid 5197] chdir("./36") = 0 [pid 5197] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5197] setpgid(0, 0) = 0 [pid 5197] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5197] write(3, "1000", 4) = 4 [pid 5197] close(3) = 0 [pid 5197] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5197] memfd_create("syzkaller", 0) = 3 [pid 5197] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5197] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5197] munmap(0x7f5428000000, 138412032) = 0 [pid 5197] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5197] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5197] close(3) = 0 [pid 5197] close(4) = 0 [pid 5197] mkdir("./file1", 0777) = 0 [pid 5197] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5197] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5197] chdir("./file1") = 0 [pid 5197] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 91.434207][ T5197] loop0: detected capacity change from 0 to 2048 [pid 5197] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5197] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5197] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5197] exit_group(0) = ? [pid 5197] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5197, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 91.489481][ T5197] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 91.503188][ T5197] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5201 attached , child_tidptr=0x55557db94650) = 5201 [pid 5201] set_robust_list(0x55557db94660, 24) = 0 [pid 5201] chdir("./37") = 0 [pid 5201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5201] setpgid(0, 0) = 0 [pid 5201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5201] write(3, "1000", 4) = 4 [pid 5201] close(3) = 0 [pid 5201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5201] memfd_create("syzkaller", 0) = 3 [pid 5201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5201] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5201] munmap(0x7f5428000000, 138412032) = 0 [pid 5201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5201] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5201] close(3) = 0 [pid 5201] close(4) = 0 [pid 5201] mkdir("./file1", 0777) = 0 [pid 5201] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5201] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 91.800023][ T5201] loop0: detected capacity change from 0 to 2048 [pid 5201] chdir("./file1") = 0 [pid 5201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5201] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5201] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5201] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5201] exit_group(0) = ? [pid 5201] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5201, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 [ 91.876156][ T5201] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 91.890289][ T5201] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5204 attached , child_tidptr=0x55557db94650) = 5204 [pid 5204] set_robust_list(0x55557db94660, 24) = 0 [pid 5204] chdir("./38") = 0 [pid 5204] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5204] setpgid(0, 0) = 0 [pid 5204] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5204] write(3, "1000", 4) = 4 [pid 5204] close(3) = 0 [pid 5204] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5204] memfd_create("syzkaller", 0) = 3 [pid 5204] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5204] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5204] munmap(0x7f5428000000, 138412032) = 0 [pid 5204] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5204] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5204] close(3) = 0 [pid 5204] close(4) = 0 [pid 5204] mkdir("./file1", 0777) = 0 [pid 5204] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5204] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5204] chdir("./file1") = 0 [pid 5204] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 92.140915][ T5204] loop0: detected capacity change from 0 to 2048 [pid 5204] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5204] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5204] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5204] exit_group(0) = ? [pid 5204] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5204, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 92.189930][ T5204] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 92.203552][ T5204] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5207 attached , child_tidptr=0x55557db94650) = 5207 [pid 5207] set_robust_list(0x55557db94660, 24) = 0 [pid 5207] chdir("./39") = 0 [pid 5207] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5207] setpgid(0, 0) = 0 [pid 5207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5207] write(3, "1000", 4) = 4 [pid 5207] close(3) = 0 [pid 5207] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5207] memfd_create("syzkaller", 0) = 3 [pid 5207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5207] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5207] munmap(0x7f5428000000, 138412032) = 0 [pid 5207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5207] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5207] close(3) = 0 [pid 5207] close(4) = 0 [pid 5207] mkdir("./file1", 0777) = 0 [pid 5207] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [ 92.492107][ T5207] loop0: detected capacity change from 0 to 2048 [pid 5207] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5207] chdir("./file1") = 0 [pid 5207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5207] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5207] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5207] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5207] exit_group(0) = ? [pid 5207] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5207, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 92.587718][ T5207] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 92.601448][ T5207] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5210 attached , child_tidptr=0x55557db94650) = 5210 [pid 5210] set_robust_list(0x55557db94660, 24) = 0 [pid 5210] chdir("./40") = 0 [pid 5210] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5210] setpgid(0, 0) = 0 [pid 5210] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5210] write(3, "1000", 4) = 4 [pid 5210] close(3) = 0 [pid 5210] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5210] memfd_create("syzkaller", 0) = 3 [pid 5210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5210] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5210] munmap(0x7f5428000000, 138412032) = 0 [pid 5210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5210] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5210] close(3) = 0 [pid 5210] close(4) = 0 [pid 5210] mkdir("./file1", 0777) = 0 [pid 5210] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5210] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5210] chdir("./file1") = 0 [pid 5210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 92.881229][ T5210] loop0: detected capacity change from 0 to 2048 [pid 5210] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5210] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5210] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5210] exit_group(0) = ? [pid 5210] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5210, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 [ 92.936631][ T5210] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 92.950432][ T5210] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5213 attached , child_tidptr=0x55557db94650) = 5213 [pid 5213] set_robust_list(0x55557db94660, 24) = 0 [pid 5213] chdir("./41") = 0 [pid 5213] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5213] setpgid(0, 0) = 0 [pid 5213] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5213] write(3, "1000", 4) = 4 [pid 5213] close(3) = 0 [pid 5213] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5213] memfd_create("syzkaller", 0) = 3 [pid 5213] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5213] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5213] munmap(0x7f5428000000, 138412032) = 0 [pid 5213] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5213] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5213] close(3) = 0 [pid 5213] close(4) = 0 [pid 5213] mkdir("./file1", 0777) = 0 [pid 5213] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5213] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5213] chdir("./file1") = 0 [pid 5213] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 93.160088][ T5213] loop0: detected capacity change from 0 to 2048 [pid 5213] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5213] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5213] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [ 93.217904][ T5213] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 93.232042][ T5213] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 [pid 5213] exit_group(0) = ? [pid 5213] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5213, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5216 attached , child_tidptr=0x55557db94650) = 5216 [pid 5216] set_robust_list(0x55557db94660, 24) = 0 [pid 5216] chdir("./42") = 0 [pid 5216] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5216] setpgid(0, 0) = 0 [pid 5216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5216] write(3, "1000", 4) = 4 [pid 5216] close(3) = 0 [pid 5216] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5216] memfd_create("syzkaller", 0) = 3 [pid 5216] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5216] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5216] munmap(0x7f5428000000, 138412032) = 0 [pid 5216] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5216] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5216] close(3) = 0 [pid 5216] close(4) = 0 [pid 5216] mkdir("./file1", 0777) = 0 [ 93.607105][ T5216] loop0: detected capacity change from 0 to 2048 [pid 5216] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5216] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5216] chdir("./file1") = 0 [pid 5216] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5216] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5216] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5216] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5216] exit_group(0) = ? [pid 5216] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5216, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 93.709054][ T5216] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 93.722803][ T5216] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5219 attached , child_tidptr=0x55557db94650) = 5219 [pid 5219] set_robust_list(0x55557db94660, 24) = 0 [pid 5219] chdir("./43") = 0 [pid 5219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5219] setpgid(0, 0) = 0 [pid 5219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5219] write(3, "1000", 4) = 4 [pid 5219] close(3) = 0 [pid 5219] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5219] memfd_create("syzkaller", 0) = 3 [pid 5219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5219] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5219] munmap(0x7f5428000000, 138412032) = 0 [pid 5219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5219] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5219] close(3) = 0 [pid 5219] close(4) = 0 [pid 5219] mkdir("./file1", 0777) = 0 [pid 5219] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5219] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5219] chdir("./file1") = 0 [pid 5219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 93.994097][ T5219] loop0: detected capacity change from 0 to 2048 [pid 5219] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5219] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5219] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5219] exit_group(0) = ? [pid 5219] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5219, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 [ 94.067073][ T5219] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 94.080796][ T5219] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5222 attached , child_tidptr=0x55557db94650) = 5222 [pid 5222] set_robust_list(0x55557db94660, 24) = 0 [pid 5222] chdir("./44") = 0 [pid 5222] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5222] setpgid(0, 0) = 0 [pid 5222] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5222] write(3, "1000", 4) = 4 [pid 5222] close(3) = 0 [pid 5222] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5222] memfd_create("syzkaller", 0) = 3 [pid 5222] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5222] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5222] munmap(0x7f5428000000, 138412032) = 0 [pid 5222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5222] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5222] close(3) = 0 [pid 5222] close(4) = 0 [pid 5222] mkdir("./file1", 0777) = 0 [pid 5222] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5222] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5222] chdir("./file1") = 0 [pid 5222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 94.300927][ T5222] loop0: detected capacity change from 0 to 2048 [pid 5222] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5222] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5222] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5222] exit_group(0) = ? [pid 5222] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5222, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 [ 94.357447][ T5222] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 94.371578][ T5222] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55557db94650) = 5225 ./strace-static-x86_64: Process 5225 attached [pid 5225] set_robust_list(0x55557db94660, 24) = 0 [pid 5225] chdir("./45") = 0 [pid 5225] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5225] setpgid(0, 0) = 0 [pid 5225] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5225] write(3, "1000", 4) = 4 [pid 5225] close(3) = 0 [pid 5225] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5225] memfd_create("syzkaller", 0) = 3 [pid 5225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5225] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5225] munmap(0x7f5428000000, 138412032) = 0 [pid 5225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5225] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5225] close(3) = 0 [pid 5225] close(4) = 0 [pid 5225] mkdir("./file1", 0777) = 0 [pid 5225] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5225] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5225] chdir("./file1") = 0 [pid 5225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 94.577959][ T5225] loop0: detected capacity change from 0 to 2048 [pid 5225] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5225] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5225] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5225] exit_group(0) = ? [pid 5225] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5225, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 94.626143][ T5225] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 94.640325][ T5225] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5228 attached , child_tidptr=0x55557db94650) = 5228 [pid 5228] set_robust_list(0x55557db94660, 24) = 0 [pid 5228] chdir("./46") = 0 [pid 5228] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5228] setpgid(0, 0) = 0 [pid 5228] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5228] write(3, "1000", 4) = 4 [pid 5228] close(3) = 0 [pid 5228] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5228] memfd_create("syzkaller", 0) = 3 [pid 5228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5228] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5228] munmap(0x7f5428000000, 138412032) = 0 [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5228] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5228] close(3) = 0 [pid 5228] close(4) = 0 [pid 5228] mkdir("./file1", 0777) = 0 [pid 5228] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5228] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5228] chdir("./file1") = 0 [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 94.913520][ T5228] loop0: detected capacity change from 0 to 2048 [pid 5228] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5228] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5228] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5228] exit_group(0) = ? [pid 5228] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5228, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 94.967219][ T5228] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 94.981257][ T5228] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5231 attached , child_tidptr=0x55557db94650) = 5231 [pid 5231] set_robust_list(0x55557db94660, 24) = 0 [pid 5231] chdir("./47") = 0 [pid 5231] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5231] setpgid(0, 0) = 0 [pid 5231] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5231] write(3, "1000", 4) = 4 [pid 5231] close(3) = 0 [pid 5231] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5231] memfd_create("syzkaller", 0) = 3 [pid 5231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5231] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5231] munmap(0x7f5428000000, 138412032) = 0 [pid 5231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5231] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5231] close(3) = 0 [pid 5231] close(4) = 0 [pid 5231] mkdir("./file1", 0777) = 0 [pid 5231] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5231] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5231] chdir("./file1") = 0 [pid 5231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 95.254033][ T5231] loop0: detected capacity change from 0 to 2048 [pid 5231] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5231] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5231] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5231] exit_group(0) = ? [pid 5231] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5231, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 95.311524][ T5231] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 95.325239][ T5231] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5234 attached , child_tidptr=0x55557db94650) = 5234 [pid 5234] set_robust_list(0x55557db94660, 24) = 0 [pid 5234] chdir("./48") = 0 [pid 5234] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5234] setpgid(0, 0) = 0 [pid 5234] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5234] write(3, "1000", 4) = 4 [pid 5234] close(3) = 0 [pid 5234] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5234] memfd_create("syzkaller", 0) = 3 [pid 5234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5234] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5234] munmap(0x7f5428000000, 138412032) = 0 [pid 5234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5234] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5234] close(3) = 0 [pid 5234] close(4) = 0 [pid 5234] mkdir("./file1", 0777) = 0 [pid 5234] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5234] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [ 95.667372][ T5234] loop0: detected capacity change from 0 to 2048 [pid 5234] chdir("./file1") = 0 [pid 5234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5234] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5234] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5234] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5234] exit_group(0) = ? [pid 5234] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5234, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 [ 95.750943][ T5234] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 95.764829][ T5234] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5237 attached , child_tidptr=0x55557db94650) = 5237 [pid 5237] set_robust_list(0x55557db94660, 24) = 0 [pid 5237] chdir("./49") = 0 [pid 5237] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5237] setpgid(0, 0) = 0 [pid 5237] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5237] write(3, "1000", 4) = 4 [pid 5237] close(3) = 0 [pid 5237] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5237] memfd_create("syzkaller", 0) = 3 [pid 5237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5237] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5237] munmap(0x7f5428000000, 138412032) = 0 [pid 5237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5237] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5237] close(3) = 0 [pid 5237] close(4) = 0 [pid 5237] mkdir("./file1", 0777) = 0 [pid 5237] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5237] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5237] chdir("./file1") = 0 [pid 5237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 96.023798][ T5237] loop0: detected capacity change from 0 to 2048 [pid 5237] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5237] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5237] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5237] exit_group(0) = ? [pid 5237] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5237, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [ 96.079850][ T5237] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 96.093876][ T5237] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5241 attached , child_tidptr=0x55557db94650) = 5241 [pid 5241] set_robust_list(0x55557db94660, 24) = 0 [pid 5241] chdir("./50") = 0 [pid 5241] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5241] setpgid(0, 0) = 0 [pid 5241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5241] write(3, "1000", 4) = 4 [pid 5241] close(3) = 0 [pid 5241] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5241] memfd_create("syzkaller", 0) = 3 [pid 5241] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5241] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5241] munmap(0x7f5428000000, 138412032) = 0 [pid 5241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5241] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5241] close(3) = 0 [pid 5241] close(4) = 0 [pid 5241] mkdir("./file1", 0777) = 0 [ 96.344591][ T5241] loop0: detected capacity change from 0 to 2048 [pid 5241] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5241] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5241] chdir("./file1") = 0 [pid 5241] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5241] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5241] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5241] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5241] exit_group(0) = ? [pid 5241] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5241, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 [ 96.425504][ T5241] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 96.439315][ T5241] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5244 attached , child_tidptr=0x55557db94650) = 5244 [pid 5244] set_robust_list(0x55557db94660, 24) = 0 [pid 5244] chdir("./51") = 0 [pid 5244] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5244] setpgid(0, 0) = 0 [pid 5244] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5244] write(3, "1000", 4) = 4 [pid 5244] close(3) = 0 [pid 5244] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5244] memfd_create("syzkaller", 0) = 3 [pid 5244] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5244] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5244] munmap(0x7f5428000000, 138412032) = 0 [pid 5244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5244] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5244] close(3) = 0 [pid 5244] close(4) = 0 [pid 5244] mkdir("./file1", 0777) = 0 [pid 5244] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5244] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5244] chdir("./file1") = 0 [pid 5244] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 96.685525][ T5244] loop0: detected capacity change from 0 to 2048 [pid 5244] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5244] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5244] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5244] exit_group(0) = ? [pid 5244] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5244, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 96.733202][ T5244] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 96.746965][ T5244] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5247 attached , child_tidptr=0x55557db94650) = 5247 [pid 5247] set_robust_list(0x55557db94660, 24) = 0 [pid 5247] chdir("./52") = 0 [pid 5247] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5247] setpgid(0, 0) = 0 [pid 5247] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5247] write(3, "1000", 4) = 4 [pid 5247] close(3) = 0 [pid 5247] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5247] memfd_create("syzkaller", 0) = 3 [pid 5247] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5247] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5247] munmap(0x7f5428000000, 138412032) = 0 [pid 5247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5247] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5247] close(3) = 0 [pid 5247] close(4) = 0 [pid 5247] mkdir("./file1", 0777) = 0 [pid 5247] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5247] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5247] chdir("./file1") = 0 [pid 5247] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 96.998746][ T5247] loop0: detected capacity change from 0 to 2048 [pid 5247] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5247] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5247] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5247] exit_group(0) = ? [pid 5247] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5247, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 97.049034][ T5247] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 97.063019][ T5247] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5250 attached , child_tidptr=0x55557db94650) = 5250 [pid 5250] set_robust_list(0x55557db94660, 24) = 0 [pid 5250] chdir("./53") = 0 [pid 5250] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5250] setpgid(0, 0) = 0 [pid 5250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5250] write(3, "1000", 4) = 4 [pid 5250] close(3) = 0 [pid 5250] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5250] memfd_create("syzkaller", 0) = 3 [pid 5250] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5250] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5250] munmap(0x7f5428000000, 138412032) = 0 [pid 5250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5250] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5250] close(3) = 0 [pid 5250] close(4) = 0 [pid 5250] mkdir("./file1", 0777) = 0 [pid 5250] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5250] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5250] chdir("./file1") = 0 [pid 5250] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [ 97.356623][ T5250] loop0: detected capacity change from 0 to 2048 [pid 5250] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5250] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5250] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5250] exit_group(0) = ? [ 97.413195][ T5250] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 97.427107][ T5250] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 [pid 5250] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5250, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5253 attached , child_tidptr=0x55557db94650) = 5253 [pid 5253] set_robust_list(0x55557db94660, 24) = 0 [pid 5253] chdir("./54") = 0 [pid 5253] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5253] setpgid(0, 0) = 0 [pid 5253] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5253] write(3, "1000", 4) = 4 [pid 5253] close(3) = 0 [pid 5253] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5253] memfd_create("syzkaller", 0) = 3 [pid 5253] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5253] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5253] munmap(0x7f5428000000, 138412032) = 0 [pid 5253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5253] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5253] close(3) = 0 [pid 5253] close(4) = 0 [pid 5253] mkdir("./file1", 0777) = 0 [ 97.668241][ T5253] loop0: detected capacity change from 0 to 2048 [pid 5253] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5253] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5253] chdir("./file1") = 0 [pid 5253] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5253] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5253] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 5253] ioctl(4, _IOC(_IOC_NONE, 0x66, 0x11, 0), 0) = 0 [pid 5253] exit_group(0) = ? [pid 5253] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5253, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- [ 97.753125][ T5253] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 97.767216][ T5253] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x55557db956f0 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file1", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x55557db9d730 /* 2 entries */, 32768) = 48 getdents64(4, 0x55557db9d730 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file1") = 0 getdents64(3, 0x55557db956f0 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5256 attached , child_tidptr=0x55557db94650) = 5256 [pid 5256] set_robust_list(0x55557db94660, 24) = 0 [pid 5256] chdir("./55") = 0 [pid 5256] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5256] setpgid(0, 0) = 0 [pid 5256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5256] write(3, "1000", 4) = 4 [pid 5256] close(3) = 0 [pid 5256] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5256] memfd_create("syzkaller", 0) = 3 [pid 5256] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5428000000 [pid 5256] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5256] munmap(0x7f5428000000, 138412032) = 0 [pid 5256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5256] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5256] close(3) = 0 [pid 5256] close(4) = 0 [pid 5256] mkdir("./file1", 0777) = 0 [pid 5256] mount("/dev/loop0", "./file1", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 5256] openat(AT_FDCWD, "./file1", O_RDONLY|O_DIRECTORY) = 3 [pid 5256] chdir("./file1") = 0 [ 98.042240][ T5256] loop0: detected capacity change from 0 to 2048 [pid 5256] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5256] setxattr("./file1", "trusted.overlay.upper", "\x00\xfb\x01\x00\x00\x40\xdf\xf8\xc0\x22\x8d\xac\x60\x34\x23\xee\x2e\x31\x02\xf6\x88\x5a\x21\xcc\xa8\xb8\x03\x14\x64\x9e\x7a\x83\x4f\xa4\xb3\x22\xfc\x9c\x5e\xde\x6b\xfe\x93\x10\xec\x9d\x7e\x2b\x9b\x39\x27\xc3\xbe\xf0\xb0\xec\x7d\x27\x43\x4c\x4a\x30\xad\xd4\xd8\xca\xac\x31\x38\x05\x7c\x3e\xdf\xb4\x18\x4f\x53\xbb\x2b\xdb\x65\x00\xa4\x00\x07\x0a\xa9\xdc\xfc\x13\x76\x20\xdc\xbc\xd1\xba\xe3\xc1\x65\xf3"..., 1793, 0) = -1 EUCLEAN (Structure needs cleaning) [pid 5256] openat(AT_FDCWD, "blkio.bfq.io_serviced_recursive", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [ 98.107836][ T5256] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz-executor363: bg 0: block 52: invalid block bitmap [ 98.121944][ T5256] EXT4-fs error (device loop0): ext4_xattr_block_set:2228: inode #15: comm syz-executor363: bad block 0 [ 98.146565][ T5256] ------------[ cut here ]------------ [ 98.152095][ T5256] Looking for class "&ei->i_data_sem" with key init_once.__key.798, but found a different class "&ei->i_data_sem" with the same key [ 98.165752][ T5256] WARNING: CPU: 1 PID: 5256 at kernel/locking/lockdep.c:935 look_up_lock_class+0xdc/0x160 [ 98.175705][ T5256] Modules linked in: [ 98.179621][ T5256] CPU: 1 PID: 5256 Comm: syz-executor363 Not tainted 6.9.0-rc5-syzkaller-00031-g71b1543c83d6 #0 [ 98.190071][ T5256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 98.200153][ T5256] RIP: 0010:look_up_lock_class+0xdc/0x160 [ 98.205915][ T5256] Code: 01 0f 85 80 00 00 00 c6 05 1c b1 13 04 01 90 49 8b 16 49 8b 76 18 48 8b 8b b8 00 00 00 48 c7 c7 40 d9 ca 8b e8 75 ba d8 f5 90 <0f> 0b 90 90 eb 57 90 e8 08 ba 2b f9 48 c7 c7 80 d8 ca 8b 89 de e8 [ 98.225536][ T5256] RSP: 0018:ffffc90002e5f570 EFLAGS: 00010046 [ 98.231615][ T5256] RAX: f59c66d3706f6900 RBX: ffffffff92c67988 RCX: ffff888027035a00 [ 98.239596][ T5256] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 98.247572][ T5256] RBP: ffffc90002e5f680 R08: ffffffff81588072 R09: 1ffff110172a519a [ 98.255558][ T5256] R10: dffffc0000000000 R11: ffffed10172a519b R12: ffff88807698c888 [ 98.263537][ T5256] R13: ffff88807698c888 R14: ffff88807698c888 R15: ffffffff9485aec1 [ 98.271521][ T5256] FS: 000055557db94380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 98.280463][ T5256] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 98.287062][ T5256] CR2: 00007f54305bf0f8 CR3: 00000000755a8000 CR4: 0000000000350ef0 [ 98.295052][ T5256] Call Trace: [ 98.298344][ T5256] [ 98.301283][ T5256] ? __warn+0x163/0x4e0 [ 98.305476][ T5256] ? look_up_lock_class+0xdc/0x160 [ 98.310609][ T5256] ? report_bug+0x2b3/0x500 [ 98.315130][ T5256] ? look_up_lock_class+0xdc/0x160 [ 98.320261][ T5256] ? handle_bug+0x3e/0x70 [ 98.324615][ T5256] ? exc_invalid_op+0x1a/0x50 [ 98.329311][ T5256] ? asm_exc_invalid_op+0x1a/0x20 [ 98.334378][ T5256] ? __warn_printk+0x292/0x360 [ 98.339173][ T5256] ? look_up_lock_class+0xdc/0x160 [ 98.344307][ T5256] register_lock_class+0x102/0x980 [ 98.349435][ T5256] ? __pfx_register_lock_class+0x10/0x10 [ 98.355167][ T5256] ? __pfx_register_lock_class+0x10/0x10 [ 98.360819][ T5256] ? srso_alias_return_thunk+0x5/0xfbef5 [ 98.366482][ T5256] __lock_acquire+0xda/0x1fd0 [ 98.371187][ T5256] lock_acquire+0x1ed/0x550 [ 98.375707][ T5256] ? ext4_ioctl+0x4120/0x5590 [ 98.380410][ T5256] ? __pfx_lock_acquire+0x10/0x10 [ 98.385450][ T5256] ? __pfx___might_resched+0x10/0x10 [ 98.390751][ T5256] ? __down_write_common+0x162/0x200 [ 98.396061][ T5256] ? __pfx___down_write_common+0x10/0x10 [ 98.401717][ T5256] ? srso_alias_return_thunk+0x5/0xfbef5 [ 98.407368][ T5256] ? ext4_journal_check_start+0x175/0x250 [ 98.413110][ T5256] down_write_nested+0x3d/0x50 [ 98.417895][ T5256] ? ext4_ioctl+0x4120/0x5590 [ 98.422606][ T5256] ext4_ioctl+0x4120/0x5590 [ 98.427139][ T5256] ? kasan_save_track+0x3f/0x80 [ 98.432008][ T5256] ? kasan_save_free_info+0x40/0x50 [ 98.437230][ T5256] ? srso_alias_return_thunk+0x5/0xfbef5 [ 98.442878][ T5256] ? do_vfs_ioctl+0x1e77/0x2e50 [ 98.447751][ T5256] ? __pfx_ext4_ioctl+0x10/0x10 [ 98.452655][ T5256] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 98.457704][ T5256] ? srso_alias_return_thunk+0x5/0xfbef5 [ 98.463360][ T5256] ? srso_alias_return_thunk+0x5/0xfbef5 [ 98.469015][ T5256] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 98.475354][ T5256] ? tomoyo_path_number_perm+0x208/0x880 [ 98.481026][ T5256] ? __pfx_lock_release+0x10/0x10 [ 98.486060][ T5256] ? srso_alias_return_thunk+0x5/0xfbef5 [ 98.491713][ T5256] ? srso_alias_return_thunk+0x5/0xfbef5 [ 98.497362][ T5256] ? kfree+0x153/0x3a0 [ 98.501460][ T5256] ? srso_alias_return_thunk+0x5/0xfbef5 [ 98.507120][ T5256] ? tomoyo_path_number_perm+0x71a/0x880 [ 98.512780][ T5256] ? tomoyo_path_number_perm+0x208/0x880 [ 98.518435][ T5256] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 98.524448][ T5256] ? srso_alias_return_thunk+0x5/0xfbef5 [ 98.530141][ T5256] ? __pfx_ptrace_notify+0x10/0x10 [ 98.535272][ T5256] ? srso_alias_return_thunk+0x5/0xfbef5 [ 98.540923][ T5256] ? srso_alias_return_thunk+0x5/0xfbef5 [ 98.546573][ T5256] ? security_file_ioctl+0x87/0xb0 [ 98.551710][ T5256] ? __pfx_ext4_ioctl+0x10/0x10 [ 98.556587][ T5256] __se_sys_ioctl+0xfe/0x170 [ 98.561239][ T5256] do_syscall_64+0xf5/0x240 [ 98.565918][ T5256] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.571845][ T5256] RIP: 0033:0x7f54305461e9 [ 98.576283][ T5256] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 98.595933][ T5256] RSP: 002b:00007ffde1be7238 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 98.604377][ T5256] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f54305461e9 [ 98.612373][ T5256] RDX: 0000000000000000 RSI: 0000000000006611 RDI: 0000000000000004 [ 98.620370][ T5256] RBP: 00000000ffffffff R08: 0000000002000480 R09: 0000000002000480 [ 98.628394][ T5256] R10: 0000000002000480 R11: 0000000000000246 R12: 00007ffde1be7280 [ 98.636392][ T5256] R13: 00007ffde1be72c0 R14: 0000000000100000 R15: 0000000000000003 [ 98.644390][ T5256] [ 98.647417][ T5256] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 98.654700][ T5256] CPU: 1 PID: 5256 Comm: syz-executor363 Not tainted 6.9.0-rc5-syzkaller-00031-g71b1543c83d6 #0 [ 98.665125][ T5256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 98.675193][ T5256] Call Trace: [ 98.678483][ T5256] [ 98.681419][ T5256] dump_stack_lvl+0x241/0x360 [ 98.686135][ T5256] ? __pfx_dump_stack_lvl+0x10/0x10 [ 98.691356][ T5256] ? __pfx__printk+0x10/0x10 [ 98.695968][ T5256] ? _printk+0xd5/0x120 [ 98.700151][ T5256] ? srso_alias_return_thunk+0x5/0xfbef5 [ 98.705818][ T5256] ? vscnprintf+0x5d/0x90 [ 98.710171][ T5256] panic+0x349/0x860 [ 98.714101][ T5256] ? __warn+0x172/0x4e0 [ 98.718302][ T5256] ? __pfx_panic+0x10/0x10 [ 98.722746][ T5256] ? show_trace_log_lvl+0x4e6/0x520 [ 98.727983][ T5256] __warn+0x346/0x4e0 [ 98.732000][ T5256] ? look_up_lock_class+0xdc/0x160 [ 98.737148][ T5256] report_bug+0x2b3/0x500 [ 98.741506][ T5256] ? look_up_lock_class+0xdc/0x160 [ 98.746650][ T5256] handle_bug+0x3e/0x70 [ 98.750855][ T5256] exc_invalid_op+0x1a/0x50 [ 98.755477][ T5256] asm_exc_invalid_op+0x1a/0x20 [ 98.760347][ T5256] RIP: 0010:look_up_lock_class+0xdc/0x160 [ 98.766094][ T5256] Code: 01 0f 85 80 00 00 00 c6 05 1c b1 13 04 01 90 49 8b 16 49 8b 76 18 48 8b 8b b8 00 00 00 48 c7 c7 40 d9 ca 8b e8 75 ba d8 f5 90 <0f> 0b 90 90 eb 57 90 e8 08 ba 2b f9 48 c7 c7 80 d8 ca 8b 89 de e8 [ 98.785712][ T5256] RSP: 0018:ffffc90002e5f570 EFLAGS: 00010046 [ 98.791800][ T5256] RAX: f59c66d3706f6900 RBX: ffffffff92c67988 RCX: ffff888027035a00 [ 98.799786][ T5256] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 98.807789][ T5256] RBP: ffffc90002e5f680 R08: ffffffff81588072 R09: 1ffff110172a519a [ 98.815800][ T5256] R10: dffffc0000000000 R11: ffffed10172a519b R12: ffff88807698c888 [ 98.823799][ T5256] R13: ffff88807698c888 R14: ffff88807698c888 R15: ffffffff9485aec1 [ 98.831802][ T5256] ? __warn_printk+0x292/0x360 [ 98.836623][ T5256] register_lock_class+0x102/0x980 [ 98.841756][ T5256] ? __pfx_register_lock_class+0x10/0x10 [ 98.847406][ T5256] ? __pfx_register_lock_class+0x10/0x10 [ 98.853065][ T5256] ? srso_alias_return_thunk+0x5/0xfbef5 [ 98.858740][ T5256] __lock_acquire+0xda/0x1fd0 [ 98.863447][ T5256] lock_acquire+0x1ed/0x550 [ 98.867961][ T5256] ? ext4_ioctl+0x4120/0x5590 [ 98.872668][ T5256] ? __pfx_lock_acquire+0x10/0x10 [ 98.877708][ T5256] ? __pfx___might_resched+0x10/0x10 [ 98.883005][ T5256] ? __down_write_common+0x162/0x200 [ 98.888316][ T5256] ? __pfx___down_write_common+0x10/0x10 [ 98.893984][ T5256] ? srso_alias_return_thunk+0x5/0xfbef5 [ 98.899646][ T5256] ? ext4_journal_check_start+0x175/0x250 [ 98.905401][ T5256] down_write_nested+0x3d/0x50 [ 98.910185][ T5256] ? ext4_ioctl+0x4120/0x5590 [ 98.914895][ T5256] ext4_ioctl+0x4120/0x5590 [ 98.919428][ T5256] ? kasan_save_track+0x3f/0x80 [ 98.924299][ T5256] ? kasan_save_free_info+0x40/0x50 [ 98.929529][ T5256] ? srso_alias_return_thunk+0x5/0xfbef5 [ 98.935180][ T5256] ? do_vfs_ioctl+0x1e77/0x2e50 [ 98.940053][ T5256] ? __pfx_ext4_ioctl+0x10/0x10 [ 98.944933][ T5256] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 98.949986][ T5256] ? srso_alias_return_thunk+0x5/0xfbef5 [ 98.955639][ T5256] ? srso_alias_return_thunk+0x5/0xfbef5 [ 98.961290][ T5256] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 98.967636][ T5256] ? tomoyo_path_number_perm+0x208/0x880 [ 98.973291][ T5256] ? __pfx_lock_release+0x10/0x10 [ 98.978327][ T5256] ? srso_alias_return_thunk+0x5/0xfbef5 [ 98.984005][ T5256] ? srso_alias_return_thunk+0x5/0xfbef5 [ 98.989695][ T5256] ? kfree+0x153/0x3a0 [ 98.993794][ T5256] ? srso_alias_return_thunk+0x5/0xfbef5 [ 98.999461][ T5256] ? tomoyo_path_number_perm+0x71a/0x880 [ 99.005143][ T5256] ? tomoyo_path_number_perm+0x208/0x880 [ 99.010815][ T5256] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 99.016838][ T5256] ? srso_alias_return_thunk+0x5/0xfbef5 [ 99.022529][ T5256] ? __pfx_ptrace_notify+0x10/0x10 [ 99.027677][ T5256] ? srso_alias_return_thunk+0x5/0xfbef5 [ 99.033338][ T5256] ? srso_alias_return_thunk+0x5/0xfbef5 [ 99.038997][ T5256] ? security_file_ioctl+0x87/0xb0 [ 99.044153][ T5256] ? __pfx_ext4_ioctl+0x10/0x10 [ 99.049049][ T5256] __se_sys_ioctl+0xfe/0x170 [ 99.053673][ T5256] do_syscall_64+0xf5/0x240 [ 99.058209][ T5256] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.064123][ T5256] RIP: 0033:0x7f54305461e9 [ 99.068558][ T5256] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 21 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 99.088175][ T5256] RSP: 002b:00007ffde1be7238 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 99.096608][ T5256] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f54305461e9 [ 99.104587][ T5256] RDX: 0000000000000000 RSI: 0000000000006611 RDI: 0000000000000004 [ 99.112562][ T5256] RBP: 00000000ffffffff R08: 0000000002000480 R09: 0000000002000480 [ 99.120548][ T5256] R10: 0000000002000480 R11: 0000000000000246 R12: 00007ffde1be7280 [ 99.128534][ T5256] R13: 00007ffde1be72c0 R14: 0000000000100000 R15: 0000000000000003 [ 99.136531][ T5256] [ 99.139792][ T5256] Kernel Offset: disabled [ 99.144127][ T5256] Rebooting in 86400 seconds..